At 02:17 PM 04/02/2002, Kenny Pyatt wrote:
>The decision has been made (although I can change it) to use a
>user-type/run-mode permission scheme. I created a database that
>handles which users are which type and which types have access to
>which mode. I even have it working :-)
This sounds like exactly what I've done. I like this style, because
then the run modes are responsible for determining what kind of
access they need, and I don't have to maintain a separate list. I
can also just look at each run mode and see that it has the proper
access, rather than having to refer back to some master list somewhere.
>The modes are given unique ids that are hard coded in. Each
>run-mode looks like this:
>
>sub Mode
>{
> my $self = shift;
> my $admin = $self->param('admin');
>
> # Check for permission.
> if ($admin->checkPermission('ModuleName_Mode '))
> {
> # The have permission so go ahead
> }
> else
> {
> # They do not have permission so tell them.
> }
Mine's a little simpler though:
sub Mode
{
my $self = shift;
$self->CheckAccess('Mode');
# If execution gets to this point, they have permission
[...]
and then CheckAccess looks like this:
sub CheckAccess($)
{
my ($self, $module) = @_;
# Not providing a module is always fatal
defined($module) or die "CheckAccess: module not defined";
# Perform the authentication stuff here
# If access was granted, return.
return(1) if $access_was_granted;
# Access denied, report the error to the user, and die.
warn "Refusing access to $module for $username\n";
die "You do not have permission to perform this operation.\n";
}
--
Greg Marr
[EMAIL PROTECTED]
"We thought you were dead."
"I was, but I'm better now." - Sheridan, "The Summoning"
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
