[geeklog-devel] Circular group references

Blaine Lang geeklog at langfamily.ca
Mon May 19 22:14:09 EDT 2003


I've written a recursive function to follow the chain of groups and build an
array. The array is then tested for the existance of the group you want to
add. You can test it on my site at http://www.langfamily.ca/chkgroups.php

The function chkGroupParents() is only 10 lines which returns an array of
parent group id's.

Code for the test program is:
http://www.langfamily.ca/filemgmt_data/files/chkgroups.txt

I've created a few 5 sample groups and their relationship is:

GroupA
 |_Group B
     |_Group C
     |_Group D
        |_Group E
        |_Group F

Example:
  Should not be able to add Group B to Group E
  Should not be able to add Group A to GroupC

I see adding this logic to the the savegroup() in admin/groups.php

Blaine

----- Original Message -----
From: "Tony Bibbs" <tony at tonybibbs.com>
To: <geeklog-devel at lists.geeklog.net>
Sent: Monday, May 19, 2003 11:13 AM
Subject: Re: [geeklog-devel] Circular group references


> Here is a unique suggestion related to all this.
>
> Group-level security changes shouldn't happen all that often.  Given that,
> when changes are made to a group we should loop through all groups and
> build their membership in a cache field.  Then you get out of the business
> of expensive recursive calls on each page request.
>
> Did that make sense?  Does it sound feasible?
>
> --Tony
>
>  On Sat, 17 May 2003,
> Vincent Furia wrote:
>
> > Dirk Haun wrote:
> >
> > >Here's an interesting case I had:
> > >
> > >Someone wasn't able to log into his site any more. Geeklog went from
> > >index.php to users.php and then seemed to sit there forever.
> > >
> > >As it turned out, he had set up a circular group reference, i.e. group
A
> > >was assigned to group B and group B to group A. So when someone who was
> > >in one of those groups tried to log in, Geeklog went into an endless
loop.
> > >
> > >The funny thing is that using Vincent's speed improvements in lib-
> > >security.php enables you to log into such a site nonetheless. So
> > >replacing lib-security.php with the version from CVS is one way to
> > >resolve these problems.
> > >
> > In case anyone is curious, the reason my speed improvement doesn't get
> > caught in this loops is because as it creates the list of membership
> > groups, it checks to see if a group has already been added to the list
> > of groups, and if so, ignores it.
> >
> > I don't think there is any reason we necessarily need to restrict
> > circular group assignments, besides geeklog-1.3.7's logon problems
> > (which will be fixed in the next release by my lib-security speed
> > improvements) it really doesn't hurt anything.
> >
> > -Vinny
> >
> > >
> > >However, Geeklog shouldn't let you set up such dependencies in the
first
> > >place. Avoiding that, though, seems to be an interesting challenge ...
> > >Any takers?
> > >
> > >bye, Dirk
> > >
> > >
> > >
> > >
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://lists.geeklog.net/listinfo/geeklog-devel
> >
>
> --
> Tony Bibbs          "I guess you have to remember that those who don't
> tony at tonybibbs.com  hunt or fish often see those of us who do as
>                     harmlessly strange and sort of amusing. When you
>                     think about it, that might be a fair assessment."
>                     --Unknown
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel




More information about the geeklog-devel mailing list