Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Developer.com:
Creating a Custom ACL in PHP
May 11, 2012 @ 15:53:23

On Developer.com there's a recent tutorial showing you how to create a basic access control list in PHP (not in any specific framework). It allows you to define not only user permissions but groups and group permissions as well.

So, what are the advantages of an ACL model? The first advantage is security. Using this model will make your application more secure and less vulnerable to exploits. When securing any program, it is good to give to the user only the privileges he/she needs. That means that, for example, you should not give super administrator privileges to someone who will only manage website content. The ACL security model allows you to do just that. The second advantage is the easiness of user management. You can divide users into groups, while each group has certain access permissions. Also, you can easily add new user groups, delete the old ones or change group permissions.

They include the database structure you'll need to make the backend work (four tables) and the code to create an "Acl" class with methods to check a user+group for a permission, get the permissions for a user and get the permissions for a group. It's a pretty simple system and has a lot more that could be added to it to make it more robust, but it's a good start.

tagged: custom acl access control permission group tutorial database

Link:


Trending Topics: