I would like to hear your thoughts about the task I have in front of me. Also if there is any known design pattern for this, a share would do a lot. The task is to create the architecture of the project. There will be several types of users : <ul> <li>normal user</li> <li>supervisor</li> <li>administrator</li> <li>custom (here is the tricky part)</li> </ul> When they open the webpage I need to return every module (page) the user has access to. I was thinking of polymorphism. I will have a base user which has permissions as protected property and every new class, for ex. supervisor, will add some more or overwrite the base ones. Every module has components (parts of the webpage) and the result of the get will be something like this <pre class="prettyprint"><code>$modulesAccess = [ 'baseModel' => array( 'componentOne', 'componentTwo', ), ] </code></pre> With this the front-end developers will know what exactly to draw. I was thinking to make these models/components in the database but it is going to be easier to manage them through the code. And polymorphism does good enough job for us there. The tricky part, custom user. The idea is every Model/Component will have a different ajax request to return specific data. And every upper level user must implement it differently. That is fine, but the custom user, lets say for example is a supervisor, he needs to have access to only one Model/Component from the administrator. How would you handle this? Thank you in advance.

An empirical approach is to structure Authentication and Authorization in following main models: <ul> <li>User: represents a user.</li> <li>Group/Role: represents a group of users. In some cases user's role.</li> <li>Module: represents your module, just encapsulates its definition information.</li> <li>Permission: represents a permission and a "CRUD" operation (create, read, update, delete)</li> </ul> This can satisfy most of your security scenarios. For example: <ul> <li>GET all Modules that a particular User has "View" Permission.</li> <li>GET all Modules that Supervisors have "View" Permission.</li> </ul> Plus you can: <ul> <li>Add/remove a specific User to/from a Group.</li> <li>and more...</li> </ul> Polymorphism is not good to be used to form types of user. Instead, use Group or Role.

With decorator pattern your code would not be required to extend the original class when you are adding new features as it allows functionality to be divided between classes with unique areas of concerns. <pre class="prettyprint"><code>class AuthProvider { protected $target = null; protected $acl = null; public function __construct( $target, $acl ) { $this->target = $target; $this->acl = $acl; } public function __call( $method, $arguments ) { if ( method_exists( $this->target, $method ) && $this->acl->isAllowed( get_class($this->target), $method ) ){ return call_user_func_array( array( $this->target, $method ), $arguments ); } } } </code></pre> and then call it like this <pre class="prettyprint"><code>// Based on your: $current_User and $controller $acl = new AccessControlList( $current_User ); $controller = new AuthProvider( $controller, $acl ); // you can execute all the methods you had in previous controller // only now they will be checked against ACL $controller->actionIndex(); </code></pre> When accessing the method check if they are allowed to execute based on their access rights. As far as your question to tackle AJAX calls to Controller/Model is concerned. I would let controller handle the AJAX calls and based on access rights call the model and return the response. Calling Models via AJAX simply bypasses the controller which should be avoided.

try to not reinvent the wheel, look for a framework or library that already solved the problem for you, your problem its simple and already solved... you need basically 2 classes, a user, and a role, roles can be grouped en a tree. so,lets say you have 3 pages, one for admin only, one for supervisors and one for every one, you define you role trees this way <pre class="prettyprint"><code>ROLE_ADMIN |- ROLE_SUPERVISOR |-ROLE_USER </code></pre> and then... asign roles to your users... the best part it's the flexibility, you can make your tree as granular as you may want, and even generate customs roles with many comvination... a library implementing this model is: http://symfony.com/doc/current/components/security/index.html wich is part of symfony framework, the library has many other features that you could find usefull, like, voters for example.

Choosing architecture [closed]

I would like to hear your thoughts about the task I have in front of me. Also if there is any known design pattern for this, a share would do a lot.

The task is to create the architecture of the project.

There will be several types of users :

normal user
supervisor
administrator
custom (here is the tricky part)

When they open the webpage I need to return every module (page) the user has access to.

I was thinking of polymorphism. I will have a base user which has permissions as protected property and every new class, for ex. supervisor, will add some more or overwrite the base ones.

