From Ka-Map Wiki

Contents 1 ka-Map! Access Control using Basic HTTP Authentication 1.1 Summary 1.2 The AuthorizedUsers array 1.3 Enabling access control in a new ka-Map! application

[edit] ka-Map! Access Control using Basic HTTP Authentication

Support for simple access control using Basic HTTP Authentication has been added in ka-Map 0.3 (currently CVS).

[edit] Summary

The file htdocs/auth.php provides a simple authentication and access control scheme to allow controlling access to layers and application features by user. It should be possible to write a drop-in replacement for this file to implement different access control mechanisms.

The current implementation uses PHP's $_SERVER['REMOTE_USER'] variable to lookup the authenticated visitor name. This implies that user/password validation is handled by Apache using Basic Authentication (.htaccess + htpasswd files).

If $_SERVER['REMOTE_USER'] is not set then access control is disabled, or in other words everything is wide open.

[edit] The AuthorizedUsers array

The kaBasicAuthentication() constructor which is called in config.php (commented out by default) takes an AuthorizedUsers array as argument that contains a list of privileges and for each privilege the list of user ids that are authorized to access this named privilege.

The privilege name can be either a map layer/group name, or an application feature.

e.g. array( 'layer1' => array('user1', 'user2', 'user3'),
            'layer2' => array('user1', 'user2'),
            'tool.identify' => array('user1') )

If no entry is set for a given privilege in the AuthorizedUsers array then this privilege is available to all (i.e. testPrivilege() will always return TRUE for this privilege).

[edit] Enabling access control in a new ka-Map! application

By defaut the access control feature is diabled when you get the CVS or release version of ka-Map!. It needs to be enabled by:

1- Setting up Basic HTTP Authentication in your Apache configuration (see the Apache documentation for this step).

2- Commenting out the following lines in config.php:

 /******************************************************************************
  * Authentication and access control:
  *
  * Uncomment the following lines to load auth.php and enable access control.
  * See docs at the top of auth.php for more details.
  */
 include_once('auth.php');
 $oAuth = new kaBasicAuthentication(&$aszMapFiles[$szMap]['authorized_users']);

3- Adding an 'autorized_users' entry to the $aszMapFiles[] arrays for each of your mapfiles.

e.g.

 $aszGMap = array (
        'title' => 'GMap 75',
        'path' => '../../gmap/htdocs/gmap75.map',
        'scales' => array( 40000000, 25000000, 12000000, 7500000, 3000000, 1000000 ),
        'format' =>'PNG',
        'authorized_users' => array('popplace' => array('user1', 'user2'),
                                    'park'     => array('user1') )
  );

In the example above, the '__base__' layer group is available to all (since there is no entry for it in the authorized_users array), the 'popplace' group is available to user1 and user2, and the 'park' group is available to user1.

(Note the popplace and park groups are not defined by default in the gmap75.map mapfile so this example may not work with the stock gmap demo unless you define those two groups in the mapfile.)