phpGACL
Generic Access Control List
Mike Benoit <ipso@snappymail.ca>
James Russell <james-phpgacl@ps2-pro.com>
Karsten Dambekalns <k.dambekalns@fishfarm.de>
Copyright � 2002,2003, Mike Benoit
Copyright � 2003, James Russell
Copyright � 2003, Karsten Dambekalns
Document Version: 42
Last Updated: 5/20/03 - 18:55:08
Table of Contents
Table of Contents 2
About 5
What is it? 5
Where can I get it? 5
What do I need to run it? 5
Who is responsible for it? 5
Introduction 6
Understanding Access Control 6
Who/Where 6
Who/Where 7
Defining access control with phpGACL 7
Fine-grain access control 8
Multi-level Groups 9
How does phpGACL determine permissions? 9
Adding groups 11
Adding people 11
Resolving conflicts 12
Naming Access Objects 13
Adding Sections 14
Multiple Purposes 15
Access eXtension Objects 15
Installation 18
Basic setup 18
Advanced setup 20
Using phpGACL in your application 21
Basic usage 21
Advanced usage 21
Using the ACL admin utility 22
API Reference 23
ACL 23
add_acl() 23
edit_acl() 23
del_acl() 24
Groups 24
get_group_id() 24
get_group_parent_id() 24
add_group() 24
get_group_objects() 25
add_group_object() 25
del_group_object() 25
edit_group() 26
del_group() 26
Access Objects (ARO/ACO/AXO) 26
get_object() 26
get_object_data() 27
get_object_id() 27
get_object_section_value() 27
add_object() 27
edit_object() 28
del_object() 28
Access Object Sections 29
get_object_section_section_id() 29
add_object_section 29
edit_object_section() 30
del_object_section() 30
FAQ 31
About
What is it?
phpGACL is an set of functions that allows you to apply access control to
arbitrary objects (web pages, databases, etc) by other arbitrary objects
(users, remote hosts, etc).
It offers fine-grained access control with simple management, and is very fast.
It is written in PHP (hence phpGACL), a popular scripting language that is
commonly used to dynamically create web pages. The GACL part of phpGACL stands
for Generic Access Control List.
Where can I get it?
phpGACL is hosted by sourceforge.net at http://phpGACL.sourceforge.net/
What do I need to run it?
phpGACL requires a relational database to store the access control information.
It accesses this database via an abstract wrapper called ADOdb. This is
compatible with databases such as PostgreSQL, MySQL and Oracle.
phpGACL is written in the PHP scripting language. It requires PHP 4.2 and
above.
Access Control List administration is performed by a web interface, and
therefore it is necessary to have a web server with PHP support, such as Apache
.
Who is responsible for it?
Mike Benoit <ipso@snappymail.ca> is the author and project manager.
James Russell <james-phpgacl@ps2-pro.com> and Karsten Dambekalns <
k.dambekalns@fishfarm.de> did the documentation.
Introduction
Understanding Access Control
Han is captain of the Millennium Falcon and Chewie is his second officer.
They've taken on board some passengers: Luke, Obi-wan, R2D2 and C3PO. Han needs
to define access restrictions for various rooms of the ship: The Cockpit,
Lounge, Engines and the external Guns.
Han says: "Me and Chewie should have access to everywhere, but after a
particularly messy hyperdrive repair, I forbid Chewie from going near the
Engine Room ever again. Passengers are confined to the Passenger's Lounge."
Let's assume from now on that access is Boolean. That is, the result of looking
up a person's access to a room is either ALLOW or DENY. There is no middle
ground.
If we mapped this statement into an access matrix showing who has access to
where, it would look something like this (O means ALLOW, X means DENY):
+--------------------------------------------------+
| Who/Where | Cockpit | Lounge | Guns | Engines |
|------------+----------+--------+------+----------|
| Han | O | O | O | O |
|------------+----------+--------+------+----------|
| Chewie | O | O | O | X |
|------------+----------+--------+------+----------|
| Obi-wan | X | O | X | X |
|------------+----------+--------+------+----------|
| Luke | X | O | X | X |
|------------+----------+--------+------+----------|
| R2-D2 | X | O | X | X |
|------------+----------+--------+------+----------|
| C3PO | X | O | X | X |
+--------------------------------------------------+
The columns list the rooms that Han wants to restrict access to, and the rows
list the people that might request access to those rooms. More generally, the
"rooms" are "things to control access on". We call these Access Control Objects
(ACOs). The "people" are "things requesting access". We call these Access
Request Objects (AROs). The people request access to the rooms, or in our
terminology, AROs request access to the ACOs.
There is a third type of Object, the Access eXtention Object (AXO) that we'll
discuss later. These objects share many attributes and are collectively
referred to as Access Objects.
Managing access using an access matrix like the one above has advantages and
disadvantages.
Pros:
* It's very fine-grained. It's possible to control access for an individual
person if necessary.
* It's easy to see who has access to what. The answer is stored in the
intersection of the person and the room.
Cons:
* It's difficult to manage on a large scale. 6 passengers and 4 places is
fairly simple, but what if there were thousands of passengers and hundreds
of places, and you need to restrict access to large groups of them at once,
but still retain enough fine-grained control to manage access for an
individual? That would mean a lot of fiddly and lengthy adjustment to the
matrix, and it's a difficult task to verify that the final matrix is
correct.
* It's hard to summarize or visualize. The above example is fairly simple to
summarize in a few sentences (as Han did above), but what if the matrix
looked like this?
+--------------------------------------------------+
| Who/Where | Cockpit | Lounge | Guns | Engines |
|------------+----------+--------+------+----------|
| Han | O | O | O | O |
|------------+----------+--------+------+----------|
| Chewie | O | X | O | X |
|------------+----------+--------+------+----------|
| Obi-wan | X | O | X | X |
|------------+----------+--------+------+----------|
| Luke | O | O | O | X |
|------------+----------+--------+------+----------|
| R2-D2 | X | O | X | O |
|------------+----------+--------+------+----------|
| C3PO | O | O | X | O |
+--------------------------------------------------+
This matrix is not so obvious to summarize, and it's not clear to the
reader why those access decisions might have been made in the first place.
Defining access control with phpGACL
It seems that for large or complex situations, this 'access matrix' approach is
clearly unsuitable. We need a better system that maintains the advantages
(fine-grain control and a clear idea of who has access to what) but removes the
disadvantages (difficult to summarize, and difficult to manage large groups of
people at once). One solution is phpGACL.
phpGACL doesn't describe access from the 'bottom-up' like the Access Matrix
above. Instead, it describes it 'top-down', like the textual description of
Han's access policy. This is a very flexible system that allows you to manage
access in large groups, it neatly summarizes the access policy, and it's easy
to see who has access to what.
An ARO tree defines a hierarchy of Groups and AROs (things that request
access). This is very similar to a tree view of folders and fi
没有合适的资源?快使用搜索试试~ 我知道了~
dotProject2.1.2最新中文版
共1655个文件
php:916个
png:349个
gif:83个
4星 · 超过85%的资源 需积分: 31 300 下载量 179 浏览量
2009-01-04
17:03:19
上传
评论
收藏 21.78MB RAR 举报
温馨提示
dotProject是一个基于LAMP的开源项目管理软件。开发语言为PHP,数据库默认推荐使用MySQL(基本上可以理解为只能用Mysql)。 其实很多工作都需要以项目管理的角度来进行.从团队的角度,也需要对成员按照项目管理进行控制. 用的最多的项目管理软件是MS Project,用的还是很不错的,但唯一烦恼的是,当我把做完的甘特图给同事的时候,一般都不会去安装MS project,因为这东西实在太大. 更致命的是,作完的计划通常这是一个时间点上,而无法进行团队服务器的方式,困难. 因此,开源的项目管理系统DotPorject(http://www.dotproject.net)是一个很好的选择!
资源推荐
资源详情
资源评论
收起资源包目录
dotProject2.1.2最新中文版 (1655个子文件)
Helvetica.afm 73KB
Helvetica-Bold.afm 68KB
AUTHORS 4KB
AUTHORS 223B
gantt.php.bak 18KB
jpg-config.inc.php.bak 10KB
ChangeLog 45KB
ChangeLog 22KB
CHANGELOG 20KB
CHANGELOG 5KB
ChangeLog 2KB
COPYING 18KB
CREDITS 15KB
CREDITS 1KB
CREDITS 1KB
main.css 8KB
main.css 7KB
main.css 6KB
calendar-dp.css 4KB
admin.css 4KB
main.css 2KB
styles.css 1KB
stylesheet.css 1KB
style.css 956B
.cvsignore 22B
.cvsignore 10B
.cvsignore 2B
.cvsignore 2B
flags.dat 960KB
flags_thumb100x100.dat 671KB
flags_thumb60x60.dat 367KB
flags_thumb35x35.dat 209KB
README.dotproject 236B
xmlschema.dtd 1KB
FAQ 58B
fr 272B
tiger_bkg.gif 19KB
colorchart.gif 13KB
googlemaps.gif 5KB
calendar.gif 2KB
companies.gif 2KB
mail.gif 2KB
admin.gif 1KB
adodb2.gif 1KB
dp.gif 1KB
adodb.gif 1KB
trash_small.gif 1KB
dp_icon.gif 999B
dp_icon.gif 999B
bar_top_Selectedright.gif 972B
bar_top_right.gif 972B
bar_top_Selectedleft.gif 970B
bar_top_left.gif 970B
trash.gif 954B
warning.gif 887B
dotgrey.gif 882B
unpin.gif 882B
log-error.gif 881B
log-notice.gif 878B
log-info.gif 874B
prev.gif 866B
bar_top_Selectedmiddle.gif 863B
bar_top_middle.gif 863B
expand.gif 861B
collapse.gif 857B
next.gif 857B
priority-1.gif 855B
low.gif 855B
users.gif 463B
bground.gif 363B
ticketsmith.gif 353B
graph.gif 312B
palette.gif 256B
event-attendees.gif 256B
week.gif 235B
calendar.gif 235B
updown.gif 211B
folder.gif 209B
lock.gif 209B
smartfolder.gif 209B
event.gif 209B
phone.gif 192B
view.week.gif 183B
email.gif 180B
dotyellowanim.gif 179B
dotredanim.gif 179B
folder-shared.gif 164B
help.gif 155B
error.gif 137B
posticon.gif 132B
tick.gif 130B
tick.gif 130B
alert.gif 120B
contact.gif 115B
arrow-up.gif 114B
pin.gif 110B
dotgreen.gif 110B
milestone.gif 106B
priority-2.gif 103B
priority+2.gif 102B
共 1655 条
- 1
- 2
- 3
- 4
- 5
- 6
- 17
wirror800
- 粉丝: 164
- 资源: 411
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
- 3
- 4
前往页