How to best implement ACL with multiple groups asigned to users
ACL is based on the tree behavior which implements a ParentNode[/ChildNode]/EndNode tree for the AROs. Each end node can only belong to a single parent.
My plan is to have users.hasAndBelongsToMany.usergroups so the user will be inheriting the allowed or denied permissions of all his groups.
For example, user Peter belongs to three user groups, "Moderators", "Members" and "Banned".
The group "Moderators" allows him to posts/update, "Members" doesn't specify anything on that permission and "Banned" denies posts/update. The denied policy is assumed more important than the allowed one and the result is that Peter can't edit anything.
What would be the best cake-wise approach to this?
My guess is to just add all groups on the root of the aro list as well as the users (since single users might be granted or denied specific permissions) and iterate through each group the user belongs to for the result of the permission in question.
Asked by spiliot, on 3/6/10
0 Answers
Sorry, but there are no answers yet.
Your Answer
You can use Creole Wiki Syntax to format your text.
Tagged with
Rating
0
Viewed
200 times
Last Activity
on 3/6/10