|P is for Practical|
Re: Application Access Controlby ducky (Scribe)
|on Sep 24, 2001 at 04:53 UTC||Need Help??|
I've had to come up with access control mechanisms before and the only one I've been happy with makes extensive use of a database. Unfortunately, I haven't gotten around to making a decent module out of it, though it's been on my to-do list for quite a while, because the methods were written as HTML::Mason components and I just re-use the component rather than do the Right thing.
Essentially, it's a system of users, groups and access entities. Everything's assigned an entity. According to memberships between the users<->groups<->entities or users<->entities access is decided. Users explicitly granted or denied to the entity takes priority over users assigned to a group which then have permission granted or denied and the default permission takes effect if the other two come up emtpy.
It's a bit of a grand system, quite overkill for almost everything I've used it for, but I like it. =) If you'd like table definitions and SQL queries that drive it, I'd be happy to cough those up, just me know.
Update:Check this for a mess of SQL statements to create and query what I talked about above. So I coughed. There. =)
Update II: Since I've gotten some interest in these, here's a quick overview of the tables:
The ugly SQL to pull all these memberships together and determine a user's permission to a given entity based on what groups they're in and what permission has been assigned to them is available here (same link as above)
Update III: yeesh. Updated the link to my site.