Developing a small Auth/ACL library

[eluser]asylmottaket[/eluser]
I'm in the process of making a little auth and acl-system.

When authenticated, all permissions and roles is set as a array in the userdata (use session database).

Would this be a okey way of dealing with access control?

I've seen some other alternatives, but they check access from uri string, and then have to make several db queries for every page view. And I'm not quite sure if that is the best way..


Never made a acl-system before.. am I on the wrong path? Or do I make fuzz of a pretty standard way to do it?

[eluser]jedd[/eluser]
[quote author="asylmottaket" date="1258001274"]
Never made a acl-system before.. am I on the wrong path? Or do I make fuzz of a pretty standard way to do it?[/quote]

I've only made one - and it's based on authenticating and storing some credentials in a database-stored session.

I think the three-level access (guest / logged in / admin) stuff is easy - but gets more complex once you go larger. An increasing level of access will get confusing and possibly limiting for things like forum moderators, as an example. The alternative is a far more modular/granular ACL - but there's plenty of space in a database-stored session.

Doing regular database lookups means you don't have to ask users to logout and back in again to get new privileges (or to lose them) but I'm not a big fan of this approach.