Resources, Authentication, and Permissions

• Home
• ->Hierophant PHP Framework
• ->Resources, Authentication, and Permissions

In the following sections I describe the principles implemented in Hierophant's extensible system of authentication and permissions.

Resources

Hierophant defines a Resource as any item that can be owned, assigned, or subscribed to. Resources are defined in the database table hFrameworkResources. Resources are other database tables that contain data that meets the requirements of being own-able, assignable, or subscribe-able. Some examples are files, directories, calendars, products, and so on.

Files

Files are an example of an own-able resource. Hierophant delegates file ownership much in the same way that Unix does, in that a file is a possession of some user or group. As you will have already learned, Hierophant retrieves files from a variety of sources, and a user's access to a file depends on a variety of factors. Files from some sources are always universally, world-accessible by anyone. Some files require Hierophant-delegated permissions to access (that may or may not require the user to log in). A primary example of files that require Hierophant-delegated permissions to access are the files created by Hierophant and stored in its own database file system, these are the files that you create using the Editor, or uploaded through Finder. Files stored in Hierophant's file system are stored in the table hFiles. hFiles contains some basic information about database-stored files, such as the file name, and the file's owner, which is stored as a Hierophant hUserID. These two items, the name of the file, and the user that owns the file, are used to define files collectively as an own-able resource. This comes together with two other requirements, a table where each row contains a unique item, and a primary unique numeric key (usually automatically created by an auto-incrementing column). So a resource is a collection of unique items, like files, that can be named by a field designated as the name, that have a unique ID, and for the resource to be an own-able resource, a column for a Hierophant hUserID.

The hFrameworkResources Table

This table exists to register each resource, so that plugins can automatically determine who owns a resource, who has access to a resource, what a resource's name is, and what field the resource uses as the primary key. Once a resource is inserted in this table, it receives a unique numeric ID. That numeric ID is then used in other tables to define things like permissions, in the hUserPermissions table, or subscriptions in the hSubscriptions table, or territories in the hTerritoryLocations and hTerritoryResources tables. A resource is referenced in these other tables via the resource ID, and the ID of the row of the resource item. For example, if you wanted to reference a file, you'd use the resource ID for the table hFiles, and the hFileID of the row of the specific file. These two numeric ids let you assign permissions to a file in the hUserPermissions database table, and in turn, lets the hUserPermissions table contain permissions for a variety of items, not just files.

Permissions can be delegated to own-able resources, like files, similarly to the way Active Directory or Open Directory assigns permissions. You can control whether the owner of the resource has read or write access to the resource, whether individual users have read or write access to the resource, or whether groups have read or write access to a resource.

Hierophant's permissions architecture is extensible, you can easily add new own-able, assignable, or subscribe-able resources, and this is as easy as following the resource template requirements. Additionally, you have fine-grained control over who has access to a resource.

Default Resources

The following lists all of the resources currently registered in the hFrameworkResources table.