SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 66
  1. #26
    simple tester McGruff's Avatar
    Join Date
    Sep 2003
    Location
    Glasgow
    Posts
    1,690
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That'll do First I'd better explain the process.

    Unit testing has a whole range of benefits - the ability to use tests to create an OOP design is one. First you write a little test, then you write a little code to pass the test. Repeat until done. Test-first might feel slightly strange but it helps to keep you tightly focussed on the requirements. For example, it stops you going off on a mission to capture the entire "calendar" domain in code when all you need is a happy birthday message for site users. As soon as a test passes you're done and it's time to move on.

    A very simple example:

    PHP Code:
           class TestOfMysqlDatabase extends UnitTestCase
           
    {
               
    // ...
               // ...
           
          
    function testExecute() {
              
    $db =& new MysqlDatabase(DB_HOSTDB_USERDB_PASS);
              
    $this->assertTrue($db->execute('select 1'));
              
    $this->assertIdentical($db->execute(''), false);
          } 
    This is a part of a unit test for a MysqlDatabase class. The method "testExecute" contains an assertion that a MysqlDatabase method "execute" returns a value == true with a valid query and a value === false with a bad query. There would be many other tests and assertions in the complete test case. Each establishes a constraint on the implementation of the MysqlDatabase class.

    In order to pass this test, you could write:

    PHP Code:
          class MysqlDatabase  // implements Database
          
    {
              
    // ...
              // ...
          
              
    function execute($sql) {
                  return 
    mysql_query($sql$this->_connection);
              } 
    Now you'd go on to express the other requirements for the class by writing more tests which make other assertions, and then writing whatever code you need to pass each new test.

    So, the first question is: what are your requirements for a Permissions object?

    Some links here for further reading.

  2. #27
    SitePoint Addict
    Join Date
    May 2003
    Location
    The Netherlands
    Posts
    391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lilleman,

    If you want to be able to work with hierarchical roles, a Role Based Access Control system might be more adequate than ACL's.

    This paper, Comparing Simple Role Based Access Control Models and Access Control Lists, (pdf version) might give you some more insights in the difference between both methods.

    Off Topic:


    Quote Originally Posted by McGruff
    Some links here for further reading.
    I thought it was kind of funny to see a couple of links pointing back to SP, then I read a comment of one of the posters on the topic you were referring to:
    Quote Originally Posted by GRemm
    My apologies for posting another forum here if that is rude. The sitepoint forum is doing much the same thing the devnetwork forum is and I thought I would post the wheel instead of reinvent it.
    Thought it would be funny to mention. I guess my question to you, as a devnetwork.net Site Admin, is if there is some concept behind devnetwork.net that goes beyond what SP is offering.
    There’s more than one way to skin a cat.

  3. #28
    SitePoint Zealot
    Join Date
    Aug 2005
    Location
    Bucharest, Romania
    Posts
    118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is a GACL project, written in php:

    http://phpgacl.sourceforge.net/

    Mambo and dotProject are using it...

  4. #29
    SitePoint Addict
    Join Date
    Apr 2005
    Location
    San Diego, CA
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're only focused on the control list portion, you're only viewing 1/2 the picture. The other 1/2 is all the gates (permission checkpoints) in the code itself that checks and permits access. The ACL, or whatever, is written once but still has to be maintained in some way. Either by using something like phpgacl, or something you write, or by manual control like updating the object list in a database table. From there everything you write must follow a set of rules to ensure there are no security holes. It can be fun but usually not.

    I wrote a permissions system by defining all the gates in a database in a hierarchy. The hierarchy is site -> application -> object -> group -> user. Each level has no change, read, write, deny access levels. It uses a least restrictive except deny model. For example if a group has deny access set for a particular application/object but a user of that group has read access, the user is denied access. If the roles were reversed the group would have read access but that same user, with deny perms, is blocked again. But if the group has read access and the user has write access, the user will end up with write access which is the least restricitive.

    To figure it out I had to draw everything out on paper. It took a long time to figure out the code because the code had to traverse the entire tree upwards, just like a previous post, ensuring there was at least read access to the object then traverse back down to ensure that nothing blocked the user. Because the tree isn't necessarily known until it's recalled from the database it requires a recall of the hierarchy before anything can be done which causes more queries than I'd like. It still needs optimizing but it works for now.

    One downside is every new application I add to my CMS must have it's object tree defined and have no security holes. That definitely lengthens the development time but again, once it's done it's done. Good luck.
    I study speed waiting. I can wait an entire hour in 10 minutes.

