• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Permission-based security

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Wouldn't it be better if JForum's access control was permission-based instead of restriction-based?

For example, in the Admin control panel / Group permission control, I think it would be far better if you could specify which groups are ALLOWED to see which categories, instead of DENIED. Otherwise, if you crate a new secret category, you have to explicitly deny access for all non-authorized groups/users. And if a new user is created...

If I understand the current wisdom correctly, permission-based security is The Right Thing (tm).

Perhaps JForums design is inherited from phpBB? If so, JForum has the opportunity to become much better if the access control model is changed to permission-based.

Cheers!
Per

[originally posted on jforum.net by per]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The permission schema is not based on phpbb at all. I even don't understand that piece of crap that is the security model of phpbb.

When I started coding the permission stuff, "restriction based" was the best in my opinion, but I have my doubts about this nowadays. However, the current code is working as expected, and was very very very hard to make it work right. Is fucking hard to test all roles, combinations and merges. Changing the code would require a lot of effort and time. I don't have plans to change it so soon..

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rafael Steil wrote: When I started coding the permission stuff, "restriction based" was the best in my opinion, but I have my doubts about this nowadays.


Yep, I think that you're right there!

However, the current code is working as expected, and was very very very hard to make it work right. Is fucking hard to test all roles, combinations and merges.


Precisely. I think that's because of the model, and presume that a permission-based model is much easer to implement and get right.

Changing the code would require a lot of effort and time. I don't have plans to change it so soon..


I quite understand! It's a major redesign.

Regards!
Per

[originally posted on jforum.net by per]
 
Oh, sure, you could do that. Or you could eat some pie. While reading this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic