I'm developing an app that will allow administrative users to control ACL
from a page within the app. My strategy is to store all info in the DB and
then build the ACL in the bootstrap (it will be cached after initial
creation and flushed on modification). I'd like to allow fine grained
access to modules/controllers/actions and wanted to see if anyone had any
suggestions or had already created something like this and would be willing
to share.
Currently, I have set things up roughly like:
table role
id
name
table right
id
module
controller
action
table roles_rights
role_id
right_id
However, based on the way resources are created (name, privileges), I'm
thinking that I may have to rethink things. I'm thinking that maybe storing
the module name is not needed because request objects return controller
names in the form of module-controller. So, if I had a module named Core
with a controller name Core_IndexController and an action named indexAction,
I could just store a row in the rights table as (id, 'module-controller',
'action'). This would work, but I'd love to be able to grant roles access
to modules in one shot - something along the lines of Resource('module') -
allow('role', 'module'). It would also be nice to easily allow access to
controllers in one shot - something along the lines of Resource('module') -
allow('role', 'module', array('controller')).
Perhaps the best way would be to go with the following schema and simply set
up the logic of my app to insert all necessary rows into the rights table
for me (so I could just check one select box in the UI that would grant
access to all controllers/actions in a module or actions in a controller):
table rights
id
controller
action
Any suggestions? I apologize if this post is worded in a confusing manner.
Thanks.
--
View this message in context: http://www.nabble.com/Zend_Acl-and-a-database-tp20555831p20555831.html
Sent from the Zend Auth mailing list archive at Nabble.com.
没有评论:
发表评论