I need to figure out how to implement a user/group access control system. I started by creating roles (admin, mod, author, member) and then setting in a config file resources (like "add post") and the maximum level a user must be to access it.
<?php
if($resouce['level'] >= $current_user['level']) {
allow;
} else {
deny;
}
?>I made the "Admin" level "1" and everything else higher (mod = level 2 and so on). So if a resource demanded a level of a most "2" - then only mods and admins could access it. I figured I could store resources in a config file and just add to it whenever there was a new one.
<?php
$resouce = array('add post' => 2,
'edit post' => 2,
'read post' => 6);
?>I took a look at Zend Framework [1] and found that while it was pretty much the same thing - it was a bit more structured. However, I didn't like the mess that it created:
<?php
require_once 'Zend/Acl.php';
$acl = new Zend_Acl();
require_once 'Zend/Acl/Role.php';
$acl->addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('member'))
->addRole(new Zend_Acl_Role('admin'));
$parents = array('guest', 'member', 'admin');
$acl->addRole(new Zend_Acl_Role('someUser'), $parents);
require_once 'Zend/Acl/Resource.php';
$acl->add(new Zend_Acl_Resource('someResource'));
$acl->deny('guest', 'someResource');
$acl->allow('member', 'someResource');
echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';
?>One object, two at most should be enough. Why there are 6 here is beyond me. However, since it is Zend I would expect them to know what they are doing.
Now, how should I structure this system? should I try to store every resource and it's level in a DB table? What if there are 50 different resources? - I don't want to keep making calls to the DB every page. How should I build the user object? Does anyone have any ideas about this?