0

I'm using Lithium with phpActiveRecord using li3_activerecord. It's been a few years since I got back into ORM's and associations and I'm a little confused with my current ACL setup.

Here are my tables and their associations, simplified for brevity:

USERS - $belongs_to role
-----
id
role_id
email


ROLES - $has_many permissions, resources through permissions, users
-----
id
title (eg: Admin, Member, Guest)


RESOURCES - $has_many roles, permissions
---------
id
controller (eg: Members, Products, Categories)
action (eg: Index, Delete, Edit)
procedure (eg: Email, Publish, PrivateMessage)


PERMISSIONS - $belongs_to role, resource
-----------
id
role_id
resource_id
allowed

I'm getting some unexpected results so I first want to make sure if the associations are correct. Basically, a user can only have one role. A resource is defined by the combination of a controller, action and any specific procedure that can be performed within the action. Permission is given to a user for a resource through the permissions table.

Do you see anything wrong with how I've written my ORM associations?

Housni
  • 963
  • 1
  • 10
  • 23

1 Answers1

2

Basically, your model is correct. It is a very simple RBAC architecture that may fit your needs. Actually, you may want to look at this plugin here: https://github.com/tmaiaroto/li3_access It provides an RBAC-Adapter out of the box and some other nice addons.

If you provide us with more details and/or code on your current problems, we may help you out better.

daschl
  • 1,124
  • 6
  • 11
  • Exactly. It's a pretty simple system. I looked at li3_access a while ago but came to the conclusion that it wouldn't work with phpActiveRecord. Not sure why I thought that, I'd have to look at it again. Do you know if it works with phpActiveRecord? If not, I'll post my existing code here soon. – Housni May 14 '12 at 11:03
  • I messed around with this today and realized that li3_access will only work with Lithium models or at least models with a similar structure to Lithium. On the other hand, you confirmed that my relationships were correct which was what I needed so I'll accept this answer :) – Housni May 16 '12 at 18:24