Ok.. so I built this real simple RBAC using Laravel.
In my design I filter user's permissions based on a global permission, Ownership over resource or permission over the resource's category. My question is on that last part, I have 3 categories that are seeded to the DB when the package is installed.
-
Public
-
Users
-
Content
Public category: You can link any kind of resource to it, and it's used by the main filter class to determine if a non registered user may or may not access a resource.
User and Content are categories created to nest categories for those to types of resources in the application.
In the users category for example, an admin user could create a category called banned users, then assign a role without any permissions to that category restricting any user within that category. Well at least that is the main idea.
I start looking at other more mature applications' db schema and they usually use separate tables to accomplish the same behavior.
So my question is... Should I rely in an abstract schema vs having actual tables? Lets say having a frontpage_content table like joomla vs creating a category content>frontpage and then link posts to that category for later retrieval.
Main filter function
/**
* Perform Model Filtering
* @param string $action
* @return boolean
*/
protected function Filter($action) {
//Read Permission Session
$session_array = Session::get(self::PermissionSessionKey);
//Get actual permission array from session
$session_permission_array = $session_array[self::PermissionArrayKey];
//Check if user have permissions to this resource
$resource_permission_array = $this->checkPermit($session_permission_array);
if (!$resource_permission_array) {
$this->error = "Permissions not present for this resource";
return false;
}
//Check if user can perform an action over the resource
$action_permission_array = $this->checkActionPermission($resource_permission_array, $action);
if (!$action_permission_array) {
$this->error = "You dont have permission to $action";
return false;
}
//Run filters
if ($this->FilterPublic() && $action == "GET") {
return true;
} else if ($this->FilterAny($action_permission_array)) {
return true;
} else if ($this->FilterOwnership($action_permission_array)) {
return true;
} else if ($this->FilterCategory($action_permission_array)) {
return true;
} else {
return false;
}
}
Session w/permission
Array
(
[Role_Name] => admin
[Permissions] => Array
(
[ALL] => Array
(
[POST] => Array
(
[ANY] => 0
)
[GET] => Array
(
[ANY] => 0
)
[PUT] => Array
(
[ANY] => 0
)
[DELETE] => Array
(
[ANY] => 0
)
)
)
)
1
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast