Timeshare security
From PeacockWiki
Revision as of 11:23, 20 September 2005 (edit) Trevorp (Talk | contribs) ← Previous diff |
Revision as of 11:33, 20 September 2005 (edit) Trevorp (Talk | contribs) Next diff → |
||
Line 1: | Line 1: | ||
==Overview== | ==Overview== | ||
Page security in timeshare revolves around the Auth object (in lib/auth.php). An instance of this object is available from all smarty HTML (*.smarty) templates in the form of a variable 'user' ($user). | Page security in timeshare revolves around the Auth object (in lib/auth.php). An instance of this object is available from all smarty HTML (*.smarty) templates in the form of a variable 'user' ($user). | ||
+ | |||
+ | Auth provides login/logout methods, and a facility to define users that should have access to a specific page, and what access they should have. | ||
+ | |||
+ | ==Auth object== | ||
+ | In addition to the following functions, Auth stores a DBDataObject representing the currently logged in user. methods and functions are forwarded to the DBDataObject allowing Auth to act as if it was the DBDataObject. This allows the programmer to easily access the DBDataObject from smarty. This should rarely be required as Auth should handle most needed functions through its own methods. | ||
+ | |||
+ | ===get_user_id()=== | ||
+ | ===get_user()=== | ||
+ | ===get_user_name()=== | ||
+ | ===static function get_auth()=== | ||
+ | ===__get($name)=== | ||
+ | ===__set($nm, $val)=== | ||
+ | ===__call($n, $p)=== | ||
+ | ===login($username, $password)=== | ||
+ | ===logout()=== | ||
+ | ===is_authenticated()=== | ||
+ | ===define($role_name = 'access', $access = true)=== | ||
+ | add a user to a role | ||
+ | ===define_user($role_name, $user)=== | ||
+ | add a user to a role if they are the required user | ||
+ | ===define_group($role_name, $group = null)=== | ||
+ | add a user to a role if they are in the required group | ||
+ | ===define_manager($role_name, $group = '%')=== | ||
+ | add user to a role if they manage the specified group | ||
+ | ===define_authenticated($role_name = 'access')=== | ||
+ | ===define_not_authenticated($role_name = 'access')=== | ||
+ | ===define_everybody($role_name = 'access')=== | ||
+ | ===define_admin($role_name = 'access')=== | ||
+ | ===define_supervisor($role_name = 'access')=== | ||
+ | ===count_roles()=== | ||
+ | ===can($role = null)=== | ||
+ | ===static function auth_error($error = true)=== | ||
+ | ===end_auth($error = true)=== | ||
+ | |||
==Notes== | ==Notes== |
Revision as of 11:33, 20 September 2005
Overview
Page security in timeshare revolves around the Auth object (in lib/auth.php). An instance of this object is available from all smarty HTML (*.smarty) templates in the form of a variable 'user' ($user).
Auth provides login/logout methods, and a facility to define users that should have access to a specific page, and what access they should have.
Auth object
In addition to the following functions, Auth stores a DBDataObject representing the currently logged in user. methods and functions are forwarded to the DBDataObject allowing Auth to act as if it was the DBDataObject. This allows the programmer to easily access the DBDataObject from smarty. This should rarely be required as Auth should handle most needed functions through its own methods.
get_user_id()
get_user()
get_user_name()
static function get_auth()
__get($name)
__set($nm, $val)
__call($n, $p)
login($username, $password)
logout()
is_authenticated()
define($role_name = 'access', $access = true)
add a user to a role
define_user($role_name, $user)
add a user to a role if they are the required user
define_group($role_name, $group = null)
add a user to a role if they are in the required group
define_manager($role_name, $group = '%')
add user to a role if they manage the specified group
define_authenticated($role_name = 'access')
define_not_authenticated($role_name = 'access')
define_everybody($role_name = 'access')
define_admin($role_name = 'access')
define_supervisor($role_name = 'access')
count_roles()
can($role = null)
static function auth_error($error = true)
end_auth($error = true)
Notes
As it is intended most processing is done in smarty, there is one known disadvantage in the syntax of smarty tags.
{generate_data_object var="statusreport" query="statusreport" id=$smarty.get.id} {$user->define_manager('write', $statusreport->get('group'))}
Smarty does not handle the second '->' (in $statusreport->get('group') ). This is easily solved by a simple workaround. Assign the value to a smarty variable in a seperate command
{generate_data_object var="statusreport" query="statusreport" id=$smarty.get.id} {assign var="group" value=$statusreport->get('group')} {$user->define_manager('write', $group)}