Re: Access control



Yorian wrote:
Dear php-guru's,

At the moment I'm trying to create an Access control system (the
implementation, not a handy class such as zend_acl) however I'm a bit
stuck on how to do this.

I will explain the way my system should work in a minute but to give a
fairly fast impression it looks a bit like the complex example here:
http://codeutopia.net/blog/2009/02/18/zend_acl-part-3-creating-and-storing-dynamic-acls/

In my case I have users and roles (groups) to which actions can be
assigned. The actions vary depending on the resource used.

Example:
I have a guestbook, on the guestbook 4 actions can be performed: view,
add, edit, delete
I also have a poll, on the poll 6 actions can be performed: vote,
view, view_results, create, delete, edit

How do I control the access to these resources? (and how should the
database look?)

I missed one point - also fetch the authorized actions for the group(s) the user belongs to, and allow those actions to which the group is authorized. It gets a little more complicated, but if you wish to restrict authorization to a group member that he/she would otherwise have access to as a member of the group, that could be handled in the individual member, also.

Personally, in the PHP end, I would have a function which fetched all of the authorizations for the user and created an array of authorized actions. Then I would have a second function which took that array and the specific action I was interested in and checked against the authorization array, and returned true or false.

This way all of your authorizations are handled in two functions. If you later need to add a new authorization, you only have (at most) two functions to change.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.