Firstly, thanks for the response metest. I found it!
Before i began I would just like to applaud the PHPBB team for such a fine job on the code. I'm impressed, because the last time i saw the code was in January! It's matured nicely in feature and ease of use. I think you guys might be the reason VB keeps postponing that new release... {mums the word}
I have had a change to completly evaluate the PHPBB permissions system DB and code and I have to say it runs tight! PSO, saw your name in the CVS, kudos!
I think after installing PHPBB and field testing it, that it handles what it needs to. The permissions model is a custom fit, using foriegn keys (aliases) to directly link to the permission keys, for user and groups (roles). with an additional permission definition key table for an additional level of indirection that allows growth in the permissions area.Btw what's the difference between local and global? Global as in GLOBALS?
The code seems to be a tight mix of call DB -> parse -> save as global or sessions key. This is where I had a thumbs up, the code is nice and tight here, well done.
To compare and contrast, I'll just outline the differences - you can inquire later on if you like.
- Has a full b-tree structure for the skeleton and permisions. So permissions can be dependent on thier ancestors.
- Example: 1. {permissions} No write access without read access.
2. {skeleton} Even if you have access to an entire module if a root denies access you cannot execute those permissions. -- Think of a house where the entry doors are locked but all the other doors inside thehouse are open. If you cant get in you cant DO anything in the house.
Triggers - get around the problem of being GENERAL. It allows a permission to call an external piece of php code which HELPS it validate access.
Permissions are set via User, and Role (like PHPBB) but also has associations. Associations allow individuals to create clans or clicks in which they can share information by sharing permissions. - Think of starting a Star Trek group where you guys have your own forum, calendar, ect.. Roles TRUMP Associations, and personal permissions TRUMP both.
Indirect permission assignment. Insted of using foriegn keys modules are assigned access to permissions via AREAS. Areas identify modules, so they know where to find all thier access data. - I have a whole naming convention that goes with this so it works logicaly
Inheritable skeleton permissions and action permissions.
Permissions are prefixed and suffixed. So I can mix and match predefined actions with custom actions. like so. EDIT_post, EDIT_calendar, READ_post, READ_profile.. ect.. The capitals are the prefix, the rest is the suffix.
Then there is the workflow which has no real place in a forum so i wont really get into that unless someone is interested.
Last, EVERYTHING is kept in class structures - except the jump files, but that's for another day.
Well that's about as general as I can get without straining anyone's eyeballs form such a long read! 8O
Well, from my opinion PHPBB has all she needs to really function. If you guys see any ideas youd like to discuss for fun or project let me know. I guess I'm just going to release all my stuff GPL with no one to marry it to. Oh well, what's a papa to do?
Cheers