News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Liip Blog:
How to preload ACL in order to get good performances
October 09, 2013 @ 10:40:34

On the Liip blog today Jean-Christophe Zulian shares an idea about gaining performance in your access controlled section of your application. He suggests preloading ACL information in Symfony2-based applications.

Symfony2 comes with an ACL mechanism that can help you whenever you need to add some permissions in your system. [...] Unfortunately we came across a situation where we had to do this kind of permission check on a very long list of items. [...] erformance will go bad (or very bad in our case) and as the system keep storing more and more of the same kind of data it become slower and slower. [...] Luckily for us Sf2 ACL system provides a way out of this. You can in a small amount of query load all the ACLs that are related to some given objects.

He includes a small snippet of code that takes in a set of blog posts (as an example) and calls a "findAcls" method to pre-fetch the information. That information is then available for the rest of the request. The fetch is done by packet instead of via one large query, making it a bit more performant.

0 comments voice your opinion now!
symfony2 preload acl information performance

Link: http://blog.liip.ch/archive/2013/10/09/how-to-preload-acl-in-order-to-get-good-performances.html

Rob Allen:
Integrating BjyAuthorize with ZendNavigation
November 20, 2012 @ 13:57:09

Rob Allen has posted a technique for integrating the BjyAuthorize, a helpful module for access control in your Zend Framework 2 application, with the ZendNavigation module for user permissions-based navigation updates.

If you are using BjyAuthorize for ACL configuration and want to use ZendNavigation's ZendAcl integration features, then you need to set the Acl and Role information into ZendNavigation.

He includes the code you'll need to add to both the bootstrap of your application and the configuration to set up the "rule_providers" and "resource_providers". Then you can update your navigation settings to include "resource" and "rule" options to define with options a user can see.

0 comments voice your opinion now!
zendframework2 tutorial bjyauthorize acl navigation module


Joshua Thijssen's Blog:
Symfony2 Implementing ACL rules in your Data Fixtures
July 04, 2012 @ 16:33:23

Joshua Thijssen has a new post to his blog looking at a method for setting up ACL rules in fixtures for your Symfony2-based applications.

Doctrine's DataFixtures are a great way to add test data to your application. It's fairly easy to get this going: Create a fixureLoader that extends DoctrineCommonDataFixturesAbstractFixture, had a load() method and off you go. However, sometimes you want your data also to be protected by Symfony 2′s ACL layer. Since there isn't a common way to do this, here is one way on how I implemented this.

His method uses the ContainerAware interface on the fixture loader instance to be able to get at the container for the fixture. This allows you to use the usual ACL handling methods of the framework to provide restrictions based on things like usernames and roles.

0 comments voice your opinion now!
symfony2 fixture acl rule container loader tutorial


Developer.com:
Creating a Custom ACL in PHP
May 11, 2012 @ 10:53:23

On Developer.com there's a recent tutorial showing you how to create a basic access control list in PHP (not in any specific framework). It allows you to define not only user permissions but groups and group permissions as well.

So, what are the advantages of an ACL model? The first advantage is security. Using this model will make your application more secure and less vulnerable to exploits. When securing any program, it is good to give to the user only the privileges he/she needs. That means that, for example, you should not give super administrator privileges to someone who will only manage website content. The ACL security model allows you to do just that. The second advantage is the easiness of user management. You can divide users into groups, while each group has certain access permissions. Also, you can easily add new user groups, delete the old ones or change group permissions.

They include the database structure you'll need to make the backend work (four tables) and the code to create an "Acl" class with methods to check a user+group for a permission, get the permissions for a user and get the permissions for a group. It's a pretty simple system and has a lot more that could be added to it to make it more robust, but it's a good start.

0 comments voice your opinion now!
custom acl access control permission group tutorial database


Refulz.com:
CakePHP AclComponent - ACOs, AROs and Mapping
February 29, 2012 @ 11:38:12

On the Refulz blog they've posted the next in their series about access control in CakePHP applications. In this new article they look at Access Request Objects (AROs) and Access Control Objects (ACOs) and how they can be managed via the built-in ACL functionality.

Continuing with Access Control Lists, we will read about the two Access Control Lists and their mapping. The Access Request Objects (AROs) are a list of the things that seek permissions and the Access Control Objects (ACOs) are the resources on which permissions are required. Both the lists are maintained in the tow tables, namely aros and acos respectively.

