I think this is the right forum, I apologize in advance if it is not.
We need a user management system that allows for assigning privileges on a case by case basis. For instance, we have two 'object's now that can be acted upon, each in 3 different ways (create, edit, delete). In one instance we may want to allow a user access to create and delete one object with all privileges on the other object. Then the instance could arrive that we want 25% of users to be able to perform an edit on both objects, and every other user has no privileges. I think you can see where this could go, and I have to be ready for it.
Of course, we need for the system to be extensible (adding new objects, and new actions on existing/new objects).
I am convinced a group based system would not work (the different combinations of groups could get way out of hand). We have thought of using a number based system, but extensibility concerns me. When I say number based I mean either: a 0|1 to each action, so a user with two privileges on one object would be stored in mysql table as 011; or a system similar to our file access permissions are granted (777, 646, etc). Both of these thoughts are in their infancy.
From a php performance and mysql storage standpoint, what do you all think my best options are here.
Thanks much in advance for any suggestions.
User management
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: User management
An ACL based system is what you need. There is phpGACL and the Zend Framework has something that might work for you.
(#10850)