PHP Access Control System

Question

I am part of a team creating a web application using PHP and MySQL. The application will have multiple users with different roles. The application will also be used in a geo

Answer 1

I was in similar situation few months ago. I found that tools like Zend_ACL work great if you just check access level to single item (or reasonably low number of them). It fails when you need to get a huge list of items the user is allowed to access. I crafted custom solution to this problem using Business Delegate pattern. BD provides business logic that can be applied in specific context. In this scenario a SQL logic was delivered and used as filtering condition in subselect. See the following diagrams:

_{(source: epsi.pl)}

And sequence diagram that illustrates calls order:

_{(source: epsi.pl)}

I blogged about this solution, unfortunately it's all in Polish, but you may find pieces of code and diagrams handy. What I can say, the implementation is not a piece of cake, but performance-wise it's a champion when compared to iterative access checking for each element on the list. Moreover, the infrastructure above handles not only one type of items on the list. It can serve when accessing different lists, be it list of cities, countries, products, or documents as long as items on the list implement IAuthorizable interface.