Included in the post is the SQL you'll need to create the tables for the system to use as well as some basic code to use the AclComponent with the ACOs/AROs. They also show how to use the parentNode method to create parent/child relationships between the objects.

0 comments voice your opinion now!
cakephp tutorial access control acl aro aco request aclcomponent


Project:
Warden A user database authorization package for FuelPHP
September 29, 2011 @ 12:19:41

Fuel framework users have another option when it comes to user authentication management in their applications. Ando has released Warden, a package that manages logins, password hashing and user ACLs.

Warden is a user database authorization package for the FuelPHP framework that aims to fast track development by handling the work load of uthenticating user's. Built for performance, it comes with a ready-to-use user model and database install script.

The package uses bcrypt for password hashing and also provides features for forgotten passwords, password resets and "remember me" functionality. Installation is as simple as adding it to your "always_load" package list and setting up a few configuration options. Sample code for its features is included. You can get the latest version directly from github.

0 comments voice your opinion now!
fuelphp framework user authentication acl management package


NETTUTS.com:
How to Use CakePHP's Access Control Lists
July 30, 2010 @ 15:13:20

On NETTUTS.com today there's a new detailed tutorial on how to use the access control list functionality that comes with the CakePHP framework.

If you're building a CMS, you'll probably need different user roles'"superusers, admins, users - with different permission levels. Too complicated to code? Enter CakePHP's ACL (Access Control Lists). With the right setup, you'll be checking user permissions with just one line.

They talk about what "access control lists" are but shows you an example of one including the database tables and the full scripts for the Users controller, a model to hook into the database and the view for output to the user. They include methods for denying access, checking permissions, and modifying a user's permissions.

0 comments voice your opinion now!
cakephp framework acl accesscontrollist permissions


Juozas Kaziukenas' Blog:
ACL made easy. Part 1
March 23, 2010 @ 10:38:52

Juozas Kaziukenas has posted the first part in his look at making ACL easy (access control lists). His examples are more specific to the Zend_Acl component of the Zend Framework, but the concepts can be translated across several different ACL tools out there.

Every now and then I see questions about ACL and how to use it. A lot of web developers are using it without actually knowing what it is and how it works, even though it's powering one of the most important part of applications - user access management.

He starts off with the base level of what an ACL is and how it would work in your application (illustrated by a wrong and right way to handle a simple permission in an application). He talks about roles, resources and privileges as well as how applications using the MVC design pattern make it simple to check the current resource. He also mentions an issue that could be confusing - inheritance.

0 comments voice your opinion now!
acl zendacl zendframework access control role resource privileges


NETTUTS.com:
A Better Login System
March 30, 2009 @ 07:55:54

In this recent tutorial from NETTUTS.com they show how to create a "better login system" that supports a bit of access control functionality to even further secure your site.

Net.tuts+ has published several great tutorials on user login systems. Most tutorials only deal with authenticating the user, which allows for two levels of security: logged in and not logged in. For many sites, a finer degree of control is needed to control where users can go and what they can do. Creating an access control list (ACL) system will give you the flexibility for granular permissions.

They walk you through the database creation (user information), coding the ACL and user authentication classes, how to check a user's permissions and how to create a user admin screen to allow for easy maintenance. You can find the complete source of the tutorial here.

0 comments voice your opinion now!
tutorial login logout system acl access control admin interface


Jani Hartikainen's Blog:
Zend_Acl part 1 Misconceptions and simple ACLs
February 09, 2009 @ 07:55:57

Jani Hartikainen has started off a new series that looks specifically at the Zend_Acl component of the Zend Framework starting with this new post looking at a few of the misconceptions surrounding the component.

I'm going to be writing a weekly series of posts on Zend_Acl. This first post will clear up some common misconceptions regarding Zend_Acl, introduce creating ACLs for simple applications, and give some examples on using the ACL in both non-Zend Framework and Zend Framework applications.

To show the most basic usage (and set a foundation for future articles), he creates a simple ACL system for a Zend Framework application. The system sets up a few different roles (guest, member) and some rules to show who can access what. He ties this into his preDispatch method in his My_Plugin_Acl plugin so that it runs right before the rest of the request is processed. If the user is not allowed, it kicks them other to the authentication controller for them to log in.

0 comments voice your opinion now!
zendacl tutorial example zendframework misconception acl access control



Community Events





Don't see your event here?
Let us know!


series library code podcast list developer configure wordpress install threedevsandamaybe community application laravel bugfix language release framework introduction api interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework