Results 1 to 4 of 4

Thread: What is the best way to store Zend_Acl roles and resources?

  1. #1
    Specks is offline Junior Member
    Join Date
    Sep 2007
    Posts
    1

    Default What is the best way to store Zend_Acl roles and resources?

    I was looking through the ZF Tutorials for the Zend_Acl class and came accross one that explained a good way of storing the roles and sources created by Zend_Acl. The documentation says that it's up to the programmer to create a way to store all this information.

    Going through all the available methods I could come up with I found a few things that I needed cleared up. I understand that the class could be stored in a file after being serialized and then restored though unserialize. However storing the Acl in a file presents not only a scaling issue but also a security issue as far as creating a possible race condition for control over that file.

    As far as the scaling issue goes. The file for a large site could become very large. This in of itself could present an issue as far as efficiency goes. Heavy access to a large file could bog a server down.

    As for a race condition. When two processes access the same file and then deserialize it, make changes and then serialize it back to a file again. Neither of those procsses are aware of the changes the other one made. So one serializes and writes and then the other one does the same destroying the changes the first one made. Now we can prevent this by placing a read/write lock when changes are to be made. This presents another problem though. What happens when the locking process dies and the file is deadlocked? This could affect the operation of the site. Can't read the file, no roles, no permissions, no access to the site.

    So then I thought each user could have their own file and the same problems cropped up again and more. If an admin makes a global change to a role then instead of just one file you have to deal with many. This throws that idea right out the window. It's completely inefficient.

    So I'm on to the database concept. However I haven't much experience in dealing with Acls at all so I don't know what the best way to store all the information would be depending on how Zend_Acl deals with its data. How should the tables be built if you want to take advantage of Zend_Acl's full abilities? I don't understand Zend_Acl's structure well enough to be able to come up with a database structure.

    Sorry for the rant. But I have a site that is aching to be built. I would appreciate any input on this. I did take a look at a tutorial and it was what I wanted to do. However It's a quick and dirty solution that won't scale well.

    Specks

  2. #2
    Jhorra is offline Member
    Join Date
    Jun 2007
    Posts
    36

    Default

    Well, you could store everything in a database, but you will need to store all your rules in there as well, then populate your ACL class each page load.

    For my site, I have 5 or so user types, and decided to simply keep them loaded in the class itself. I may go back sometime and put them all in the database, but if you do that you need to build an admin page to modify your permissions.

  3. #3
    mtgf is offline Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default

    In my case I will have a global admin which will be able to do everything. And other admins will only be able to see/do stuff from their department.

    How would this get stored in a database? I've searched and no one seems to cover this aspect of ACL.

  4. #4
    ivotrompert is offline Junior Member
    Join Date
    Aug 2007
    Posts
    3

    Default

    maybe this class is what you search for:
    Class: MyACL (ACL) - PHP Classes

Similar Threads

  1. [Acl] multiple roles per user and assertions
    By YorianBenjamin in forum Authentication & Authorization
    Replies: 0
    Last Post: 12-11-2009, 11:18 AM
  2. Will Zend_ACL be of help to get the list of accessbile resources?
    By mesh2005 in forum Authentication & Authorization
    Replies: 1
    Last Post: 10-02-2009, 02:33 PM
  3. Adding new roles to existing zend_Acl
    By nandana in forum General Q&A on Zend Framework
    Replies: 2
    Last Post: 02-03-2009, 10:51 AM
  4. Zend_Acl do not inherit from parent resources
    By tawnos in forum Authentication & Authorization
    Replies: 2
    Last Post: 09-19-2008, 12:05 PM
  5. Zend_Acl with arbitrary number of resources
    By ablock in forum Authentication & Authorization
    Replies: 0
    Last Post: 05-07-2008, 04:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •