Namespaces, architecture and style improvements

[Kern046]

This step of the refactoring work is ended. You have now autoload based on namespaces with Composer, a better architecture for the code, and some improvements in terms of performance :

Using the SensioLabs tool Blackfire, we have the following report between the original, based on the execution of the same basic script :

https://blackfire.io/profiles/compare/0b5e7bcd-081a-4da4-b0d3-fddbe6d98c9f/graph

As you can see on Scrutinizer, there's a lot of work to do, but we are going to the right direction !

https://scrutinizer-ci.com/g/Kern046/rbac/

The way to provide a database connection to the library has been changed, and also the way to access the managers.

The library now provides the managers using Singleton on the main RBAC class, which have getters to get role, user and permissions managers.

[abiusx]

This is a big merge that requires review. Will review and merge asap.

[Kern046]

Yep, next time I will make shorter MR, it will be easier to merge :) !

[runphp]

@Kern046 Good job!

[Kern046]

@runphp Ty :) ! Sadly it was never merged X)

[mayconfsbrito]

It's a good job. I'm waiting for it.

[Kern046]

@mayconfsbrito I'm afraid this branch won't be merged after all this time. Sadly because that was a lot of work.

[abiusx]

I would merge it but I don't have access. Jesse should do it, and I have no idea where he is!

[abiusx]

Is it possible to copy the repository and then merge this on the copy somewhere else?

[Kern046]

Yes, but you will lose the SEO associated to this repository, and all the stars, watching users etc...

[abiusx]

I agree. But then OWASP is not taking responsibility of anything, and similar things happened to a lot of projects.

[mayconfsbrito]

So if OWASP can't take the responsibility by this project, naturally it will be deprecated along the time because will not receive updates. We can create another repository with the merged branch and a new version.

I'm using and enjoing it, but notably this project needs to be modernized with new good software pratices.

[abiusx]

I am the author of the project. I have done most of the code about 10 years back, and Jesse Burns has modernized the API.
OWASP is just the host, but due to their crazy policies I have abandoned my services there.

On Mar 4, 2016, at 6:32 AM, Maycon Brito notifications@github.com wrote:

So if OWASP can't take the responsibility by this project, naturally it will be deprecated along the time because will not receive updates. We can create another repository with the merged branch and a new version.

I'm using and enjoing it, but notably this project needs to be modernized with new good software pratices.

—
Reply to this email directly or view it on GitHub #65 (comment).

[mayconfsbrito]

@abiusx Congratulations! It's a good project and works fine.

[abiusx]

Thank you!
I would love to receive your feedback on using this.
Many people are using this but we have no idea in what scope or context or scale.
Would appreciate your usecase scenarios so that we can improve the project.

On Mar 4, 2016, at 12:15 PM, Maycon Brito notifications@github.com wrote:

@abiusx https://github.com/abiusx Congratulations! It's a good project and works fine.

—
Reply to this email directly or view it on GitHub #65 (comment).

[Kern046]

@abiusx I have just a question for all this : How could you merge this MR one year ago if you just don't have the rights to ? #68

[abiusx]

Cuz I had it back then?

[tchalvak]

Is there a different primary fork for this project that you would recommend now?

[abiusx]

Unfortunately both people whom worked on this project (I am one of them) are no longer working on it. I am familiar with the code, and would be happy to assist you in adding any features you like.

On Oct 13, 2016, at 5:49 PM, Roy R. notifications@github.com wrote:

Is there a different primary fork for this project that you would recommend now?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub #65 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjWyjvvm-CxrQZfiau4ph6T_p1DnZ5ks5qzqdZgaJpZM4D1-Zr.

[tchalvak]

@abiusx That's fine, I always expect people to have lives. I would just love to know which repo to use as the "canonical" one while including it in a production project. Whichever repo is likely to have more support, or be more up to date already, that's the one that I'd like to base my code on using.

[Kern046]

Hello there !

I didn't want my fork to replace the main repository, respecting the previous work. But it's true that in it's state, the whole project is blocked.

On the other hand, I thought that the RBAC concept did lack of the context notion. That's why, I based my work on a NIST specification to implement a new Authorization library, called PHP-ABAC.

With that one, you can allow access with rules depending on the user attributes, but also the resource's attributes and the environment. You can implement the RBAC concept inside ABAC, with roles as user attribute.

Do no hesitate to look if this library suits your needs, and give feedbacks in any case if you would :) !

https://github.com/Kilix/php-abac

[abiusx]

Thank you for letting us know Kern.
I think the OWASP repo will get more traction and support compared to a fork on my personal Github account. I have several active open source projects, and this one is not my high priority.
However, let me know if there's anything I can do to help.

On Oct 14, 2016, at 3:54 AM, Kern notifications@github.com wrote:

Hello there !

I didn't want my fork to replace the main repository, respecting the previous work. But it's true that in it's state, the whole project is blocked.

On the other hand, I thought that the RBAC concept did lack of the context notion. That's why, I based my work on a NIST specification to implement a new Authorization library, called PHP-ABAC.

With that one, you can allow access with rules depending on the user attributes, but also the resource's attributes and the environment. You can implement the RBAC concept inside ABAC, with roles as user attribute.

Do no hesitate to look if this library suits your needs, and give feedbacks in any case if you would :) !

https://github.com/Kilix/php-abac https://github.com/Kilix/php-abac
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub #65 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW36CwyyIvYxyWHWdSmrKhGEg0FKGks5qzzU-gaJpZM4D1-Zr.

[tchalvak]

Who could we contact to get pull requests mergable on this project? By which I mean getting a few more people capable of merging in PRs, including you, maybe @Kern046 if he's interested. I am a php dev and would be interested in helping manage PRs on this project as well (and already have some changes to PR). So who is most likely to be able to open up access and move reviews & merging forward?

[tchalvak]

Cross-reference: #79

[abiusx]

I can try but am not sure if I have access. I can fork it on my Github and merge PR's there, and ask OWASP to link it to my repo (since I am the author?).
Whatever helps you best, I no longer work with OWASP.
-A

On Nov 10, 2016, at 11:22 AM, Roy R. notifications@github.com wrote:

Cross-reference: #79 #79
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub #65 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW1KQWH-zkK4gPpf4PjVpbgrGsKf5ks5q80SogaJpZM4D1-Zr.