I'm working on a custom framework strictly for fun and educational purposes. I've read over this question on how to implement permissions and I like the answers; either using a decorator pattern and / or checking permissions based on the URL from a dispatcher.
My question is how the white list of permissions should be generated? I don't want every method in my controllers to require permission to execute, so I could, for example, use a special naming convention such as preceding method names with an "x":
class CalendarController
{
public function index($year = null, $month = null, $day = null)
{
// display calendar (no permission needed)
}
public function xAddEvent()
{
// display form to add event (permission required)
}
public function xAddEventSubmit()
{
// submit form to add event (permission required)
}
}
I could then write a script to iterate through all of my controllers and return the x-methods, giving me my list of permissions to assign to different roles.
Another option could be to hard-code permissions as a property of each controller, for example:
class CalendarController
{
public $permissions = array('addEvent',
'addEventSubmit');
public function index($year = null, $month = null, $day = null)
{
// display calendar (no permission needed)
}
public function addEvent()
{
// display form to add event (permission required)
}
public function addEventSubmit()
{
// submit form to add event (permission required)
}
}
Are there any better alternatives or am I on the right track?