[dokuwiki] Re: Tweaking authentication
- From: Chris Smith <chris@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Sun, 22 Jan 2006 06:26:15 +0000
Andreas Gohr wrote:
Hi!
I'd like to get a new release out in the next two weeks. A list of
things I think that are to do before is at wiki:todo
If I get you the acl install script in the next week can that go in?
Right now it needs tying in with dokuwiki's own sanity checks + some
beautification. The setup of config and acl files is complete and working.
The MySQL backend's modifyUser() function really needs to be fixed.
Deleting and recreating a user is a really bad idea when
authentificating against a database with referential integrity (like
in InnoDB with MySQL 4.1). Matthias could you do this?
Can I suggest a couple more additions / changes to the mysql backend
too. I know I mentioned these to Matthias a while back and mentioned
I'd look at doing them, sorry Matthias :-)
add LIMIT start, limit to the retrieve statement to restrict the number
of users returned. Without adding LIMIT its not feasible to attach the
mysql auth class to a large user database. Conceivable these could be
appended to the retrieve SQL statement, but I would think its better for
them to be shown in the SQL and replaced by susbstitution.
add SQL_CALC_FOUND_ROWS also. getUserCount should then be able to make
use of the information without necessitating a second retrieval
statement. This is more problematic as currently there is no
requirement to retrieve before counting, but at least the count function
can execute its SQL with a LIMIT 0,1.
The support for the old backend mechanism should be removed completely.
The OO aproach is much nicer - there is no need to bloat the code with
legacy stuff.
Each auth class should have it's own can_do function. This way it would
the check if a function is available could be more intelligent. Eg. When
I don't set up all config strings for creating or modifying a user with
the SQL backend then there shouldn't be displayed any buttons for it on
the interface. But the auth mechanism currently can not check this.
Chris could you have a look at these two tasks?
Ok, how far do you want to go with removal of old style backend?
- remove old style auth files and references in auth.php?
- above + remove sanity checking (if method_exists functionality)?
- above, plus replace all current references in main code base to auth
functions, with auth obj and methods?
[ You're going to ask for the last one, I bet ;-) ]
The canDo should be straight forward, e.g. adding the following to the
the base class.
function canDo($fn) { return (method_exists($this, $fn); }
Then auth backends, like mysql, which rely on external configuration,
can override that method with their own checks. And I guess plain
backend should check user file is writable.
Cheers,
Chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts: