[eluser]Basketcasesoftware[/eluser]
What do you think are essential functions to an authorization or access control library? Nothing that depends on a specific database structure please or specific configurations.
I'm using the functions from Ben Edmund's Ion Auth system as a starter here, plus some functions more related to access control. This is only because I have a copy of its user guide to go by.
These seem pretty fundamental:
login()
logout()
register()
update_user()
delete_user()
logged_in()
is_group()
username_check()
identity_check()
get_user() // returns a 'user object'
get_user_array()
get_user_by_identity()
get_users() // An array of 'user objects'
get_users_array()
get_active_users()
get_active_users_array()
get_groups()
get_group()
get_group_by_name()
errors()
set_error_delimiters()
encrypt() // Password encryption
less fundamental, but handy:
forgotten_password()
forgotten_password_complete()
is_admin()
email_check()
get_user_by_email() // Some systems allow shared emails. Not really a good general practice, but...
get_users_by_email()
get_newest_users() // How do you define 'newest'? Hmmm.
get_newest_users_array()
get_inactive_users()
get_inactive_users_array()
I omit these - user related, but not authorization or access related. Sometimes too closely connected to database functionality.
get_messages()
set_message_delimiter()
extra_where
extra_set
Access control:
is_allowed() // Is the user allowed on this page
allowed() // Array of allowed locations
default() // Where to send the user to if they aren't where they should or can be.
I'm trying to develop a generic library that auth and access control systems can hook to. This is a rough idea but it's because I've noticed the tight coupling of these systems to specific database calls and frameworks. Trying to build a layer of abstraction between the two.
Ideas?