Khaos :: KhACL

[eluser]adamp1[/eluser]
Oh sod that, just looking at all the code. Too much work, ill just use yours. Cheers

[eluser]Neophyte[/eluser]
any bugs you find do say, im working on the next release as i get time (never enough time in the day though heh)

[eluser]adamp1[/eluser]
Found a little problem. I wanted to change the table names. But it trys to load a config file you didn't include in the download. May I suggest also being able to pass a config array on setup?

[eluser]adamp1[/eluser]
Any update on the situation posted? What is meant to be in this mystery config file?

[eluser]Neophyte[/eluser]
To override the table names you should just be able to create the config file khaos.php then create the array

Code:

$config['acl'] = array(
    'aros'           => 'khacl_aros',
    'acos'           => 'khacl_acos',
    'axos'           => 'khacl_axos',
    'access'         => 'khacl_access',
    'access_actions' => 'khacl_access_actions'
);

basically a copy of the tables array within the khacl.php file

[eluser]adamp1[/eluser]
I have another question. Why in the database does the khacl_access_actions table have an 'allow' value? I know these actions are linked to a khacl_access item so surly they both would have the same allow value?

[eluser]Neophyte[/eluser]
As the ACL assumes it should deny access unless it finds a link set to allow i could have implemented it without the allow field in both the khacl_access and khacl_access_actions tables then when a deny command was issued for either an aco or an axo simply deleted the relevent records. However i wanted to be able to explicitly deny an ARO access to an ACO or AXO without it being assumed.

An example of where this might come in handy is in a user management system so you can see a list of users (ARO) upon clicking on a user you can see a list of all the areas (ACO) the user is and is not allowed access to along with a pool of areas for which no link exists, the same goes for when you click one of those areas to bring up a list of actions.

In short it was my personal preference

[eluser]adamp1[/eluser]
What I mean is when you do $this->khacl->allow('some aro','some aco','some axo') then it creates a record in the khacl_access table and a record in the khacl_access_actions table which are linked using the id in the first table. But the values of allow are always the same (At least in all my tests) So why is the value stored what seems twice? I understand why you have put it in since it means you can allow a user access to a large part of a system but deny access for a smaller subsection (saves having to do many many allows for each separate section. And this is a great feature.)

But I don't see at any time why the allow value would be different in one table and not the other? Do you get what I'm trying to say.

[eluser]adamp1[/eluser]
Just looking at your library code it seems when you create an allow rule you set the 'allow' value in the first table to 'allow' since the real allow value is stored by the AXO table.

Code:

else // AXO set so make the ARO -> ACO access to allowed as the ALLOW/DENY will be determined by the AXO later on
                {
                    if (!$this->_CI->db->query('INSERT INTO '.$this->_Tables['access'].' (aro_id, aco_id, allow) VALUES (?, ?, \'Y\')', array($aro_id, $aco_id)))
                        return false;                    
                }

[eluser]Neophyte[/eluser]
dont forget that the AXO for allow/check/deny is always optional so if you look at the code a bit further up if no AXO was specified then the Y/N is set on the ARO -> ACO link instead of the (ARO -> ACO) -> AXO link.

So as an example if on a specific user group you have a load of actions set on a specific ACO but then want to deny a specifific user within that group access to all those actions on that ACO you can do $this->khacl->deny('username', 'area'); without specifying any of the actions.