Hey there,
I'm forwarding my own Message to the Users List because I think that
I'll get some more Response here, than on the dev list.
For everybody who doesn't yet know what Redracer is about here is a
short explaination. Redracer is a Code Snipplet repository for agavi
which I wanted to create for the Google Summer of Code. But since
Agavi was not picked to be participating in GSOC I do it for fun :)
Also have a look at http://www.redracer.org for more information about
the development.
- Benjamin
Anfang der weitergeleiteten E-Mail:
Von: Benjamin Börngen-Schmidt <[email protected]>
Datum: 28. Mai 2009 14:43:02 MESZ
An: Agavi Dev Mailing List <[email protected]>
Betreff: [Agavi-Dev] [Redracer] Access Control
Antwort an: Agavi Dev Mailing List <[email protected]>
Hello,
okay i got most of the user stuff ready now for Redracer, so I started
planing on the Projects Module.
So one the one hand I have the Credentials, which tell me if the user
is allowed to call the action, but on the other I have the Projects.
Without some access control every user would be able to edit projects
which do not belong to him.
Now a user has the Credential "edit-own" should I put some logic in
the getCredentials() function to check if it is his own project? And
what should the function return?
Also where should I place the ACL? I guess in the DB... but currently
I'm getting all my credentials from the rbac_definitions.xml how do I
add the Credentials from the DB to the User, or better when?
Has anyone yet had such a problem and might be able to provide me an
example?
Cheers
---
Dipl.-Betriebsw. (BA)
Benjamin Börngen-Schmidt
Pallaswiesenstraße 30
64293 Darmstadt
fon: +49 (0)6151 6795935
email: [email protected]
_______________________________________________
Agavi Dev Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/dev
_______________________________________________
users mailing list
[email protected]
http://lists.agavi.org/mailman/listinfo/users
