Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

<ilayer src="http://ads.codecall.net/ads/adpeeps.php?bfunction=showad&uid=100000&bmode=off&bzone=global_top_leaderboard&bsize=728x90&btype=4&bpos=default&ver=2.0&brefresh=45&btarget=_blank" frameborder="0" width="728" height="90"></ilayer>

2

Need a permissions framework

Started by netgecko, Mar 16 2011 12:09 PM

Please log in to reply

1 reply to this topic

#1
netgecko

Posted 16 March 2011 - 12:09 PM

Newbie

Members
1 posts

I'm looking to create a mid-sized membership management system, and I'm hoping that I can handle access control / permissions without having to reinvent the wheel, but my requirements don't fit into the systems I've looked at so far. Or at least not that I can tell.

We have multiple groups in various cities, each with a set of members. Cities are then grouped into regions, with regions grouped into nations, and nations grouped under root. This is a strict hierarchical setup.

At each level, there are different types of admins who should have enhanced permissions for certain resources associated with each member. One admin might have permission to view the member's email and mailing address, while another admin might have permission to both view and edit.

They should only have these rights, however, for those members within their group. For example, the chief admin for L.A. should be able to edit members in L.A., but not San Diego. The chief admin for the southwest region should be able to edit both, but not members in Chicago.

So any given permissions check has to verify BOTH that the user attempting an action has the proper permission (enhanced view, edit, etc) AND that scope is appropriate (they're the admin for the right city/region/etc).

For bonus points, a single user can fit into multiple roles. For example, someone with edit rights in L.A. due to one job they do might also have enhanced view rights for the whole country due to another job they do.

Is anyone aware of an existing access control / permissions package that would support this scenario, or am I stuck writing my own?

Back to top

<ilayer src="http://ads.codecall.net/ads/adpeeps.php?bfunction=showad&uid=100000&bmode=off&bzone=thread_right_top_square&bsize=300x250&btype=4&bpos=default&ver=2.0&brefresh=55&btarget=_blank" frameborder="0" width="300" height="250"></ilayer>

<ilayer src="http://ads.codecall.net/ads/adpeeps.php?bfunction=showad&uid=100000&bmode=off&bzone=thread_right_top_square&bsize=300x250&btype=4&bpos=default&ver=2.0&brefresh=60&btarget=_blank" frameborder="0" width="300" height="250"></ilayer>

#2
James Prickett

Posted 16 March 2011 - 02:03 PM

Newbie

Members
3 posts

Have you looked at Grails using the Spring Security plugins? I have had terrific success doing role-based authorization with it. I think you can easily use LDAP for your group/role hierarchy and I'm pretty confident that the Spring Security plugins are flexible to accommodate your needs. With it you can secure entire URL's or elements on the page using <sec> tags. There is even programmatic API so you can implement anything outside of the normal use cases. For example, you can implement your own custom tags based on role memberships. I would be surprised if it could do what you need.

Back to top

Back to PHP Development

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

IPB skins by Skinbox

IPB Skins at Skinbox

Community Forum Software by IP.Board 3.3.1

Change Theme
Mark Community Read
- Forums
- Members
- Blogs
- Pages
- Store
- Mark all as read
Help