Open ckald opened 14 years ago
You may take a look at http://github.com/ckald/aacl-jelly. Actually, I'm new to such kind of cooperated development.
Now I'm testing ported library. Few minutes ago I realised, that there should some kind of toggler of Spring-Jelly versions.
Thanks for this. Sorry for my lack of communication - I've got loads on a the minute and not a lot of time for KO stuff. I'll pull your Jelly fixes when I get a chance.
I think it should be tested for some time and then organized properly. And I'm adding some missing for me features (like working with unauthorized users, basic controller with all features — users crud, access control and so on). In some parts I'd like to ask your advice (for example, yesterday I created not very clear method AACL::granted to check access to some resource for some role — but, I think, there's some way I missed).
I've thought about doing some of the things you suggest - putting together a module with a complete user crud + forgoten password + opt-in email confirmation + ACL type module but I don't think this is it! AACL is a very focussed module and it's oine and only purpose is ACL built ontop of KO Auth base. If you are plannign to write more complete stuff that is great but I stringly reccomend you do it in a separate module on top of this one.
Not sure I understand what your granted() method is for?
I'm happy to give advice - PM me or create an issue here if it is actually AACL related.
In any way, I have to test it somehow — so now I need controller, which I will separate later. You're right about modules.
About granted
: I like idea about grid of access rules so much, that I implemented it (now only viewing, but updating will come soon). But I couldn't find the way to check access for any
role in one place. So I wrote granted
, which parses rules in database and comparing with result of list_resources
, gets direct answer to the question: «Is role
allowed to resource
.action
». All arguments are strings (resource
is actually acl_id
). So it works without AACL rule model and I think it should
.
Here is result: http://i.piccy.info/i5/35/62/316235/Bezymiannyi_800.jpg (article/read is granted to everyone — rule looks like ('role_id'=>NULL,'resource'=>'c:article','action'=>'read','condition'=>NULL))
For now it doesn't works with conditions; actually, I don't use them now — there are many things to do before.
I'm working now on porting your library to Jelly. For now, it seems that we only need to change 3-4 lines in Sprig_AACL to morph it to Jelly_AACL. But I'd better test it for some time.
I think, it would be nice to add Jelly support into AACL — to make it more accessible.
Besides, some months ago I was working on the very similar access control system. Your concept is great, i second it