#1394: Authorization subsystem
-------------------------+--------------------------------------------------
Reporter: david | Owner: david
Type: enhancement | Status: new
Priority: normal | Milestone: 1.1
Component: controller | Version:
Severity: normal | Keywords:
Has_patch: 0 |
-------------------------+--------------------------------------------------
There should be a way to perform authorization checks after validation.
Popular use cases are the usual access controls on resources with stuff
like "only owner may edit blog post", and related stuff like GeoIP
restrictions et cetera, and doing it through validation is possible, but
quite cumbersome especially since the error case needs to be handled
separately.
Should be a simple {{{checkPermissions()}}} (or should it be
{{{checkAuthorization()}}}?) method on the Action that people can
implement (with support for {{{checkReadPermissions()}}} et cetera too of
course). Potentially also
[http://framework.zend.com/manual/en/zend.acl.html Zend_Acl] is great for
this.
--
Ticket URL: <http://trac.agavi.org/ticket/1394>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
