How does it work? #120
Comments
|
Hello,
The library is good for function-level RBAC.
So lets say your program has 3 functions, A B and C.
Wherever you have code to do A, you simply enforce A with library. If the user has the permission, it works fine, otherwise it gives an error.
You define roles and permissions, and connect them with the library by calling it once. Then you simply assign users to roles later on.
This is mostly useful for complicated applications that need RBAC models and not a simple access control list.
…-A
On Feb 2, 2020, at 10:08 PM, vgavrilovikj ***@***.***> wrote:
I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> and install it properly.
However, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW5PLI42R3NG4EZTBADRA4K2HA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKNW6BA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZPDMRWIRZC24MYOILRA4K2HANCNFSM4KO3OT7Q>.
|
|
Dear,
Thank you for your response. Why I need this? I have developed a custom CMS (News Article CMS) with task management and teams, here at this point I have 4 roles that I need to incorporate, SuperAdmin, Admin, Author, Lector. What I am trying to do is next: the users are already created, I have 2 superadmins, 3 admins, 5 authors, and 1 lector, what I need to do is give those users specific permissions and access. For instance, I want to let the lector only to view and edit the articles but not to delete them. The author should have access to view all articled and only edit/delete articles that are within the team that he is member of, and also he can only view, manage, add tasks but not delete them.
How is this possible with PHP RBAC? Thank you in advance!
Yours Sincerely,Viktor
On Sunday, February 2, 2020, 08:13:13 PM GMT+1, AbiusX <notifications@github.com> wrote:
Hello,
The library is good for function-level RBAC.
So lets say your program has 3 functions, A B and C.
Wherever you have code to do A, you simply enforce A with library. If the user has the permission, it works fine, otherwise it gives an error.
You define roles and permissions, and connect them with the library by calling it once. Then you simply assign users to roles later on.
This is mostly useful for complicated applications that need RBAC models and not a simple access control list.
-A
On Feb 2, 2020, at 10:08 PM, vgavrilovikj ***@***.***> wrote:
I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> and install it properly.
However, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW5PLI42R3NG4EZTBADRA4K2HA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKNW6BA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZPDMRWIRZC24MYOILRA4K2HANCNFSM4KO3OT7Q>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Hello again,
Your use case does not need RBAC, although it can be done.
Note that this is a *function-level* access control library, i.e. it's to control access to functionality, not data.
When you say "his articles" or "all articles", that's pieces of data, owned by different users. This library is for actions, like "edit articles", not data like "edit article X".
… On Feb 2, 2020, at 10:22 PM, vgavrilovikj ***@***.***> wrote:
Dear,
Thank you for your response. Why I need this? I have developed a custom CMS (News Article CMS) with task management and teams, here at this point I have 4 roles that I need to incorporate, SuperAdmin, Admin, Author, Lector. What I am trying to do is next: the users are already created, I have 2 superadmins, 3 admins, 5 authors, and 1 lector, what I need to do is give those users specific permissions and access. For instance, I want to let the lector only to view and edit the articles but not to delete them. The author should have access to view all articled and only edit/delete articles that are within the team that he is member of, and also he can only view, manage, add tasks but not delete them.
How is this possible with PHP RBAC? Thank you in advance!
Yours Sincerely,Viktor
On Sunday, February 2, 2020, 08:13:13 PM GMT+1, AbiusX ***@***.***> wrote:
Hello,
The library is good for function-level RBAC.
So lets say your program has 3 functions, A B and C.
Wherever you have code to do A, you simply enforce A with library. If the user has the permission, it works fine, otherwise it gives an error.
You define roles and permissions, and connect them with the library by calling it once. Then you simply assign users to roles later on.
This is mostly useful for complicated applications that need RBAC models and not a simple access control list.
-A
> On Feb 2, 2020, at 10:08 PM, vgavrilovikj ***@***.***> wrote:
>
> I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> and install it properly.
>
> However, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW5PLI42R3NG4EZTBADRA4K2HA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKNW6BA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZPDMRWIRZC24MYOILRA4K2HANCNFSM4KO3OT7Q>.
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW6BC2I4CPGUOI4AMXTRA4MN5A5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR6UOA#issuecomment-581167672>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW32CN65PZSCSKHXTR3RA4MN5ANCNFSM4KO3OT7Q>.
|
|
If not RBAC, how can it be done? Thank you in advance!
On Sunday, February 2, 2020, 08:29:26 PM GMT+1, AbiusX <notifications@github.com> wrote:
Hello again,
Your use case does not need RBAC, although it can be done.
Note that this is a *function-level* access control library, i.e. it's to control access to functionality, not data.
When you say "his articles" or "all articles", that's pieces of data, owned by different users. This library is for actions, like "edit articles", not data like "edit article X".
