Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Looking for ACL/RBAC starting point
Looking for ACL/RBAC starting point
  • El Forum
    Guest
  •  
#1
03-26-2013, 03:06 PM

[eluser]Dracos[/eluser]
I've been working on a large project for a while, and need to implement some access control. We're using CI 2.1.0 with DataMapper 1.8.2, both somewhat customized.

The environment involves apps and users, where each user can have relationships to 0 or more apps, and each relationship is one of several roles (owner, personnel, customer). These roles are well-defined and will not change.

Each app has two sides: an administrative interface where owners and personnel activity takes place, and a public side where customer activity happens. These are segregated as separate controllers. There are currently some blanket settings in each app to set broad access to the public interface.

We have a user registration/login/auth system in place as well as a Celko tree (aka nested sets) of categories which among other things is used for creating user groups. App personnel will be creating/managing these.

The plan is to allow the personnel to also manage access to each models, down to the ID level. With the ability to grant/deny each CRUD action and a few other model-specific actions.

What I'm looking for is an ACL-RBAC hybrid that can be tied to the existing components (users, categories, etc) we have. Something that allows multiple inheritance of access, can resolve grant/deny ambiguity, and can be called from the controller and model levels (we have dozens of models, but only a few controllers which are shared among them).

Because the roles are stable and few, the RBAC aspect could probably be worked around.

Also, many of our models form parent-child hierarchies, such as forum->thread->post, so in addition to the CRUD actions, I was thinking of having a separate CRUD action set for child objects.

I've searched here, getsparks.org, and on Google, and haven't found much that looks promising. Which is frustrating because for many years I worked with a CMS that had a very powerful ACL system built in. I realize exactly what I'm looking for probably doesn't exist due to the specific requirements, but I'd still appreciate being pointed toward something that I can use as a starting point.

And if we come up with a solution, there's a chance it could be open sourced. Most of the CI ACL stuff seems to be pretty old.




Theme © iAndrew 2016 - Forum software by © MyBB