Quote:
Originally Posted by mjlecomte
|
Yes, I came across LiveUser when I did my original research. I just quickly read through the docs and looked at their diagrams, but didn't do too much with it since it 'looked' complicated.
Admittedly, anything new looks complicated, but for some reason it just didn't click. That is why I like 'choice' in the open source world. There are more than one ways to achieve the same end result, it is just a matter of finding the one that works for you.
Quote:
|
phpGACL seems to have been around the longest and allegedly has had numerous users. I'm a little surprised that none of these ACLs (phpGACL, LiveUser, this one) aren't more "organized" for lack of a better word.
|
True. I can't comment on the other systems but as for RBAC_bv, the key, (as I have already mentioned before) is in the database design. If you take the time to study the design and play around with it you will see that you can retrieve any piece of information you want with just one query.
All the methods I have written are mainly SQL queries with a little post processing. If you looks at the code I have written you will see what I mean.
Quote:
|
This is not in reference to the quality or merits of the class itself, but more so the documentation. So like you mentioned in one of your earlier posts, I guess I'm a bit too slow as well and am not sure how to use the class, that's where your concept shines to me, it is easier to grasp looking at the ERD.
|
We must think the same ;-) However I am sure to many people the ERD would be more confusing.
Quote:
|
Do you have an idea how to implement user management in your system? That is, how to handle controlling administration rights of users? I have a situation where I might want to ability to have "admins" or "department managers" create users or assign rights to other users.
|
Yes. In actually fact you already solved the problem without realising it. (Which reminds me I should upload a pdf document that explains what I am about to say.)
The privileges defined in RBAC_bv follow the rules of the english language. I won't go into this in detail because they are discussed in the docs. But to answer your question, you would create a role called 'department manager' you would then create an action 'create' and an object 'user'. You then link the action to the object in the 'rbac_roles_has_domain_privileges'. (i.e. it is just a record that states that the role 'department manager'
is allowed to 'create' a 'user' object. (As opposed to
not being allowed to perform a certain action))
Quote:
|
The scenario comes to mind where you want to limit what rights could be assigned, for instance you wouldn't want a "department manager" to be able to create a "super administrator" etc.
|
This is precisely what RBAC_bv is designed to do. i.e. clearly define the privileges of each user group, so they don't conflict with one another.
In your case the object 'user' would be associated with the role 'simple_user', so that once a new user was created you could assign to them the role of 'simple_user' which would be defined as the right to 'view' the 'public_pages' object. (or whatever you want really.)
I hope this helps a little.