In a new post to the Debuggable blog Felix Geisendorfer illustrates a simple access rights system that can be plugged into any CakePHP application you might be developing.

If your application is like most, then you have some basic permission requirements for your data. A simple scenario is the following. Blog posts can only be edited by their owners and administrators. Same goes for viewing unpublished blog posts.

His example modifies the typical "posts" controller to add in a new model (User) with a permission check (can) and a model that implements it into the PostsController to ensure that a user can view any given posting.

On the PHP::Impact blog Federico has posted a sort of reminder about a method you can use to run PHP scripts as different users on the same system - suPHP.

suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

suPHP runs as an Apache module and works with the local server's permission system to restrict script access to whatever the user's allowances are. He links to this tutorial for more information on setting it up.

Lee Blue has posted something looking to bridge yet another gap between Ruby on Rails and PHP - a method for adding before_filter functionality to PHP.

I often use this when implementing a simple login screen for a password protected section of my application. In a Zend Framework application you can implement a preDispatch() function in a Zend_Controller_Action which will run before an action is dispatched. This lets you setup your filter to check to see if the visitor is logged in or not. If the visitor is not logged in, you can redirect them to the login screen of your application.

He includes example code to show its usefulness - checking to see two things: is a user is logged in and to see if they're allowed to use a certain resource.

On the Zend Developer Zone today, there's a new tutorial posted about using the LiveUser in conjunction with the Zend Framework to make an easy authetication and persmission system for your system.

When building a web site or application there comes a moment when you will most likely need to implement access restrictions. Two parts come in to play, first there is authentication (ususally implemented as username/password combination) and then authorization (or permission) to make sure a user is allowed to do what he is trying to do.

LiveUser provides you with a framework to make it easy to implement both aspects. It has a container approach giving a lot of flexibility in writing your own schemes if the bundled ones do not meet your needs. All containers use a unified API that makes switching between containers as painless as possible. We will see one way to integrate the Zend Framework Controller with LiveUser.

They start with a few definitions of the levels of complexity you can have for authentication on your website (simple, medium, complex) and follow it with the usual "getting started" and setup portion. They create a simple configuration array and show how to authenticate against it by including the LiveUser library and making an object with it, Factory style.