php tackle documentation

Download PHP Tackle Documentation

Post on 07-Apr-2015

249 views

Category:

Documents

1 download

Embed Size (px)

DESCRIPTION

Tackle Manual: PHP ACL plugin

TRANSCRIPT

tackle Documentationtackle - Tiny ACL Authentication Library for PHP Copyright (C) 2002 ars Cognita, Inc. $Author: richtl $ $Revision: 1.7 $ Updates and information for this project can always be found at http://tackle.sourceforge.net.

Contentsy Introduction o License o Requirements o Installation o Using Tackle (an example) o Tackle Objects: Members, Groups, Resources, and Actions Authorization Shortcuts o tackle_authorizedMember o tackle_authorizedGroup General Methods o tackle o close o changeIdent o changeDescr o enable o disable Member Methods o createMember o removeMember o memberships o authorizedMember Group Methods o createGroup o removeGroup o removeGroupMembers o addToGroup o removeFromGroup o linkGroupToParent o unlinkGroupFromParent o parentGroup o authorizedGroup Resource Methods o createResource o removeResource o linkResourceToParent o unlinkResourceFromParent o removeResourceActions Action Methods

y

y

y

y

y

y

y

o createAction o removeAction Permission Methods o addPermission o changePermission o removePermission o authorizedRequestor

IntroductionTackle is a small drop-in ACL permissions class for PHP. It is designed to be small, flexible, simple to deploy and use, and database independent (using the ADOdb Database Library). The system itself is based upon the concept of requestors (users or groups) being granted or denied access to actions on resources. Currently you--the programmer--define the members, groups, actions, resources, and permissions using the tackle API. This is an easy process, but obviously lacking. An upcoming revision will include a simple template-based interface for managing requestors, resources, and permissions. Tackle is a small ACL authentication module for PHP applications. It is designed to have a low profile and be easy to implement and use.The system itself is based upon the concept of requestors (users or groups) being granted or denied access to actions on resources. Currently you--the programmer--define the members, groups, actions, resources, and permissions using the tackle API. This is an easy process, but obviously lacking. An upcoming revision will include a simple template-based interface for managing requestors, resources, and permissions.

Features:y y y y y y

Installs easily. Only requires a few database tables and an include file. Works with any database supported by the ADOdb Database Library. Create and manage objects and permissions with a simple API. Embeds quickly into existing or new PHP applications. Independently manage members and groups. Groups can be hierarchical and support inheritance. Independently manage resources and actions on those resources. Resources can be hierarchical and support inheritance.

What's New This Version0.7.8 Improved configuration, installation, and added a patch to replace the (oddly missing) recursive permissions code that was originally added in 0.7.7.y

y

Configuration now uses a file called tackle.ini; config.inc has been deprecated. Although config.inc will be used if it's there, you should configure the tackle.ini file and delete your config.inc. Added install and uninstall scripts using adodb-xmlschema. o To install tackle in an existing database, edit the tackle.ini file for your connection information and then browse to the tackle/setup/install_tackle.php.

y y

To remove tackle from an existing database, browse to tackle/setup/uninstall_tackle.php. The authorizedRequestorByObjid method now works recursively. (I.e., children now inherit authorization from their parents.) There's now an example file. Look at example.php for help using Tackle.o

0.7.7 General fixes and improvements. The API is more solid.y y y y

Added parentGroup method to return the objid of a group's parent group. Added authorizedRequestorByObjid method. authorizedRequestor method is now just a wrapper. Added (recursive) authorizedGroupByObjid method. authorizedGroup is now just a wrapper. AuthorizedMember now checks all memberships (recursively, of course.)

0.7.6 Initial release to the public. Permissions aren't really sophisticated enough yet: currently, a member is authorized if they or their group or a parent group is authorized. Needs more of an ACL-like behavior. I.e., Child group overrides parent group permissions, member overrides group permissions, etc.

Next steps:y y y y y

Improve permissions layering. Implement basic plugin interface for extensions. Provide HTML interfaces for managing requestors, resources, and permissions. Add basic login/validation functionality. Add plugin-based login/validation functionality in order to integrate to existing LDAP, NT Domain, PAM, etc.

LicenseThis library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Requirementsy

PHP 4.x or above

y

ADOdb Database Library 2.x or above

Tackle is officially tested on a stock Linux Mandrake 9.0 server using PostgreSQL.

InstallationOverview: Uncompress the package in a directory that is in your PHP include path. Optionally, you can add the location of the tackle.inc file to the "include_path" entry in your php.ini. Even more optionally, you can simply provide a full path to the tackle.inc file when you include it in your own application. Edit the tackle config.inc file for your environment. First, make sure ADODB_PATH points to the directory that contains the adodb.inc.php file provided by ADOdb (see ADOdb Database Library). Next, populate the database connection information. The DB_PLATFORM value should be a driver name from the ADOdb database drivers list. ("mysql" or "postgres7" are good bets.) If your application uses its own database, run the appropriate create script to create the tackle database structure. If your application doesn't require its own database, create a database for tackle and run the appropriate database create script.For mysql:

1. mysqladmin create tackle 2. mysql tackle