I've been working on a centralized authorization server for a while now. I have a functional minimal system I've used in a few projects now. It central method is called 'allowed' and it checks a permissions table in the database which is quite configurable. I use it to control access to web pages, elements on a web page (whether certain fields are added to a report returned to a users) and even for row-level database access control.
It's currently called SQCAS, but that's just an off-the-cuff name a friend suggested when we were brainstorming. My long term goal is to provide a tool that can be used both as a local set of modules and via a web server and XML (or maybe SOAP or such). A good chunk of core stuff is functional as I said, but it needs a management interface still. You can find it at: http://search.cpan.org/~seanq/SQCAS-0.23/ I just uploaded version .24 to PAUSE, so it should be available sometime soon. FYI, currently none of the tests will pass until the database is create, the conf file is installed and some sample data is inserted. The project could certainly be helped by making better use of existing tools, such as perhaps Class::DBI (I only recently started playing with that). On Sat, 2004-08-21 at 16:28, David R. Baird wrote: > I've spent a fair bit of time looking for a generic, groups-based > system for managing user privileges, but there doesn't seem to be one > on CPAN. Lots of apps on CPAN have their own, tailor-made systems, > but they tend to run to a lot of > > if $user->is_allowed_to_foo > ...do foo stuff > if $user->is_allowed_to_bar > ...do bar stuff > > type of things, very specific to their own application. > > Maybe I've missed it? Can anyone point me at such a beast? > > If not, I've built a groups-based class that I think is pretty > generic. What I wanted was a hierarchy of groups that can model an > organisation. Groups contain subgroups, and groups can do whatever > their subgroups can. The hierarchy and the abilities are > configurable. > > At the moment, I'm calling this Admin::Group, and it has a companion > Admin::User. But that would mean a new top level namespace, which I > know is generally resisted. But it does seem to describe what the > classes do. > > An alternative might be the User:: namespace. Maybe User::Admin::User > and User::Admin::Group? > > Any opinions or pointers to similar things? > > Thanks, > > d. -- Sean Quinlan <[EMAIL PROTECTED]> Massachusetts General Hospital
signature.asc
Description: This is a digitally signed message part
