Julian Davchev wrote:
Well, I have fields to show/hide on different conditions for example.
Consider show/hide person salary.
If user has entered secret password (this would be the assert) he will
be allowed to see someone's salary else just a link will be presented to
enter secret password. But on other hand if there is not even allow for
this salaray to see I wouldn't even display link to enter secret
pass...it will all be just hidden. Hope it makes more sense now.
I like abstraction too.....just kinda not sure what best approach in my
case is.
Ahh right I think I understand your use case now.
THere are really three states here.
1. Not allowed ever.
2. Allowed in principle but not authenticated to that level.
3. Allowed in principle and authenticated.
Is that a fair statement?
If so I would just split this into two sets of permissions one with an
assert and one without.
The first would indicate if the user is ever allowed or not (basically
in the first group above or not in that group).
The second controls the actual viewing of the sensitive info (with the
assert).
So I would do something like:
if ($acl->isAllowed('CanViewSalaries'))
{
if ($acl->isAllowed('ViewSalary'))
{
// Display it.
}
else
{
// Display auth for the ViewSalary assert().
}
}
Dunno if that would work for you or not but I hope it helps.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
