PHP ACL: Permissions and Performance, Page 2
PHP ACL: Permissions and Performance
Permission names are created by you -- that means that you can use any name as a permission name. However, I suggest you check some permissions automatically and assign them some generic names, such as
view_[page_name] for checking page access permissions, or
form_[form_name] for checking if a certain users has permissions to submit a form.
Permission types are introduced in this version of PHP ACL, where "0" means "deny" and "1" means "allow." This feature is very useful if you have to manage exceptions, e.g., you need to allow a whole user group to execute an action, but you want to deny access to that action for a few group members.
$acl = new Acl();
// user doesn't have permission to execute the following action
//do something here
Consider your website's performance when implementing an ACL. Using access control list checks increases the number of queries per request by 4. Although there is MySQL query cache, it is recommended that you create your own caching system. It can be as simple as storing the query results into a file and fetching them from a txt file for a certain period of time, or more complex, such as CodeIgniter's SQL caching system, which can store cache for unlimited period of time, but delete it when a certain action is executed (e.g., clear cache when a new user is registered).
In conclusion, implement the ACL model, as it is would significantly increase your website security.
Originally published on http://www.developer.com.
Page 2 of 2