Skip Menu |

This queue is for tickets about the Apache2-AuthCookieDBI CPAN distribution.

Report information
The Basics
Id: 79221
Status: open
Priority: 0/
Queue: Apache2-AuthCookieDBI
People
Owner: Nobody in particular
Requestors: ccolumbu [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: 2.16
Fixed in: (no value)

History Show all quoted text
  Sat Aug 25 19:47:09 2012 ccolumbu [...] gmail.com - Ticket created
Subject: Multiple groups in group field in the DB
Would it be possible to allow multiple groups in the user's entry in the database? I think/hope it is as simple as adding an if to the existing code. if ($sth->fetchrow_array[0] =~ m/\b$group\b/) { Original code (around line 943): # Now loop through all the groups to see if we're a member of any: my $sth = $dbh->prepare_cached( <<"EOS" ); SELECT $c{'DBI_GroupUserField'} FROM $c{'DBI_GroupsTable'} WHERE $c{'DBI_GroupField'} = ? AND $c{'DBI_GroupUserField'} = ? EOS foreach my $group (@groups) { $sth->execute( $group, $user ); if ( $sth->fetchrow_array ) { $sth->finish(); # add the group to an ENV var that CGI programs can access: $r->subprocess_env( 'AUTH_COOKIE_DBI_GROUP' => $group ); return Apache2::Const::OK; } } $sth->finish(); ######################### New code (untested): # Now loop through all the groups to see if we're a member of any: my $sth = $dbh->prepare_cached( <<"EOS" ); SELECT $c{'DBI_GroupUserField'} FROM $c{'DBI_GroupsTable'} WHERE $c{'DBI_GroupField'} = ? AND $c{'DBI_GroupUserField'} = ? EOS foreach my $group (@groups) { $sth->execute( $group, $user ); if ( $sth->fetchrow_array ) { $sth->finish(); ###### New if statement ###### if ($sth->fetchrow_array[0] =~ m/\b$group\b/) { # add the group to an ENV var that CGI programs can access: $r->subprocess_env( 'AUTH_COOKIE_DBI_GROUP' => $group ); return Apache2::Const::OK; } } } $sth->finish();
  Sun Sep 09 12:01:24 2012 matisse [...] spamcop.net - Correspondence added
Can you get what you need by simply using multiple groups in the Apache configuration "require" directive? For example, if you want to allow members of groupA, groupB, or groupC: require group groupA groupB groupC
  Sun Sep 09 12:01:25 2012 The RT System itself - Status changed from 'new' to 'open'
  Sun Sep 09 17:25:04 2012 ccolumbu [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #79221] Multiple groups in group field in the DB
Date: Sun, 09 Sep 2012 14:24:53 -0700
To: bug-Apache2-AuthCookieDBI [...] rt.cpan.org
From: Chad <ccolumbu [...] gmail.com>
No, what I am trying to do is have multiple secured areas. If you are a member of A you get access to A. If you are a member of B you get access to B. Some members will need access to both A and B. If it was only 3 groups I would just create a "combined group" C and add C to both A and B's apache group list, then put members that need access to both in group C. The problem is there may be as many as 5-10 groups. So the number of combinations is very large, and it is not practical to try and manage it by creating additional "combined groups". We are talking about restructuring this configuration, so it is not an immediate need, but I don't think it is that complex to implement. Have I missed something obvious? Are there security or performance concerns? ^C On 9/9/2012 9:01 AM, Matisse Enzer via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=79221 > > > Can you get what you need by simply using multiple groups in the Apache configuration > "require" directive? > > For example, if you want to allow members of groupA, groupB, or groupC: > > require group groupA groupB groupC >