Welcome Guest, Not a member yet? Register   Sign In
using services to create an ACL system
#1

(This post was last modified: 01-14-2025, 11:38 AM by evansharp.)

Hello!
I am writing an app in which users can create a report object stored in a database. The access (view and edit) to these reports by the author and certain other users is dynamic and needs to be evaluated every time a report is accessed. Shield Auth groups are not dynamic enough to manage report-level ACLs.

The correct way to handle this seems to be a service or a helper that gets called in the controller methods that would load a report for viewing or editing or a list of reports the user can access. Since controllers methods are loaded statically by the router, I'm unsure how or where the best place is to have this ACL check.

Should I write a class to be a shared-instance as a service or a simpler helper? This component will need to access the database to return the ACL. Should an ACL be determined on the fly or stored in a table (it's only ever a few users)?

Thanks for the help!
Evan
Reply
#2
Wink 

Hello Evan,

When dealing with dynamic access control at the report level, especially in a CodeIgniter application, it's crucial to have a flexible and efficient solution. 

Given your needs, I recommend developing a service class that dynamically evaluates ACLs on the fly. This approach offers the best balance between flexibility, maintainability, and performance for dynamic report-level access control.

If you find yourself needing quick, reusable snippets of ACL logic, you can also create helper functions. However, for more complex logic and database interactions, a service class is the better approach.

Best regards
Reply
#3

(This post was last modified: 01-16-2025, 11:58 AM by evansharp.)

Great reply, thanks!

I particularly value the direction that DB work belongs in a service in this case. 

Could I impose to ask about how to init such a service at runtime? Since controller methods are called statically by the router, I can't get the service in a constructor, right? Do I need to call the service at the top of every relevant controller method, or is there a way to autoload this in whole controllers? I basically will need it in most methods of some controllers and not at all in others.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB