Help with RBAC System / User Authentication - Permissions |
[eluser]eclectic01[/eluser]
I'm trying to develop an RBAC model for a content management system we are developing. The company I work for has a very agile approach towards developing web applications and the core specification often gets rewritten several times during the development phase and we end up with a project vastly different from what we started with. The idea with this CMS is to develop something flexible enough to not warrant starting from scratch with every project. With that in mind, apart from the core CMS features (authentication, templating etc) everything else will fall into modules that can be plugged in if desired. I've decided to handle the permissions / roles problem first before any further development. Here is the database schema that I've gone for: Database Schema # Resources contains a list of modules e.g. 'Blog', each with a unique module id. # To reduce the number of queries, I've used a Modified Preorder Tree Traversal way of storing the groups information in the database and I'm using a bit of code I found in the wiki to do with nested sets to organise and display this information. My check_permissions function looks a little like this: Code: function check_permissions($user_id, $resource_id, $action) The only problem that I can see with this system at the moment is that if the group structure was similar to this: Admins --Super Admin --Normal Admin and a specific permission was applied to the Admin group, my permissions function would not grant access to the user who was part of the Super Admin because the rules are not cascaded down. Does anyone know how I could modify the code above to achieve this? the MPTT code that I'm using is available here: http://codeigniter.com/wiki/Nested_sets/
[eluser]eclectic01[/eluser]
Had a thought about this last night, does anyone forsee any problems with this method: Code: // if permission is found - access is given The only problem is the number of queries I have to run to go through each parent node in the group tree. Considering the whole permissions function only executes 2 queries so far, it seems a shame to introduce so many of them now.
[eluser]eclectic01[/eluser]
Think I've got it, code commented in case anyone else requires it: Code: function check_permissions($user_id, $resource_id, $action)
[eluser]Unknown[/eluser]
hi i am interested in implementing ACL User Access could you please explain the relationship of the tables I am somewhat confused greetings I hope is not too much trouble |
Welcome Guest, Not a member yet? Register Sign In |