On Feb 2, 2020, at 10:22 PM, vgavrilovikj ***@***.***> wrote:
Dear,
Thank you for your response. Why I need this? I have developed a custom CMS (News Article CMS) with task management and teams, here at this point I have 4 roles that I need to incorporate, SuperAdmin, Admin, Author, Lector. What I am trying to do is next: the users are already created, I have 2 superadmins, 3 admins, 5 authors, and 1 lector, what I need to do is give those users specific permissions and access. For instance, I want to let the lector only to view and edit the articles but not to delete them. The author should have access to view all articled and only edit/delete articles that are within the team that he is member of, and also he can only view, manage, add tasks but not delete them.
How is this possible with PHP RBAC? Thank you in advance!
Yours Sincerely,Viktor
On Sunday, February 2, 2020, 08:13:13 PM GMT+1, AbiusX ***@***.***> wrote:
Hello,
The library is good for function-level RBAC.
So lets say your program has 3 functions, A B and C.
Wherever you have code to do A, you simply enforce A with library. If the user has the permission, it works fine, otherwise it gives an error.
You define roles and permissions, and connect them with the library by calling it once. Then you simply assign users to roles later on.
This is mostly useful for complicated applications that need RBAC models and not a simple access control list.
-A
> On Feb 2, 2020, at 10:08 PM, vgavrilovikj ***@***.***> wrote:
>
> I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> and install it properly.
>
> However, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW5PLI42R3NG4EZTBADRA4K2HA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKNW6BA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZPDMRWIRZC24MYOILRA4K2HANCNFSM4KO3OT7Q>.
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW6BC2I4CPGUOI4AMXTRA4MN5A5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR6UOA#issuecomment-581167672>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW32CN65PZSCSKHXTR3RA4MN5ANCNFSM4KO3OT7Q>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Depends on the permissions that you want to provide, on a function-level.
Tell me a little bit more about actions in the system.
… On Feb 2, 2020, at 10:41 PM, vgavrilovikj ***@***.***> wrote:
If not RBAC, how can it be done? Thank you in advance!
On Sunday, February 2, 2020, 08:29:26 PM GMT+1, AbiusX ***@***.***> wrote:
Hello again,
Your use case does not need RBAC, although it can be done.
Note that this is a *function-level* access control library, i.e. it's to control access to functionality, not data.
When you say "his articles" or "all articles", that's pieces of data, owned by different users. This library is for actions, like "edit articles", not data like "edit article X".
> On Feb 2, 2020, at 10:22 PM, vgavrilovikj ***@***.***> wrote:
>
> Dear,
> Thank you for your response. Why I need this? I have developed a custom CMS (News Article CMS) with task management and teams, here at this point I have 4 roles that I need to incorporate, SuperAdmin, Admin, Author, Lector. What I am trying to do is next: the users are already created, I have 2 superadmins, 3 admins, 5 authors, and 1 lector, what I need to do is give those users specific permissions and access. For instance, I want to let the lector only to view and edit the articles but not to delete them. The author should have access to view all articled and only edit/delete articles that are within the team that he is member of, and also he can only view, manage, add tasks but not delete them.
> How is this possible with PHP RBAC? Thank you in advance!
> Yours Sincerely,Viktor
>
>
> On Sunday, February 2, 2020, 08:13:13 PM GMT+1, AbiusX ***@***.***> wrote:
>
> Hello,
>
> The library is good for function-level RBAC.
>
> So lets say your program has 3 functions, A B and C.
>
> Wherever you have code to do A, you simply enforce A with library. If the user has the permission, it works fine, otherwise it gives an error.
>
> You define roles and permissions, and connect them with the library by calling it once. Then you simply assign users to roles later on.
>
> This is mostly useful for complicated applications that need RBAC models and not a simple access control list.
>
> -A
>
>
> > On Feb 2, 2020, at 10:08 PM, vgavrilovikj ***@***.***> wrote:
> >
> > I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> and install it properly.
> >
> > However, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
> >
> > —
> > You are receiving this because you are subscribed to this thread.
> > Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW5PLI42R3NG4EZTBADRA4K2HA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKNW6BA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZPDMRWIRZC24MYOILRA4K2HANCNFSM4KO3OT7Q>.
> >
>
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub, or unsubscribe.
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW6BC2I4CPGUOI4AMXTRA4MN5A5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR6UOA#issuecomment-581167672>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW32CN65PZSCSKHXTR3RA4MN5ANCNFSM4KO3OT7Q>.
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW6TIFXPKUCSN42PPZLRA4OVFA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR7BTY#issuecomment-581169359>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW3SEYBOGNY6YADCHWDRA4OVFANCNFSM4KO3OT7Q>.
|
|
Okay. So about the system:
- Dashboard
- View all articles
- Create a new article
- Edit existing article
- Delete article
- Tasks
- Create tasks
- Assign tasks to individuals or to teams
- View all assigned tasks or only those assigned to you
- Manage tasks (edit, delete, change task status)
- Teams
- Create teams
- Add members to the teams
- Delete members
- File Manager
- Upload new files
- Rename files
- Delete files
- Profile
- Manage basic settings such as name, password, mail, etc.
- Users
- Admins can view and manage all users (create,delete);
On Sunday, February 2, 2020, 08:43:19 PM GMT+1, AbiusX <notifications@github.com> wrote:
Depends on the permissions that you want to provide, on a function-level.
