I don't know, but seems to me like you've just described Cake's ACL. You can stick ACL checks wherever you want (AppController, Controller, Action, etc.).
You can have a million groups, or just a single "authenticated" group if you want to. ACO's have action permissions default for CRUD operations. Persistence is handled by sessions (on by default in Cake). Authentication is your job, because this varies wildly. SQL for the setup is distributed with Cake, along with a setup script. -- J On May 8, 2006, at 11:47 AM, calzone wrote: > > I think this is precisely the kind of thing that shouldn't change from > app to app. > > Yes, you would want to configure things from app to app, but by and > large, imho, an authentication system should be standardized as a best > practices model that is available for a developer to leverage. > > The developer should be able to: > > 1) enable authentication across the whole app, just a directory, or on > single views or models or controller methods (and able to exclude > single pages from whole-app or directory based protection). A simple > directive to turn it on at any given level would suffice, along with a > directive to suppress it at any given level. Similarly, the > ability to > set an enforce ssl flag at the same varying levels would be good. > There > would be a default login view and model, but no default user or group > admin. > > 2) not worry about groups unless up front... a default configuration > assumes everyone is in one of two groups (authenticated or anonymous) > > 3) on a per-app, per-dir, per-view, per model (or within a model, > per-field), per-controller method basis, define access level for each > role or even a single user in terms of default read or hide (and for > models and fields, create and edit). > > 4) on a per-app basis, set persistence, and whether ssl should be > enforced on login, in an auth.conf file or something like that > (encrypted cookie vs session vs non-persistent, cookie expiration date > or session length). > > Whatever database tables are required for that would be part of a > standard sql script distrbuted, after which the developer would simply > edit the roles/groups table either directly in the db or by creating a > page to do it. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
