Authorization Action Helper/Plugin

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Authorization Action Helper/Plugin

Chris Morrell
Hey folks,

I'm working on an authorization action helper and I was hoping for some feedback.  Basically I want to create a helper that handles authorization against an ACL, and redirecting the user if they do not have the correct privileges.  I want to build it in a generic way that it can be reused by others.

I'm thinking that the plugin will depend on three "helper" objects to make this happen:
  1. The ACL object
  2. An object to convert identity to role
  3. And an object to convert a request into a resource/privilege pair
Obviously this doesn't cover everything, but it would fit a lot of scenarios.  On top of these it will have a few options, like the default role and where to redirect if unauthorized.

Here's my basic idea of how it'd be used (I'm having trouble coming up with good class names—suggestions welcome):

<?php

class My_Controller_Plugin_Auth_Rolemapper implements Galahad_Controller_Plugin_Auth_Rolemapper_Interface
{
    public function 
map($identity)
    {
        
$user = new My_Model_User($identity);
        return 
$user->getRoleId();
    }
}

class 
My_Controller_Plugin_Auth_Resourcemapper implements Galahad_Controller_Plugin_Auth_Resourcemapper_Interface
{
    protected 
$_resource;
    protected 
$_privilege;

    public function 
map(Zend_Controller_Request_Abstract $request)
    {
        
$this->_resource $request->getControllerName();
        
$this->_privilege $request->getActionName();
        return 
true;
    }

    public function 
getResource()
    {
        return 
$this->_resource;
    }

    public function 
getPrivilege()
    {
        return 
$this->_privilege;
    }
}

$acl = new Zend_Acl(); /* ... */
$roleMapper = new My_Controller_Auth_Rolemapper();
$resourceMapper = new My_Controller_Auth_Resourcemapper();
$options = array(
    
'defaultRole' => 'guest',
    
'authRoute' => array('controller' => 'account''action' => 'login'),
    
// 'authUrl' => 'http://www.mysite.com/login',
);

$authHelper = new Galahad_Controller_Plugin_Auth($acl$roleMapper$resourceMapper$options);
Zend_Controller_Action_HelperBroker::addHelper($authHelper);

?>


In my example we're using the controller as the resource and the action as the privilege, but the resource mapper could do whatever it wanted there (and the same with the role mapper).

Thoughts?
-- 

Chris Morrell
http://www.cmorrell.com


-----------------------------------------------------------------
Philadelphia Events/Blogs/Etc:  http://www.phillynewmediahub.com
Find a Home Inspector:          http://www.inspector.org
-----------------------------------------------------------------