Every module has components (parts of the webpage) and the result of the get will be something like this

$modulesAccess = [
     'baseModel' => array(
         'componentOne',
         'componentTwo',
     ),
]

With this the front-end developers will know what exactly to draw.

I was thinking to make these models/components in the database but it is going to be easier to manage them through the code. And polymorphism does good enough job for us there.

The tricky part, custom user. The idea is every Model/Component will have a different ajax request to return specific data. And every upper level user must implement it differently. That is fine, but the custom user, lets say for example is a supervisor, he needs to have access to only one Model/Component from the administrator.

How would you handle this?

Thank you in advance.

What does the term closed architecture mean?

An system in which the design features and technical specifications are not kept undisclosed or not open to other manufacturers and the system is also made in compactable with other tools and software's.

What is the difference between open architecture and closed architecture?

In other words, closed-architecture systems are fully proprietary, whereas an open-architecture CAD/CAM system can be integrated with the components manufactured by many outside vendors. At first glance, an open-architecture CAD/CAM system may seem to be the way to go, given the flexibility of component choice.

What is the purpose of choosing architecture?

An Architecture degree will teach you how to plan buildings, so they line up with pre-existing structures and provide effective services. You'll learn how to consider the environmental impact of what you design and think about how those designs could be reasonably implemented.

An empirical approach is to structure Authentication and Authorization in following main models:

User: represents a user.
Group/Role: represents a group of users. In some cases user's role.
Module: represents your module, just encapsulates its definition information.
Permission: represents a permission and a "CRUD" operation (create, read, update, delete)

This can satisfy most of your security scenarios. For example:

GET all Modules that a particular User has "View" Permission.
GET all Modules that Supervisors have "View" Permission.

Plus you can:

Add/remove a specific User to/from a Group.
and more...

Polymorphism is not good to be used to form types of user. Instead, use Group or Role.

With decorator pattern your code would not be required to extend the original class when you are adding new features as it allows functionality to be divided between classes with unique areas of concerns.

class AuthProvider
{

    protected $target = null;
    protected $acl = null;

    public function __construct( $target, $acl )
    {
        $this->target = $target;
        $this->acl = $acl;
    }

    public function __call( $method, $arguments )
    {
        if ( 
             method_exists( $this->target, $method )
          && $this->acl->isAllowed( get_class($this->target), $method )
        ){
            return call_user_func_array( 
                array( $this->target, $method ),
                $arguments
            );
        }
    }

}

and then call it like this

// Based on your: $current_User and $controller 
$acl = new AccessControlList( $current_User );

$controller = new AuthProvider( $controller, $acl );
// you can execute all the methods you had in previous controller 
// only now they will be checked against ACL
$controller->actionIndex();

When accessing the method check if they are allowed to execute based on their access rights.

As far as your question to tackle AJAX calls to Controller/Model is concerned. I would let controller handle the AJAX calls and based on access rights call the model and return the response. Calling Models via AJAX simply bypasses the controller which should be avoided.

try to not reinvent the wheel, look for a framework or library that already solved the problem for you, your problem its simple and already solved...

you need basically 2 classes, a user, and a role, roles can be grouped en a tree.

so,lets say you have 3 pages, one for admin only, one for supervisors and one for every one,

you define you role trees this way

ROLE_ADMIN
   |- ROLE_SUPERVISOR
      |-ROLE_USER

and then... asign roles to your users...

the best part it's the flexibility, you can make your tree as granular as you may want, and even generate customs roles with many comvination...

a library implementing this model is: http://symfony.com/doc/current/components/security/index.html

wich is part of symfony framework, the library has many other features that you could find usefull, like, voters for example.

Choosing architecture [closed]

Tags:

php

design-patterns

Vasil Rashkov

People also ask

3 Answers

Robo

Ashish Nayyar

Javier Neyra

Recent Activity

Donate For Us

Choosing architecture [closed]

Tags:

php

design-patterns

Vasil Rashkov

People also ask

3 Answers

Robo

Ashish Nayyar

Javier Neyra

Related questions

Recent Activity

Donate For Us