I would like to hear your thoughts about the task I have in front of me. Also if there is any known design pattern for this, a share would do a lot.
The task is to create the architecture of the project.
There will be several types of users :
When they open the webpage I need to return every module (page) the user has access to.
I was thinking of polymorphism. I will have a base user which has permissions as protected property and every new class, for ex. supervisor, will add some more or overwrite the base ones.
Every module has components (parts of the webpage) and the result of the get will be something like this
$modulesAccess = [
'baseModel' => array(
'componentOne',
'componentTwo',
),
]
With this the front-end developers will know what exactly to draw.
I was thinking to make these models/components in the database but it is going to be easier to manage them through the code. And polymorphism does good enough job for us there.
The tricky part, custom user. The idea is every Model/Component will have a different ajax request to return specific data. And every upper level user must implement it differently. That is fine, but the custom user, lets say for example is a supervisor, he needs to have access to only one Model/Component from the administrator.
How would you handle this?
Thank you in advance.
An system in which the design features and technical specifications are not kept undisclosed or not open to other manufacturers and the system is also made in compactable with other tools and software's.
In other words, closed-architecture systems are fully proprietary, whereas an open-architecture CAD/CAM system can be integrated with the components manufactured by many outside vendors. At first glance, an open-architecture CAD/CAM system may seem to be the way to go, given the flexibility of component choice.
An Architecture degree will teach you how to plan buildings, so they line up with pre-existing structures and provide effective services. You'll learn how to consider the environmental impact of what you design and think about how those designs could be reasonably implemented.
An empirical approach is to structure Authentication and Authorization in following main models:
This can satisfy most of your security scenarios. For example:
Plus you can:
Polymorphism is not good to be used to form types of user. Instead, use Group or Role.
With decorator pattern your code would not be required to extend the original class when you are adding new features as it allows functionality to be divided between classes with unique areas of concerns.
class AuthProvider
{
protected $target = null;
protected $acl = null;
public function __construct( $target, $acl )
{
$this->target = $target;
$this->acl = $acl;
}
public function __call( $method, $arguments )
{
if (
method_exists( $this->target, $method )
&& $this->acl->isAllowed( get_class($this->target), $method )
){
return call_user_func_array(
array( $this->target, $method ),
$arguments
);
}
}
}
and then call it like this
// Based on your: $current_User and $controller
$acl = new AccessControlList( $current_User );
$controller = new AuthProvider( $controller, $acl );
// you can execute all the methods you had in previous controller
// only now they will be checked against ACL
$controller->actionIndex();
When accessing the method check if they are allowed to execute based on their access rights.
As far as your question to tackle AJAX calls to Controller/Model is concerned. I would let controller handle the AJAX calls and based on access rights call the model and return the response. Calling Models via AJAX simply bypasses the controller which should be avoided.
try to not reinvent the wheel, look for a framework or library that already solved the problem for you, your problem its simple and already solved...
you need basically 2 classes, a user, and a role, roles can be grouped en a tree.
so,lets say you have 3 pages, one for admin only, one for supervisors and one for every one,
you define you role trees this way
ROLE_ADMIN
|- ROLE_SUPERVISOR
|-ROLE_USER
and then... asign roles to your users...
the best part it's the flexibility, you can make your tree as granular as you may want, and even generate customs roles with many comvination...
a library implementing this model is: http://symfony.com/doc/current/components/security/index.html
wich is part of symfony framework, the library has many other features that you could find usefull, like, voters for example.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With