  5. #30
    simple tester McGruff's Avatar
    Join Date
    Sep 2003
    Location
    Glasgow
    Posts
    1,690
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by nacho
    I guess my question to you, as a devnetwork.net Site Admin, is if there is some concept behind devnetwork.net that goes beyond what SP is offering.
    No but it's not a competition. I often tell people they'll get better advice on advanced topics here. I don't really care where discussion takes place, as long as it does take place.

    The unit testing forum was started fairly recently to try to encourage more members to look at testing. If just a couple each year beome test-infected it will have served its purpose.

  6. #31
    SitePoint Addict
    Join Date
    May 2003
    Location
    The Netherlands
    Posts
    391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Off Topic:

    Fair enough. It wasn't meant to be a criticism though, I was just curious, as you usually post on SP regularly, about possible differences I wasn't aware of.
    There’s more than one way to skin a cat.

  7. #32
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by McGruff
    So, the first question is: what are your requirements for a Permissions object?
    Well, uhm... Let me see. It should be able to check whether or not a user can perform a certain action on a specific object (well, duh!). Perhaps it should be able to do more stuff? Since I'm the one having problems here, you experts will have to help me figure this out.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  8. #33
    Can we go to a 48 hour day?
    Join Date
    May 2002
    Location
    MI
    Posts
    906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lilleman
    Well, uhm... Let me see. It should be able to check whether or not a user can perform a certain action on a specific object (well, duh!). Perhaps it should be able to do more stuff? Since I'm the one having problems here, you experts will have to help me figure this out.
    Well things don't generally work like that. I mean you can say "I need to build a car". Fine, what does the car need to do? Get great milage, haul large payloads, ferry 7 people around a lot. All of these things are going to get you different types of cars. There is no one size fits all.

    In any project the first thing you need is your requirements, not "let's see how many parts I can throw into a single thing".
    mitechie.com
    "Techies just think a little differently
    ...at least that is what they keep telling me."

  9. #34
    simple tester McGruff's Avatar
    Join Date
    Sep 2003
    Location
    Glasgow
    Posts
    1,690
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lilleman
    Since I'm the one having problems here, you experts will have to help me figure this out.
    You'll need to be prepared to make an effort as well. I don't know your problem domain as well as you do but I can maybe show you how to explore it with test driven design.

    Quote Originally Posted by lilleman
    Well, uhm... Let me see. It should be able to check whether or not a user can perform a certain action on a specific object (well, duh!). Perhaps it should be able to do more stuff?
    There are many types of authorisation needs and systems. On one site I work on I simply have to authenticate the user. There's only one user account - the client - and once he's authenticated he can access all the admin functions. Now that could change if the site grew - maybe we'd need new accounts for content creators. Maybe they'd be allowed to edit any content or just their own papers. It doesn't really matter. Time is money and right now the sole requirement is to provide some admin functions which can only be accessed by the client.

    Never do any more than you need to fulfil a specific requirement and be sure you're clear what these are. Can you give me some examples of actions and objects and I'll see if I can come up with the first test? After that, it'll be over to you to write some code which passes the test.

  10. #35
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by McGruff
    You'll need to be prepared to make an effort as well.
    Yeah, I know. I was pretty tired when I wrote my last post.

    Quote Originally Posted by McGruff
    Can you give me some examples of actions and objects and I'll see if I can come up with the first test?
    Let's assume that we have a user called James, and that we have an article module installed. James is an article writer, and should be able to manage (update or delete) his own articles. All other regular users should be able to read his articles, but nothing more than that.

    Is this enough for you to come up with something? If not, let me know.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  11. #36
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've been playing around a bit with SimpleTest, and I think I'm starting to understand the benefits of using test-driven development. However, I'm still stuck regarding the permission system. I've done some thinking, and came up with an idea which seemed quite good at first. What was the idea? It was to assign users to groups (with descriptive names, like articleModeratorInCategory5) and then set flags (Create, Retrieve, Update and Delete) that determine what the users of that group can do to the specified object (it's specified in the group's name). As I mentioned, this seemed as a good idea at first, but then I realized that I would end up with a lot of groups, and that it probably isn't a very smart way to do it. So, there must be a better way, such as using ACL or RBAC.

    I've searched on Google for articles about ACL, but I can't seem to find any good articles which explain how it really works. Does anyone here know of articles which explain how to use ACL? If you do, I'd be forever grateful if you shared it with me.

