Dynamic roles [ACL]

What is best way to create dynamic roles in ACL? I mean, creating role at runtime.

I am not sure how ACL works. Actually, I have never used that yet. If is ACL executed only once -> I have no idea how to do dynamic roles.

If ACL is executed with every http request, I would create entity 'Role' and entity 'Permission'. Every role would have some permissions. ACL would look for these roles and associated permission with every request in database.. Does it make sense? How you do that?

Unless you store ACL somewhere in a persistent back-end storage, they're created at runtime each time, i.e. just like your IoC services container with other services / components.

edited May '16

Using ACL as Memory adapter means that is created and exists only for request time. You can speed up it by storing serialized created object in memcache or something like this, also memory gives your more ability and options in 2.1.x

Well you can just access acl service and call addRole in runtime - it will add new role to acl. If you are using Database adapter - it will add it to database too. If you are using memory adapter. I would recommend to save serialized object to file and memcache if you need to create new roles on the fly, if it doesn't exists in memcache - load it from file and save to memcache.

In Memory adapter(2.1.x) i added option to use acl on objects and adding custom defined user functions which will be called when checking permission(so we can add advanced check if user have access to some entity).



30.7k

i added option to use acl on objects and adding custom defined user functions which will be called when checking permission

Excellent job. Thank you !

edited Jun '16

Well by mistake someone added it in current 2.0.x documentation :/ https://docs.phalconphp.com/en/latest/reference/acl.html#function-based-access But as i wrote it's only available in 2.1.x

i added option to use acl on objects and adding custom defined user functions which will be called when checking permission

Excellent job. Thank you !

Thank you !

Using ACL as Memory adapter means that is created and exists only for request time. You can speed up it by storing serialized created object in memcache or something like this, also memory gives your more ability and options in 2.1.x

Well you can just access acl service and call addRole in runtime - it will add new role to acl. If you are using Database adapter - it will add it to database too. If you are using memory adapter. I would recommend to save serialized object to file and memcache if you need to create new roles on the fly, if it doesn't exists in memcache - load it from file and save to memcache.

In Memory adapter(2.1.x) i added option to use acl on objects and adding custom defined user functions which will be called when checking permission(so we can add advanced check if user have access to some entity).