Coder Social home page Coder Social logo

Comments (6)

Ocramius avatar Ocramius commented on June 25, 2024

I'd probably go with an interface that abstracts AuthorizeAcl and AuthorizeRbac, but that takes some time since currently, all providers also give us roles that work with Acl.

Integrating with ZfcRbac seems a bit weird, since both modules support the same logic. It can be done eventually, but I don't see where the advantage (over simply using ZfcRbac in such case) is.

from bjyauthorize.

neoglez avatar neoglez commented on June 25, 2024

mmm, I agree with "but I don't see where the advantage (over simply using ZfcRbac in such case) is".

On the other hand, this module is called Authorize, so why support only ACL (wich is a totally different concept -more desktop- as RBAC -more web) ??
...and wrapping the rbac logic in acl logic ("currently, all providers also give us roles that work with Acl")? ...well, doesn't sound so cool

from bjyauthorize.

Ocramius avatar Ocramius commented on June 25, 2024

@neoglez that's because:

  1. when the module was thought, we didn't have the RBAC component
  2. it has to be thought again eventually.

This can work if we define a config as following:

return array(
    'bjyauthorize' => array(
        'authorization_services' => array(
            // ze number is ze priority
            'BjyAuthorize\Service\AclAuthorize' => 1000,
            'BjyAuthorize\Service\RbacAuthorize' => 2000,
        ),

        'BjyAuthorize\Service\AclAuthorize' => array(
            // previous bjyauthorize config
        ),

        'BjyAuthorize\Service\RbacAuthorize' => array(
            // new rbac config
        ),
    ),
);

This obviously allows having a number of authorization services based on your own custom techniques. Since they are also attached as listeners, authorization can be event driven.

from bjyauthorize.

neoglez avatar neoglez commented on June 25, 2024

Looks very flexible :)
I like the idea +1, i'll try to work on it

from bjyauthorize.

Ocramius avatar Ocramius commented on June 25, 2024

@neoglez please work only on the UML first. I still need to wrap my head around it, but it should be very simple.

Things to take into account:

  • is the authorization service in the chain capable of acting on a given role/resource?
  • should the authorization service break the chain on failure (basically black/whitelisting)

We need a simplified interface for authorization services. Something like following may work:

interface AuthorizationServiceInterface
{
    public function hasResource($resource);
    public function isAuthorized($resource);
}

The guards should be generalized to use only this interface, and configuration of the guards should be decoupled from configuration of the resources.

I will gladly add a milestone for 2.0.0, but the steps for decoupling the guards are what we already need for 1.3.0

from bjyauthorize.

Ocramius avatar Ocramius commented on June 25, 2024

Closing, see #112

from bjyauthorize.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.