bbsengine3 handbook: authorization-system


authorization system




the general concept is that every member record can have an arbitrary number of flags on their account. flags can grant things like 'admin access', track things like having to change your password on the next login, or set a particular profile type.


access hook functions

all actions must have an "access hook" function (inspired by drupal and Ray). by convention, flag() is not called directly from a module like sig.php however there is nothing technically wrong with doing it that way.

for example:

 function accessmember($op, $data=null, $memberid=null)
    if ($op == "edit" && (flag("ADMIN") === True || $memberid == getcurrentmemberid()))
        return True; 
    return False;

the above function allows editing of a member record if the ADMIN flag is set for the currentuser or if trying to edit your own record.

sometimes an access hook function will have a 'data' parameter that can be used to pass in additional information.

each object that might be used on a site is controlled by an access hook. this makes it easy to adjust access at a later time without having to modify a bunch of files. it also facilitates extensive logging which can be modified or turned off completely without a lot of effort.