    Thanks in advance.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  12. #37
    SitePoint Addict timvw's Avatar
    Join Date
    Jan 2005
    Location
    Belgium
    Posts
    354
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I choose for scripts in a KISS style. This means a script only does C, R, U or D (Or Search to be more precise). A consequence is that you can keep the authorization pretty simple. (Allowed or not allowed, well you need to store the scripts that a role is allowed, the others are not-allowed per definition).

    An extension would be specific fields/attributes that are used by a script. These can be stored in a role-script-attribute table (here you could choose for a full/display/hide. the default would be full, so you only need to store the restrictions.)

    This way, you end up with a relatively easy setup like:

    [user] n - 1 [role]
    [script] n - 1 [role]
    [rolescriptattribute] n - 1 [role]
    [rolescriptattribute] n - 1 [script]

    Offcourse, you can extend the design but in my experience that usually comes with the issue that it becomes hard to understand/manage.

  13. #38
    simple tester McGruff's Avatar
    Join Date
    Sep 2003
    Location
    Glasgow
    Posts
    1,690
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lilleman
    Let's assume that we have a user called James, and that we have an article module installed. James is an article writer, and should be able to manage (update or delete) his own articles. All other regular users should be able to read his articles, but nothing more than that.
    Great - that's easy. There have been a lot of suggestions made about authorisation systems but the key thing, from an XP point of view, is to do the simplest thing that works. What I've got from you so far:

    Make the add/edit/delete article actions conditional on:
    (1) the user has been authenticated
    (2) $user_name == 'James' (or maybe user id - same thing though)

    Is that all you need?

    At this point we're having the kind of dialogue you might have with a client (I'd be asking you if there are multiple authors). Once I'm sure I know what you want, I could start on a test case.

  14. #39
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by McGruff
    Is that all you need?
    Basically, yes - at least for now.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  15. #40
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    timvw: Thanks for the tip. However, I don't really understand what you mean. Do you think that you can show me some example data (users, scripts and attributes) and how you use it in your scripts? If it's too much to ask, or if you don't have the time to do so, just let me know.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  16. #41
    simple tester McGruff's Avatar
    Join Date
    Sep 2003
    Location
    Glasgow
    Posts
    1,690
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, if that's all you need, the authorisation domain is no more than:

    PHP Code:
          if($user_name == 'James') {
               
    // allow
          

    That's it. There are no authorisation classes to create, and nothing to TDD.

    Actually I would make a class out of that purely because of the way I organise controller code. A request gets passed along a ChainOfResponsibility: add/edit/update/delete article requests would be configured with an authorisation handler performing the above check. If it fails, the handler serves up an access denied page.

    The requirements do not require any kind of complex system. You just have to authenticate James, and then attach a simple if check to the appropriate request types, somehow.

  17. #42
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, then I guess that's not all I need.

    The method you have posted above is the method I've used in previous applications which didn't require a complex access control system. That's not what I'm after for the current application. I want to use something like ACL or RBAC (or any other access control system which offer the functionality I'm after) to grant certain permissions on certain objects to users, and then do something like this in my code:

    PHP Code:
    if( $user->hasPermission('edit''article:8') ) {
      
    // the user is allowed to edit article #8

    Perhaps I wasn't clear about my requirements before, but I hope it's more clear now.
    Last edited by lilleman; Sep 4, 2005 at 05:22.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  18. #43
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I spent some time last night reading through the RBAC spec (which seratonin linked to in this thread) and I'm going to do some testing with it, to see if I can get it to work the way I need it to. I'll be back, as Arnold would say.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  19. #44
    simple tester McGruff's Avatar
    Join Date
    Sep 2003
    Location
    Glasgow
    Posts
    1,690
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lilleman
    Well, then I guess that's not all I need.
    I'm sorry I can't help you. The key point about TDD is coding to the requirements, no more and no less. I don't know what these are.

  20. #45
    Tranceoholic lilleman's Avatar
    Join Date
    Feb 2004
    Location
    Örebro, Sweden
    Posts
    2,716
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I know it's difficult for you to help, but I appreciate your effort. I think I'll try using TDD when developing this access control system, and if I have any questions, I'll post them here. Thanks again for trying to help me.
    ERIK RIKLUND :: Yes, I've been gone quite a while.

  21. #46
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just cross read this thread and one possible way would be:
    Assigning general groups for the 'general' tasks:

    Admin - allowed to do everything
    Subadmin - as Admin, just no allowance to create/delete/alter system data/files
    Chief of Revision - Edit/create/delete all articles
    Author - Edit/create/delete own articles
    Guest - read
    etc, you name it

    Each user is assigned to a group and each task is assigned to the lowest possible group.
    When issuing a task, the permission of the user is checked.

