Trying to figure out ACL - Beginner with Phalcon

Hi all,

Excuse me if my question seems a bit childish, I am quite new to Phalcon, though I understand basic concepts of MVC. Here is the situation:

I am making a small web application where there will be users of different levels, each having access to different ares of the backend. Currently, those are all saved in the database under a single table where a field called userlevel determines their role (eg 900 is admin, 700 is client etc). I understand that Phalcon uses ACL to permit/deny access to certain controllers/actions. However in the examples I only see 2 roles assigned (Guests and Users). One is for logged in users, the other for everyone else. How can I create more roles and assign them to the users during login, based on the userlevel field?

Also, I am thinking of creating 1 table for each user role and having separate login point for each role. Do you think this approach is better to implement with Phalcon?

Thanks for you time and excuse me if failed to understand something in the docs. I learn easier by doing, than by reading...

edited Dec '15

IMHO i dont think you should store it in database, store it in file, and load one into memcache when application is first loaded. Then you have acl only in memcache, save changes in roles to files and reload memcache.

ACL in phalcon is just an object with array and some methods. But you have all the stuff like checking permission yourself(in dispatcher or controller - your choice).

You can add role just by simply:

$acl->addRole("ANONYMOUS");

In service definition, thats why you should serialize it to file. And load it on start to memcache(then you dont load it from file). Second argument in addRole inherits all permissions from this parent role.

edited Dec '15

If you don't need the flexibility to edit the resources dinamically from backend, I would recommend going with the memory adapter. Take a look how is made in "vokuro" example, or even start from that.

If you need flexibility to add users, resources dinamically like a CMS, then things get complicated. Store everything in database and then build a function to build your acl using memory adapter. After you have the Acl object store it in cache and read it from there. This way you can have the flexibility you want, and not stressing the database useless. But make sure you clean the Acl cache and rebuild it when you change something in db.

You can use Acl Database adaptor if you don't want to create a custom one

https://github.com/phalcon/incubator/tree/master/Library/Phalcon/Acl/Adapter

Acl Memory adaptor docs

https://docs.phalconphp.com/en/latest/reference/acl.html

If you don't need the CMS Acl flexibility, I recommend you to go for Memory adaptor.

Also to answer your question, no need to create different tables and different entry points. One entry point is enough, except if you want to separate entirely the frontend from backend.

I ended up using a multi-module configuration in order to implement some functionality I have in mind.

However, I am still struggling with ACL...

Can someone provide a (working) example of ACL implementation? I have 4 modules and have set up my routes correctly. Login also works, so once a certain controller is accessed, I can display content based on auth status. Keep in mind that I am new to Phalcon so make the example a bit more detailed...

I know I ask for too much, but I am trying to get my head around this for the past 3 days...

Thanks!