Hello, Yes, you are right that was idea I thought about alternative implementation. It's very "clean" way to allow admin see changes on-fly. But also it's little bit more complicated. And of course it depends on your wishes. :))
So for example AFAIK Gallery2 provide similar idea as you described (ability for admin to "pretend" ordinary user). But again IMHO it's little bit more complicated to implement "pretend as" mechanism. 2010/6/10 <[email protected]>: > Hi, > > I have something like that in my current app. > > After succesful auth, I store the role (user, poweruser, admin) in the > identity and another role called as_role. > All my acl checks are done against as_role except one that is done against > the true role. > The check using the true role display some "view as" buttons in the layout > if role is "admin" and permit changes to as_role. > > It's not perfect impersonation as I can't see resources as their owner > without logging as the owner but I can browse the site as a generic user or > poweruser without loging out. > > Ludwig > > -------------------------------------------------- > From: "Aleksey Zapparov" <[email protected]> > Sent: Thursday, June 10, 2010 12:33 PM > To: "Jurian Sluiman" <[email protected]> > Cc: <[email protected]>; "shahrzad khorrami" > <[email protected]> > Subject: Re: [fw-general] using of two auth in zend > >> Hello, >> >> Very good point of view. Unfortunately it does not related to the topic. >> Topic >> was exactly about authentication, not authorization. I see what do you >> mean >> and I understand why do you think that Zend_Acl will solve the problem. >> But >> problem was not about to separate credentials by roles, but to separate >> authentication scopes. >> >> It was about to provide option to be able to log-in into website as >> admin for one >> particular module and somebody else for all anothers. If you have >> experience >> then you probably saw that there you can log into back-end administration >> panel as admin (or moderator), but you can log into front-end >> administration by >> somebody else. >> >> Why you may need this? Here's simple example why this may be useful. When >> you have built a some kind of CMS, and you have different roles of users, >> and >> your administrator has ability to change scopes of visible areas for >> one role and >> another, you would like to test it "live". With two concerrent >> authentications you >> can achieve this easily simply log into "user's area" as user while be >> staying >> administrator inside "admin's area". With one authentication scope you'll >> need >> to log out and log in back as user to test changes. >> >> >> 2010/6/10 Jurian Sluiman <[email protected]>: >>> >>> Hi, >>> I think you're using the wrong tool to solve the problem. Auth is just >>> needed >>> for authentication: who are you?. The answer to the question if you have >>> permission to something is covered in authorization. >>> >>> Zend_Acl is the thing you need, not two Zend_Auth instances. It's pretty >>> easy >>> with two resources (account and admin) and two roles (user and admin, >>> groups >>> for the users). Program them static in your plugin and you're future >>> proof for >>> further expansion. >>> >>> Regards, Jurian >>> -- >>> Jurian Sluiman >>> CTO Soflomo V.O.F. >>> http://soflomo.com >>> >>> On Wednesday 09 Jun 2010 06:23:13 shahrzad khorrami wrote: >>>> >>>> wow thanks alot Alekseyyyy I'm going to test... B-) merccccc >>> >> >> >> >> -- >> Sincerely yours, >> Aleksey V. Zapparov A.K.A. ixti >> FSF Member #7118 >> Mobile Phone: +34 617 179 344 >> Homepage: http://www.ixti.ru >> JID: [email protected] >> >> *Origin: Happy Hacking! > > -- Sincerely yours, Aleksey V. Zapparov A.K.A. ixti FSF Member #7118 Mobile Phone: +34 617 179 344 Homepage: http://www.ixti.ru JID: [email protected] *Origin: Happy Hacking!
