[ka-Map-dev] [Bug 1512] [ka-Map] Addition of layer access control

bugzilla-daemon at bugzilla.maptools.org bugzilla-daemon at bugzilla.maptools.org
Wed Jul 5 11:23:48 EDT 2006


dmorissette at mapgears.com changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

------- Additional Comments From dmorissette at mapgears.com  2006-07-05 11:23 -------
Fixed. I have committed an initial version of this to CVS. 

The following files were updated to take acces control into account:

Are there other files that would need to be updated to control access to layers?

NOTE: I had to change the approach a bit in order to allow access control in
scritps that do not need to open the mapfile. The authorized_users is now an
array set in the $aszMapFiles[] in config.php instead of being set in layer
metadata in the mapfile.

Here are the new docs from auth.php:
 * This file provides a simple authentication and access control scheme
 * to allow controlling access to layers and application features by user.
 * It should be possible to write a drop-in replacement for this file to 
 * different access control mechanisms.
 * This implementation uses the $_SERVER['REMOTE_USER'] variable to lookup 
 * the authenticated visitor name. This implies that user/password validation
 * is handled by Apache using Basic Authentication (.htaccess + htpasswd 
 * files).
 * If $_SERVER['REMOTE_USER'] is not set then access control is disabled,
 * or in other words everything is wide open.
 * AuthorizedUsers array:
 * ----------------------
 * The kaBasicAuthentication() constructor takes an AuthorizedUsers array
 * as argument that contains a list of privileges and for each privilege
 * the list of user ids that are authorized to access this named privilege.
 * The privilege name can be either a map layer/group name, or an application
 * feature.
 * e.g. array( 'layer1' => array('user1', 'user2', 'user3'),
 *             'layer2' => array('user1', 'user2'),
 *             'tool.identify' => array('user1') )
 * If no entry is set for a given privilege in the AuthorizedUsers array then
 * this privilege is available to all (i.e. testPrivilege() will always return
 * TRUE for this privilege).

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Please do NOT reply to this email, use the link above instead to 
login to bugzilla and submit your comment. Any email reply to this
address will be lost.

More information about the ka-Map-dev mailing list