Closed rclanan closed 12 years ago
+1
+1, would this rather be an extra column in roles
or a config option?
It would be 4 extra tables. In the conventional ACL system, you have resources, actions, permissions, and the groups/users requesting access.
Examples; Resources = Admin, Cart, Blog Actions = Read, Write, Checkout, Post Permissions = (requestor, resource) so "Mindy, Admin" or "Mandy, Blog" Permission Actions = (requestor, resource, action) so "Mindy, Admin, Read" or "Tom, Cart, Checkout"
So to check user "Mindy" for access to "Read" the "Admin" panel, we would basically run something like this;
check $user->id for $action on $resource, or, \Warden::check($user, 'admin', array('read')) <- the last array would allow us to check for multiple actions.
Running the above would give Many access to Read the Admin control panel, since we defined her, the resource, the action, and applied them to each other.
Personal opinion: The presence of entires should be access = true, if you want to revoke access you remove the entry. That way you don't pollute your tables with much unneeded data.
+1 for ShonM response!
ahh yes, +1, thanks!
Would it be possible to add more support for ACL. Instead of just checking for the roles. Could it actually check that the role has permission to use the resource? More in terms of what SimpleAuth is doing with ACL or what Crynobone is doing in his hybrid project? (https://github.com/crynobone/fuel-hybrid/blob/master/classes/acl.php).
Thanks