Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Role based access control - correct MVC pattern

Tags:

php

model-view-controller

kohana

rbac

I started using the MVC pattern a half year ago, and I still have some misunderstandings.

Now I want to implement a role based access control in my application. However, my question is not about RBAC, it is about MVC.

My implementation of RBAC is this: user->role->permission so every user (ex. userA) can have many roles (ex. reader, editor, admin), and every role can have many permissions (read, update, delete, etc.).

MySQL tables

  • users (list of users)
  • roles (list of roles)
  • permissions (list of permission)
  • roles_permissions (list of roles->permissions connections. ex. editor->update)
  • users_roles (list of users->roles connections. ex. userA->editor)

Now my question is How should I implement this in MVC? Have a separate model for: users, roles, permissions, roles_permissions, users_roles, than have an authManager class that creates users, roles, permission, roles_permissions, and user_roles? Is this way correct? Is there a better, maybe more elegant way?

like image 502
Tamás Pap Avatar asked Dec 22 '11 07:12

Tamás Pap

People also ask

What is role based access control example?

One role-based access control example is a set of permissions that allow users to read, edit, or delete articles in a writing application. There are two roles, a Writer and a Reader, and their respective permission levels are presented in this truth table.

How do you plan a role based access control?

5 Steps to Implement Role-Based Access ControlCreate a mapping of roles to resources from step 1 such that each function can access resources needed to complete their job. Create security groups that represent each role. Assign users to defined roles by adding them to the relevant role-based groups.

How will you implement role based authorization in MVC 5?

Choose MVC5 Controller with views, using Entity Framework and click "Add". After clicking on "Add", another window will appear. Choose Model Class and data context class and click "Add". The EmployeesController will be added under the Controllers folder with respective views.

Which type of access controls can be role based?

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.

1 Answers

Basically I'd stick with one of many already existing Kohana ACL libraries instead of writing your own (or at least try them to see if they fit to your needs).

You may want to check this thread (Wouter A1, A2 and ACL modules) - http://forum.kohanaframework.org/discussion/1988/releases-a1-authentication-acl-acl-for-kohana-a2-object-level-authorization/p1
It's being constantly updated and maintained and it's available for 3.2 version as well.

If you feel Wouter modules are complicated, you can also check Vendo ACL module which is very simple and removes a lot of complications - https://github.com/vendo/acl
Examples how to use it - http://forum.kohanaframework.org/discussion/9517/getting-started-with-vendo-acl/p1

like image 181
matino Avatar answered Oct 17 '22 02:10

matino
Sign in to Comment

Related questions

How to escape Chinese Unicode characters in URL?
Multiple instances of header() + die() in single code line
Can php source code package a library like the java .jar?
How does PHP make money? They don't solicit donations and they don't sell pro solutions [closed]
PHP PDO vs normal mysqli speed performance benchmark [closed]
Script to detect shipping carrier by tracking number [closed]
Using a favicon in Zend Framework
Public static variable value
preg_match matching pattern with asterisk (*) in it [duplicate]
How can I find out how many times a foreach construct loops in PHP, without using a "counter" variable?
Accessing an FTP directory listing with PHP
How to set this php soap header?
Are identical primary keys bad practice?
PHP: Remote Function Call and returning the result?
I am confused about PHP Post/Redirect/Get
need assistance with sql injection
For loop is not running for float values
Php test empty string
beanstalkd - what happens to reserved, but not completed jobs?
Suppress the message "Fatal error: Maximum execution time of 30..."

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!