    That could be the basis of a permission system.
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  22. #47
    SitePoint Evangelist
    Join Date
    Mar 2005
    Posts
    421
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i have a very simple, but effective access control method on my site, following the KISS concept.

    In the database i store a users privilelge level, from 0 to 5, with 0 being just to view pages, and 5 being CRUD. This is stored in the user object, in a variable called PrivilegeLevel.

    I then have a menu set up as an array, with each menu group as well as each menu item being given a privilegeStatus, as you can guess a number from 0 to 5 that the user needs to view the menu item.

    When displaying the menu, only the menu items are shown that have an equal or less than privilege status than the user object. This removes from the view actions that are not allowed for a certain level of user, by literally witholding the links or view to that action.

    Then, in my intercepting filter, i check the users privilegeLevel against the menu items privelegeStatus, and if they have a value greater than the menu item, the action is allowed. This way you can't get a user with a privilegeLevel of 2 viewing the page that displays the menu item that contains a level 4 action. So really, it is taking a step back, and instead of checking whether the user can perform CRUD on each operation, it won't even show the user the menu option to perform these operations unless they have the appropriate privilege level. If somehow, they manage to circumvent this restriction, for example a user with level 0 (view-only) privilege typing in the url : 'mysite.com?cmd=DeleteUser&UserID=43', this still won't happen, as the filter chain will intercept that the user object doesn't have the privileges to do this.

  23. #48
    SitePoint Evangelist
    Join Date
    Feb 2005
    Posts
    581
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Something like this is what I am planning to do in my CMS. I'm going to store the privilege levels in the db to allow easier customisation. All I have to do then is join the user, privilege level, and privilege types tables together and check them against each other using one single query.

    Quote Originally Posted by skinny monkey
    i have a very simple, but effective access control method on my site, following the KISS concept.

    In the database i store a users privilelge level, from 0 to 5, with 0 being just to view pages, and 5 being CRUD. This is stored in the user object, in a variable called PrivilegeLevel.

    I then have a menu set up as an array, with each menu group as well as each menu item being given a privilegeStatus, as you can guess a number from 0 to 5 that the user needs to view the menu item.

    When displaying the menu, only the menu items are shown that have an equal or less than privilege status than the user object. This removes from the view actions that are not allowed for a certain level of user, by literally witholding the links or view to that action.

    Then, in my intercepting filter, i check the users privilegeLevel against the menu items privelegeStatus, and if they have a value greater than the menu item, the action is allowed. This way you can't get a user with a privilegeLevel of 2 viewing the page that displays the menu item that contains a level 4 action. So really, it is taking a step back, and instead of checking whether the user can perform CRUD on each operation, it won't even show the user the menu option to perform these operations unless they have the appropriate privilege level. If somehow, they manage to circumvent this restriction, for example a user with level 0 (view-only) privilege typing in the url : 'mysite.com?cmd=DeleteUser&UserID=43', this still won't happen, as the filter chain will intercept that the user object doesn't have the privileges to do this.
    I will not flame the newbies,
    I will not flame the newbies,
    I will flame the newbies...
    Table free is the way to be!

  24. #49
    SitePoint Wizard
    Join Date
    Jan 2004
    Location
    3rd rock from the sun
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by BluDragon
    Something like this is what I am planning to do in my CMS. I'm going to store the privilege levels in the db to allow easier customisation. All I have to do then is join the user, privilege level, and privilege types tables together and check them against each other using one single query.
    Sorry if I am stating the obvious here. If you are using mysql, don't forget the natural privilege system it uses to grant permission to a user/host/db.

    Example: Create a user level that can only update, not delete. All my public pages use a different include file, with restricted privileges, just in case sql injection gets through one day, I imagine everyone is the same...

    Using the rdbms privileges likely won't provide the granular control you want but will act as insurance. I also hear of db designers who dont delete anything, just change a 'flag'. kinda "select * from articles where state<2".

    I suppose one could create a new mysql user for each of your "logged in users", but that might be taking things a little too far. Does anyone do that?

  25. #50
    SitePoint Evangelist
    Join Date
    Feb 2005
    Posts
    581
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's not what I meant. I have three tables. One stores the user names and data, another the various privilege levels available, and the third the user's ids and their privilege levels. This has nothing to do with the MySQL privilege system whatsoever.
    I will not flame the newbies,
    I will not flame the newbies,
    I will flame the newbies...
    Table free is the way to be!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •