[geeklog-devel] GSoC 2010 is on
joe at ThrowingDice.com
Wed Feb 17 03:27:08 EST 2010
At 12:39 AM 2/17/2010, Vincent Furia wrote:
>Adding user groups to the core is going to make many of the SEC_
>functions much more complicated, slowing them down for many sites
>that won't use the functionality. Also, more complicated code ==
>more potential for bugs.
The following functions in lib-security are unchanged by my proposal
SEC_groupIsRemoteUserAndHaveAccess, SEC_inGroup, SEC_isModerator,
SEC_hasTopicAccess, SEC_hasAccess, SEC_hasAccess2, SEC_hasRights,
SEC_getPermissionValues, SEC_getPermissionValue, SEC_getFeatureGroup,
SEC_authenticate, SEC_checkUserStatus, SEC_remoteAuthentication,
SEC_buildAccessSql, SEC_removeFeatureFromDB, SEC_encryptPassword,
SEC_createToken, SEC_checkToken, SEC_getTokenExpiryTime,
SEC_getTokenExpiryNotice, SEC_setCookie, SEC_filterPermissions
SEC_addUserToGroup < - - Totally unused by anything I'm aware of
The following functions are changed:
SEC_getUserGroups (to allow filtering out of groups based on their
being user groups or not, default parameter would be no filter)
SEC_getGroupDropdown (to call above with filter = 'grp_gl_core <> 2')
Every call to those two functions in public_html/admin/*.php also
probably needs to be modified. The number of calls to the two
functions in the 1.6.1 tarball is about 40 of which only 10 need the
filter based on my quick search through the code. This is the bulk of
the patch that requires someone to spend a little time determining
whether the filter should be included on the call.
Adding a SEC_createSystemGroup function would be helpful so that
stuff like admin/plugins.php's autoinstall function,
admin/lib-install, admin/lib-upgrade (and user plugins) could safely
create new administrative groups. (The function would also have a
bool param to indicate whether or not to add ROOT to the group automatically.)
Direct SQL calls targeting gl_groups and gl_group_assignments in
public_html/admin/groups.php would need to have the user groups filtered out.
The static SQL statements in geeklog/sql could be updated to
explicitly set the new field on gl_groups to 0. But since the field
would default to 0 that isn't strictly necessary.
That is essentially the full extent of changes I was proposing for
the patch. Very little new code is needed. None of the added code
complicates the core significantly.
Throwing Dice Games
No virus found in this outgoing message
Checked by PC Tools AntiVirus (126.96.36.199 - 10.004.153).
More information about the geeklog-devel