On Sat, 21 Aug 2004 21:28:30 +0100, David R. Baird
<[EMAIL PROTECTED]> wrote:
> I've spent a fair bit of time looking for a generic, groups-based
> system for managing user privileges, but there doesn't seem to be one
> on CPAN. Lots of apps on CPAN have their own, tailor-made systems,
> but they tend to run to a lot of
>
> if $user->is_allowed_to_foo
> ....do foo stuff
> if $user->is_allowed_to_bar
> ....do bar stuff
>
> type of things, very specific to their own application.
>
> Maybe I've missed it? Can anyone point me at such a beast?
>
> If not, I've built a groups-based class that I think is pretty
> generic. What I wanted was a hierarchy of groups that can model an
> organisation. Groups contain subgroups, and groups can do whatever
> their subgroups can. The hierarchy and the abilities are
> configurable.
>
> At the moment, I'm calling this Admin::Group, and it has a companion
> Admin::User. But that would mean a new top level namespace, which I
> know is generally resisted. But it does seem to describe what the
> classes do.
>
> An alternative might be the User:: namespace. Maybe User::Admin::User
> and User::Admin::Group?
>
> Any opinions or pointers to similar things?
"User," "Group," and "Admin" mean many different things in many
different contexts. So I would suggest something more specific.
Before you get there, though, you have to be clear as to which of the
three A's you're dealing with: access, authorization, and/or
accounting? If it's authorization, then there are Auth:: and Authen::
namespaces (Authen:: is preferred). If it's access, then I'm
surprised, because that's usually application-specific. And it seems
clear that you're not talking about accounting, but if you are, then
you are.
Anyway, I recommend that the namespace talk about what purpose the
modules serve, not about some quite ambiguously-named objects that
they operate over.
Also, when you're talking about groups of groups as above, the
more common term of art is accounts and subaccounts.
- Kurt