Tell me a little bit more about actions in the system.
On Feb 2, 2020, at 10:41 PM, vgavrilovikj ***@***.***> wrote:
If not RBAC, how can it be done? Thank you in advance!
On Sunday, February 2, 2020, 08:29:26 PM GMT+1, AbiusX ***@***.***> wrote:
Hello again,
Your use case does not need RBAC, although it can be done.
Note that this is a *function-level* access control library, i.e. it's to control access to functionality, not data.
When you say "his articles" or "all articles", that's pieces of data, owned by different users. This library is for actions, like "edit articles", not data like "edit article X".
> On Feb 2, 2020, at 10:22 PM, vgavrilovikj ***@***.***> wrote:
>
> Dear,
> Thank you for your response. Why I need this? I have developed a custom CMS (News Article CMS) with task management and teams, here at this point I have 4 roles that I need to incorporate, SuperAdmin, Admin, Author, Lector. What I am trying to do is next: the users are already created, I have 2 superadmins, 3 admins, 5 authors, and 1 lector, what I need to do is give those users specific permissions and access. For instance, I want to let the lector only to view and edit the articles but not to delete them. The author should have access to view all articled and only edit/delete articles that are within the team that he is member of, and also he can only view, manage, add tasks but not delete them.
> How is this possible with PHP RBAC? Thank you in advance!
> Yours Sincerely,Viktor
>
>
> On Sunday, February 2, 2020, 08:13:13 PM GMT+1, AbiusX ***@***.***> wrote:
>
> Hello,
>
> The library is good for function-level RBAC.
>
> So lets say your program has 3 functions, A B and C.
>
> Wherever you have code to do A, you simply enforce A with library. If the user has the permission, it works fine, otherwise it gives an error.
>
> You define roles and permissions, and connect them with the library by calling it once. Then you simply assign users to roles later on.
>
> This is mostly useful for complicated applications that need RBAC models and not a simple access control list.
>
> -A
>
>
> > On Feb 2, 2020, at 10:08 PM, vgavrilovikj ***@***.***> wrote:
> >
> > I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> and install it properly.
> >
> > However, here: http://phprbac.net/docs_getting_started.php <http://phprbac.net/docs_getting_started.php> it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
> >
> > —
> > You are receiving this because you are subscribed to this thread.
> > Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW5PLI42R3NG4EZTBADRA4K2HA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IKNW6BA>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZPDMRWIRZC24MYOILRA4K2HANCNFSM4KO3OT7Q>.
> >
>
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub, or unsubscribe.
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW6BC2I4CPGUOI4AMXTRA4MN5A5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR6UOA#issuecomment-581167672>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW32CN65PZSCSKHXTR3RA4MN5ANCNFSM4KO3OT7Q>.
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW6TIFXPKUCSN42PPZLRA4OVFA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR7BTY#issuecomment-581169359>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW3SEYBOGNY6YADCHWDRA4OVFANCNFSM4KO3OT7Q>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
@abiusx is that what you meant? |
|
Yes,
You can add all of those as permissions in the system. It can also be a hierarchy (for example anyone having Dashboard permission has all those 4 permissions under it).
Then you define some roles, and assign them to these permissions.
At the end, you simply give users roles. And the system does the rest.
… On Feb 3, 2020, at 12:28 AM, vgavrilovikj ***@***.***> wrote:
@abiusx <https://github.com/abiusx> is that what you meant?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#120?email_source=notifications&email_token=AAKWGW3SCHUQEJUKCATXD7DRA43IVA5CNFSM4KO3OT72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKSBO7Y#issuecomment-581179263>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZRVYUU7GUUXI5C6HTRA43IVANCNFSM4KO3OT7Q>.
|
I've been using this library both both unfortunately and the "edit article X" is painful to implement. What would you recommend for something like this? |
|
There probably can't be a good library for it as it binds to your data model, and you need to implement it on top of your data.
… On Apr 27, 2020, at 6:35 PM, Tarun Chari ***@***.***> wrote:
This library is for actions, like "edit articles", not data like "edit article X".
I've been using this library both both unfortunately and the "edit article X" is painful to implement. What would you recommend for something like this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#120 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGWZH7EVVWRORD5F2XULROWQ4HANCNFSM4KO3OT7Q>.
|
|
Do you know of any design pattern for something like this? |
|
Cannot think of anything right now. Will update here if I find anything.
… On Apr 27, 2020, at 6:54 PM, Tarun Chari ***@***.***> wrote:
Do you know of any design pattern for something like this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#120 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKWGW567YZFLBLGDJSTT6DROWTCRANCNFSM4KO3OT7Q>.
|
|
@abiusx thank you!!! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have done exactly as mentioned in your tutorial, here: http://phprbac.net/docs_getting_started.php and install it properly.
However, here: http://phprbac.net/docs_getting_started.php it is not fully described how does PHP RBAC work, where should I use it, should I use it in my signup.php or in my index.php once the user is logged in. How do I give permissions and how does that writes them to the Database??
The text was updated successfully, but these errors were encountered: