Kurt, thanks, you're absolutely right, I'm looking at the wrong end of things with these names. You've also given me some new terminology to research.
My 'goups' module implements a tree structure, and provides answers to authorization queries from users who are already authenticated. So maybe it should be called something like Tree::Authorize. Except that the Tree:: namespace is all about tree data structures themselves, rather than applications (or components of apps) built on trees. Cheers, d. On 21 Aug 2004 at 17:00, Kurt Starsinic wrote: > On Sat, 21 Aug 2004 21:28:30 +0100, David R. Baird > <[EMAIL PROTECTED]> wrote: > > I've spent a fair bit of time looking for a generic, groups-based > > system for managing user privileges, but there doesn't seem to be one > > on CPAN. Lots of apps on CPAN have their own, tailor-made systems, > > but they tend to run to a lot of > > > > if $user->is_allowed_to_foo > > ....do foo stuff > > if $user->is_allowed_to_bar > > ....do bar stuff > > > > type of things, very specific to their own application. > > > > Maybe I've missed it? Can anyone point me at such a beast? > > > > If not, I've built a groups-based class that I think is pretty > > generic. What I wanted was a hierarchy of groups that can model an > > organisation. Groups contain subgroups, and groups can do whatever > > their subgroups can. The hierarchy and the abilities are > > configurable. > > > > At the moment, I'm calling this Admin::Group, and it has a companion > > Admin::User. But that would mean a new top level namespace, which I > > know is generally resisted. But it does seem to describe what the > > classes do. > > > > An alternative might be the User:: namespace. Maybe User::Admin::User > > and User::Admin::Group? > > > > Any opinions or pointers to similar things? > > "User," "Group," and "Admin" mean many different things in many > different contexts. So I would suggest something more specific. > Before you get there, though, you have to be clear as to which of the > three A's you're dealing with: access, authorization, and/or > accounting? If it's authorization, then there are Auth:: and Authen:: > namespaces (Authen:: is preferred). If it's access, then I'm > surprised, because that's usually application-specific. And it seems > clear that you're not talking about accounting, but if you are, then > you are. > > Anyway, I recommend that the namespace talk about what purpose the > modules serve, not about some quite ambiguously-named objects that > they operate over. > > Also, when you're talking about groups of groups as above, the > more common term of art is accounts and subaccounts. > > - Kurt -- Dr. David R. Baird Riverside Content Management Systems [EMAIL PROTECTED] http://www.riverside-cms.co.uk
