On Sat, 25 Aug 2007 23:52:39 -0400, csnyder wrote > On 8/24/07, Cliff Hirsch <[EMAIL PROTECTED]> wrote: > > > As for phpGACL, the feedback I got was that most ACLs out there are > > > good at answering one question, from the following list: > > > > > > 1) "Can I access this object?" > > > 2) "Who can access this object?"
> I think number 2 translates to things like "Who else can read posts > to this forum?" or "What developers have commit access" or even reports > like "List all editors by site". > > -- > Chris Snyder I was waiting for you to chime in here. Just re-read your RBAC chapter in Pro PHP Security (AWESOME BOOK, BTW). Nice Hamptons beach reading. Its that or Clive Cussler. As I think about this, the problem is all the "locations". A front-end controller can consolidate or automatically synthesize and manage locations. But there could be soooo many. And it seems to me the presentation layer needs a heck of a lot of if statements to hide sections, links, buttons, etc. if you want to hide unaccessible stuff instead of a simple "not authorized" msg. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
