The Horde permissions system lets you assign permissions to anything
<?php
require_once HORDE_BASE . '/lib/Perms.php';
$perms = Perms::factory($driver, $params);
// Check if we can delete something if ($perms->check('app|category|object', 'aclgroup', PERMS_DELETE)) { // go ahead and do it }
?>
- The permissions system is designed to be abstracted from what it is restricting.
- Permissions are inherited by default; if someone has a permission for a top-level object, they have that for all child objects, unless it is explicity removed somewhere down the chain.
- You should use a unique name - like the name of your application - for the top-level category of your permissions, to avoid namespace collisions.
- You can change the path seperator, or just pass in an array, if you like.
|