rtablada
commented
11 years ago My vote is to use Authority.
Open rtablada opened 11 years ago
rtablada
commented
11 years ago My vote is to use Authority.
imjakechapman
commented
11 years ago I really wanted to try out and see how Authority works personally.
On Jun 4, 2013, at 8:48 PM, Ryan Tablada notifications@github.com wrote:
My vote is to use Authority.
— Reply to this email directly or view it on GitHub.
rtablada
commented
11 years ago Authority looks really nice on further look. It doesn't care about the user table linked to the permissions so I guess the next thing is to think about #2
msurguy
commented
11 years ago Do not like Sentry at all. Unnecessary complications and dependencies.
Native auth will suffice. No Github or Twitter login for now - that will come later.
msurguy
commented
11 years ago Authority is only needed when you have multiple roles in your application. What will be our roles/permissions if we had them ?
What else ?
imjakechapman
commented
11 years ago This is what I wanted to do. I wanted to make sure it doesn't become a free for all, everyone putting up the most random sites. Gives nice quality control.
On Jun 4, 2013, at 9:32 PM, Maksim Surguy notifications@github.com wrote:
Authority is only needed when you have multiple roles in your application. What will be our roles/permissions if we had them ?
submit a site (which I think shouldn't be limited to registered users - I use this technique on Bootsnipp and Laracasts, I get every submission in my email and approve if it qualifies) like (only registered users should be able to do this, so I guess the qualifier is just registration - no additional permissions needed) ??? What else ?
— Reply to this email directly or view it on GitHub.
rtablada
commented
11 years ago The roles would be admin vs regular user.
For bootsnipp did you use separate tables or what for your admin login vs user login?
— Sent from Mailbox for iPhone
On Wed, Jun 5, 2013 at 12:41 AM, Jake Chapman notifications@github.com wrote:
This is what I wanted to do. I wanted to make sure it doesn't become a free for all, everyone putting up the most random sites. Gives nice quality control. On Jun 4, 2013, at 9:32 PM, Maksim Surguy notifications@github.com wrote:
Authority is only needed when you have multiple roles in your application. What will be our roles/permissions if we had them ?
submit a site (which I think shouldn't be limited to registered users - I use this technique on Bootsnipp and Laracasts, I get every submission in my email and approve if it qualifies) like (only registered users should be able to do this, so I guess the qualifier is just registration - no additional permissions needed) ??? What else ?
— Reply to this email directly or view it on GitHub.
Reply to this email directly or view it on GitHub: https://github.com/madewithlaravel/madewithlaravel.com/issues/1#issuecomment-18955246
msurguy
commented
11 years ago Admin vs regular user does not need advanced stuff (and complication) like authority. Here is what I do, that takes a minute or less and doesn't need anything special, not even additional columns in the table :
have user IDs start from 125455 (or any other 5-6 digit arbitrary number) create a user that has id of 125456 (or that number + 1) then in the user model have this function :
public function isAdmin(){
if ($this->id == 125456){
return true;
} else {
return false;
}
}and finally create a filter :
Route::filter('admin', function()
{
if (Auth::guest()) return Redirect::to('login');
if (!Auth::user()->isAdmin()) return Redirect::to('login');
});now we can do some wonderful stuff like this : create admin controller and attach this admin filter to it. All admin functionality would be done from it or controllers that extend it.
Does this make sense? The advantage of this is that there needs to extra tables or even columns or any changes, the user's id is hardcoded and there is no way to pretend like you are an admin unless you are logged in as admin.
What do you guys think? Simple (comparing to installing packages, dealing with extra stuff and setting many things up just to have the same functionality)?
rtablada
commented
11 years ago That is a bit messy as far as dealing with id and won't translate well to other DB systems. While I like a KISS approach, tricking the id is a hack more than anything.
If not authority, we could add an admin field to the user table although making these checks means more work compared to 'composer install'.
— Sent from Mailbox for iPhone
On Wed, Jun 5, 2013 at 2:23 AM, Maksim Surguy notifications@github.com wrote:
Admin vs regular user does not need advanced stuff (and complication) like authority. Here is what I do, that takes a minute or less and doesn't need anything special, not even additional columns in the table : have user IDs start from 125455 (or any other 5-6 digit arbitrary number) create a user that has id of 125456 (or that number + 1) then in the user model have this function :
public function isAdmin(){ if ($this->id == 125456){ return true; } else { return false; } }and finally create a filter :
Route::filter('admin', function() { if (Auth::guest()) return Redirect::to('login'); if (!Auth::user()->isAdmin()) return Redirect::to('login'); });now we can do some wonderful stuff like this : create admin controller and attach this admin filter to it. All admin functionality would be done from it or controllers that extend it. Does this make sense? The advantage of this is that there needs to extra tables or even columns or any changes, the user's id is hardcoded and there is no way to pretend like you are an admin unless you are logged in as admin.
What do you guys think? Simple (comparing to installing packages, dealing with extra stuff and setting many things up just to have the same functionality)?
Reply to this email directly or view it on GitHub: https://github.com/madewithlaravel/madewithlaravel.com/issues/1#issuecomment-18957668
msurguy
commented
11 years ago I agree that is a hack and maybe too simple...
Thinking about it more I'd like to use something like Authority or Zizaco's Entrust (https://github.com/Zizaco/entrust) to separate the roles and to make things flexible. Have you guys seen Entrust? I think the docs are more comprehensive than Authority but it is up to you guys what you have experience with or prefer using.
rtablada
commented
11 years ago Sure, let's pivot to entrust and Confide. They seem to have a nice API wrapper and give some crud out of the box which is always appreciated.
Have a blessed day, Ryan Tablada 404.791.6276 ryan.tablada@gmail.com
On Jun 5, 2013, at 2:34 PM, Maksim Surguy notifications@github.com wrote:
I agree that is a hack and maybe too simple...
Thinking about it more I'd like to use something like Authority or Zizaco's Entrust (https://github.com/Zizaco/entrust) to separate the roles and to make things flexible. Have you guys seen Entrust? I think the docs are more comprehensive than Authority but it is up to you guys what you have experience with or prefer using.
— Reply to this email directly or view it on GitHub.
Should we use native Auth or a Package like Sentry?
Lets do a poll?
Simple Auth - email, username, password, profile (relationship), we would have to implement Authorization Sentry - Heavy, lots of permissions. Strange licensing Authority - Allows for Authorization and Authentication
I think that Maks had another player in the game as well.