On 8/24/07, Mitch Pirtle <[EMAIL PROTECTED]> wrote: > phpGACL was what was originally intended to be implemented, however > there were some challenges behind making that possible. Andrew Eddie > is behind the current ACL work, so he's most definitely the best > resource to ask that question to.
dotProject has been using phpGACL for about 2.5 years or so. When we implemented it, we found that some of it was nasty due to the level of granularity that we needed so we wrote a wrapper around it to hide most of it from the core of the code. Lately we've been adding helper methods to the various core classes to further abstract this and simplify the overall API. I think it's worked out pretty well and has hidden all the complexity while still allowing admins to define very specific permissions while respecting parent/child relationships. For example, knowing that someone has permissions to see a specific Project doesn't imply anything about the attached tasks. > As for phpGACL, the feedback I got was that most ACLs out there are > good at answering one question, from the following list: > > 1) "Can I access this object?" > 2) "Who can access this object?" For the most part, we ignore the 2nd question but also ask the opposite of the first - "Am I denied access to this object?" If you check out dotProject, the core of the implementation is in classes/permissions.php. kc -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
