Introduces Permissions to the core. #78
Conversation
| namespace LotGD\Core\Models; | ||
|
|
||
| /** | ||
| * Implement this interface if an entity has associates permissions. |
There was a problem hiding this comment.
nit: "has associated permissions"
|
Good observation about supporting inherited permissions. |
| const Denied = -1; | ||
|
|
||
| const Superuser = "lotgd/core/superuser"; | ||
| const AddScenes = "lotgd/core/scene/add"; |
There was a problem hiding this comment.
I think these scene/character-based permissions should be added as part of the scene or character class.
| @@ -47,6 +47,7 @@ | |||
| $libraryConfigurationManager = new LibraryConfigurationManager($composerManager, getcwd()); | |||
| $directories = $libraryConfigurationManager->getEntityDirectories(); | |||
| $directories[] = implode(DIRECTORY_SEPARATOR, [__DIR__, '..', 'src', 'Models']); | |||
| $directories[] = implode(DIRECTORY_SEPARATOR, [__DIR__, 'Ressources', 'TestModels']); | |||
| } | ||
| } | ||
|
|
||
| public function hasPermission(string $permissionId): bool |
There was a problem hiding this comment.
hasPermissionSet is clearer that it's a presence flag. hasPermission sounds like "Do I have permission?" which sounds like "Is allowed?".
|
I'm concerned there is some unnecessary complexity here that will cause problems for the noob coders we expect to be writing permission checks.
Open to your thoughts here. |
|
Yes, that's what I intended. Now that you mention it, there is not really much anything besides User and Groups that might use this. I didn't even think about modules. Maybe bots, but they could easily just be a User instead. I will refactor the Permissionable trait to an abstract Actor model class instead. Also, I will provide a PermissionGroup Interface that the PermissionManager can understand and work with it, as well as add events at least to "isAllowed" and "isDenied". Alternatively, instead of events I could introduce a GroupableInterface that a User entity might or might not implement whose only function returns a PermissionGroup. Or additionally to the events. Thoughts? |
|
Still planning on working on this? As far as your question is concerned, I would still with something simple, just the events, for now. We're losing steam at this point :) so I say we push toward some kind of MVP. |
|
Yes, I'm still planning, just didn't find time to sit down and get it right. |
Vassyli
force-pushed
the
feature/permissions
branch
from
6ef2252 to
6f2f88d
Compare
| abstract class Actor | ||
| { | ||
| /** @var array Associations between permission-id and PermissionAssociation entity. */ | ||
| private $_permissions = []; |
There was a problem hiding this comment.
nit: is prefixing private vars with _ in a style guide somewhere? Is that common in PHP?
There was a problem hiding this comment.
No it's not. I need to get rid of it, that's something that carried over from python - thanks for pointing it out.
| use LotGD\Core\Models\Permission; | ||
|
|
||
| /** | ||
| * The PermissionManager manages (checks and manipulates) of actors. |
There was a problem hiding this comment.
nit: "manipulates) permissions of actors"
| * The PermissionManager class provides methods to work with permissions and is | ||
| * the only way to check and manipulate permissions. It can be used to create or | ||
| * delete permissions, to remove, allow or deny permissions to actors and to | ||
| * check whether an actor has a certain permission or if it is explicitely |
There was a problem hiding this comment.
nit: explicitly
nit: denied to him
| use Doctrine\ORM\Mapping\Table; | ||
|
|
||
| use Lotgd\Core\Models\Actor; | ||
| #use LotGD\Core\Models\PermissionableInterface; |
There was a problem hiding this comment.
Remove the commented out code?
The implicit API requirements via class properties has been changed to relay now on abstract methods that the extending class must implement.
Vassyli
force-pushed
the
feature/permissions
branch
from
6f2f88d to
e82e72a
Compare
Adds a permission model, a manager, as well as traits and interfaces required for models who want to implement permissions.
Every actor has many permission associations, every permission association references a permission as well as a state. This results in ternary permission system:
This is later important if a crate wants to implement a multi-layered permission system with groups and inheritance.