in reply to Application Access Control
I've had to come up with access control mechanisms before and the only one I've been happy with makes extensive use of a database. Unfortunately, I haven't gotten around to making a decent module out of it, though it's been on my to-do list for quite a while, because the methods were written as HTML::Mason components and I just re-use the component rather than do the Right thing.
Essentially, it's a system of users, groups and access entities. Everything's assigned an entity. According to memberships between the users<->groups<->entities or users<->entities access is decided. Users explicitly granted or denied to the entity takes priority over users assigned to a group which then have permission granted or denied and the default permission takes effect if the other two come up emtpy.
It's a bit of a grand system, quite overkill for almost everything I've used it for, but I like it. =) If you'd like table definitions and SQL queries that drive it, I'd be happy to cough those up, just me know.
Update:Check this for a mess of SQL statements to create and query what I talked about above. So I coughed. There. =)
Update II: Since I've gotten some interest in these, here's a quick overview of the tables:
The ugly SQL to pull all these memberships together and determine a user's permission to a given entity based on what groups they're in and what permission has been assigned to them is available here (same link as above)users ---------- user_id auto-incrementing, primary key name text, for human consumtion entities ---------- entity_id auto-incrementing, primary key name text, for human consumtion permission boolean, default permission groups ---------- group_id auto-incrementing, primary key name text, for human consumtion priority int, optional. to give one group priority over another group/entity membership ---------- group_id int, references groups table entity_id int, references entities table permission boolean, this group's permission on the entity user/entity membership ---------- user_id int, references users table entity_id int, references entities table permission boolean, this user's permission on the entity user/group membership ---------- user_id int, references users table entity_id int, references entities table
Update III: yeesh. Updated the link to my site.