5

Background

I'm currently working on a Phalcon application. The application itself is relatively simple, but I am using it as a tool to learn about some more advanced concepts and techniques.

I've ditched my homebrew ACL (access-control list) solution, and plumped for the ACL provided in Phalcon.

This question is more conceptual, as I would feel confident in implementing any solution.

Question

The question is this: "Where do you store the information on your ACL?"

Possible Solution

I currently have a static array, that I fill up with the various actions and the access level of them.

I feel that this is slightly limiting, and would potentially be better served, through a database storage.

I could use a bitmask, to indicate the user roles that are allowed access to the various resources, or maybe a minimum level.

The other problem I have, is that it is hierarchical (to an extent) but multiple roles could exist - with slightly different permissions.

eg. 
Admin has all roles of captain, secretary and user.
Captain has all the roles of a user and the ability to pick players.
Secretary has all the roles of a user and contact the opponent's secretary.
Captain and secretary both have the ability to email players.

Imagine it as somewhat of a Venn diagram of permissions, if you will.

Caching

The next issue, would be that the accessing of the database every time, would add a performance overhead, so I guess caching it would make sense.

The issue would then come, how to invalidate the cache (there are only two hard things in computer science...)... maybe there could be a database field that had an md5 hash of the ACL, which was checked against on page-load, to see if it needs to reload the ACL information.

Aman Garg
  • 3,122
  • 4
  • 24
  • 32
askrich
  • 598
  • 5
  • 20
  • I would bump you if I could. I'm in essentially the same boat. Storing the ACL in a file (as per the documentation) seeme a little sketchy. Can you edit this question if you've found any better ways to do this? – TheMonarch Mar 22 '14 at 18:53
  • 1
    I currently haven't found a suitable solution for this. It is a shame this post hasn't received more commenting, as I do think it is quite an interesting question. I guess the answer is to store it in a database, and then cache it? It would be good to have some clarification on the merits of this, and if not, what the alternative would be. – askrich Mar 24 '14 at 12:33
  • Yes Monarch you question is really great and very frequently asked by the phalcon user. Even I were looking for the same kind of solution that i do not find any where yet. I tried to write some custom code to make the ACL dynamic using the DB, but still struggling with it. Please guide if you have achieved the same. @TheMonarch – Aman Garg Sep 22 '16 at 11:42

1 Answers1

1

Yes @TheMmonarch you question is really great and very frequently asked by the phalcon user. Even I were looking for the same kind of solution that i do not find any where yet. I tried to write some custom code to make the ACL dynamic using the DB, but still struggling with it.

I were surfing lot of sites and blog then finally I come across with such DB structure which could be helpful to build such kind of system. 

CREATE TABLE `roles` (
  `name` VARCHAR(32) NOT NULL,
  `description` TEXT,
  PRIMARY KEY(`name`)
);
CREATE TABLE `access_list` (
  `roles_name` VARCHAR(32) NOT NULL,
  `resources_name` VARCHAR(32) NOT NULL,
  `access_name` VARCHAR(32) NOT NULL,
  `allowed` INT(3) NOT NULL,
  PRIMARY KEY(`roles_name`, `resources_name`, `access_name`)
);

CREATE TABLE `resources` (
  `name` VARCHAR(32) NOT NULL,
  `description` TEXT,
  PRIMARY KEY(`name`)
);

CREATE TABLE `resources_accesses` (
  `resources_name` VARCHAR(32) NOT NULL,
  `access_name` VARCHAR(32) NOT NULL,
  PRIMARY KEY(`resources_name`, `access_name`)
);

CREATE TABLE `roles_inherits` (
  `roles_name` VARCHAR(32) NOT NULL,
  `roles_inherit` VARCHAR(32) NOT NULL,
  PRIMARY KEY(roles_name, roles_inherit)
);

Any suggestion or change would be appreciate!!!

Aman Garg
  • 3,122
  • 4
  • 24
  • 32