Junior Member
What is the best way to store Zend_Acl roles and resources?
I was looking through the ZF Tutorials for the Zend_Acl class and came accross one that explained a good way of storing the roles and sources created by Zend_Acl. The documentation says that it's up to the programmer to create a way to store all this information.
Going through all the available methods I could come up with I found a few things that I needed cleared up. I understand that the class could be stored in a file after being serialized and then restored though unserialize. However storing the Acl in a file presents not only a scaling issue but also a security issue as far as creating a possible race condition for control over that file.
As far as the scaling issue goes. The file for a large site could become very large. This in of itself could present an issue as far as efficiency goes. Heavy access to a large file could bog a server down.
As for a race condition. When two processes access the same file and then deserialize it, make changes and then serialize it back to a file again. Neither of those procsses are aware of the changes the other one made. So one serializes and writes and then the other one does the same destroying the changes the first one made. Now we can prevent this by placing a read/write lock when changes are to be made. This presents another problem though. What happens when the locking process dies and the file is deadlocked? This could affect the operation of the site. Can't read the file, no roles, no permissions, no access to the site.
So then I thought each user could have their own file and the same problems cropped up again and more. If an admin makes a global change to a role then instead of just one file you have to deal with many. This throws that idea right out the window. It's completely inefficient.
So I'm on to the database concept. However I haven't much experience in dealing with Acls at all so I don't know what the best way to store all the information would be depending on how Zend_Acl deals with its data. How should the tables be built if you want to take advantage of Zend_Acl's full abilities? I don't understand Zend_Acl's structure well enough to be able to come up with a database structure.
Sorry for the rant. But I have a site that is aching to be built. I would appreciate any input on this. I did take a look at a tutorial and it was what I wanted to do. However It's a quick and dirty solution that won't scale well.
Specks
Member
Well, you could store everything in a database, but you will need to store all your rules in there as well, then populate your ACL class each page load.
For my site, I have 5 or so user types, and decided to simply keep them loaded in the class itself. I may go back sometime and put them all in the database, but if you do that you need to build an admin page to modify your permissions.
Junior Member
In my case I will have a global admin which will be able to do everything. And other admins will only be able to see/do stuff from their department.
How would this get stored in a database? I've searched and no one seems to cover this aspect of ACL.
Junior Member
maybe this class is what you search for:
Class: MyACL (ACL) - PHP Classes
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote