2009年7月8日星期三

[fw-auth] Authorization Action Helper/Plugin

Hey folks,

I'm working on an authorization action helper and I was hoping for some feedback.  Basically I want to create a helper that handles authorization against an ACL, and redirecting the user if they do not have the correct privileges.  I want to build it in a generic way that it can be reused by others.

I'm thinking that the plugin will depend on three "helper" objects to make this happen:
  1. The ACL object
  2. An object to convert identity to role
  3. And an object to convert a request into a resource/privilege pair
Obviously this doesn't cover everything, but it would fit a lot of scenarios.  On top of these it will have a few options, like the default role and where to redirect if unauthorized.

Here's my basic idea of how it'd be used (I'm having trouble coming up with good class names—suggestions welcome):

<?php

class My_Controller_Plugin_Auth_Rolemapper implements Galahad_Controller_Plugin_Auth_Rolemapper_Interface
{
    public function map($identity)
    {
        $user = new My_Model_User($identity);
        return $user->getRoleId();
    }
}

class My_Controller_Plugin_Auth_Resourcemapper implements Galahad_Controller_Plugin_Auth_Resourcemapper_Interface
{
    protected $_resource;
    protected $_privilege;

    public function map(Zend_Controller_Request_Abstract $request)
    {
        $this->_resource $request->getControllerName();
        $this->_privilege $request->getActionName();
        return true;
    }

    public function getResource()
    {
        return $this->_resource;
    }

    public function getPrivilege()
    {
        return $this->_privilege;
    }
}

$acl = new Zend_Acl(); /* ... */
$roleMapper = new My_Controller_Auth_Rolemapper();
$resourceMapper = new My_Controller_Auth_Resourcemapper();
$options = array(
    'defaultRole' => 'guest',
    'authRoute' => array('controller' => 'account''action' => 'login'),
    // 'authUrl' => 'http://www.mysite.com/login',
);

$authHelper = new Galahad_Controller_Plugin_Auth($acl$roleMapper$resourceMapper$options);
Zend_Controller_Action_HelperBroker::addHelper($authHelper);

?>

In my example we're using the controller as the resource and the action as the privilege, but the resource mapper could do whatever it wanted there (and the same with the role mapper).

Thoughts?
--   Chris Morrell http://www.cmorrell.com   ----------------------------------------------------------------- Philadelphia Events/Blogs/Etc:  http://www.phillynewmediahub.com Find a Home Inspector:          http://www.inspector.org -----------------------------------------------------------------
发帖者 lazayworm 时间: 12:28

没有评论:

发表评论

订阅: 博文评论 (Atom)