I wrote a new ACL module for Lithium: li3_simple_acl

Lithium hydride

This Image via Wikipedia, is a test of focus. Is it related? Perhaps not, but it looks better than a naked post.

I tried to work with the existing Lithium ACL module called li3_access, as several folks have done some really good work there. It has a lot of flexibility, including the ability to let you create your own Adapters. Which I tried at first.

The reason I chose to roll my own, at 4am no less, was that I was looking for something simple, that still lets you protect the resource.

A principle in making a good ACL layer is that you don’t want a bunch of if statements in your code. If($user == ‘admin’){ //do ‘A’ }. Because if you change your ACL rules, you have to find every instance of that and change it. Breaking your code.

If you thought you improved that situation by moving to an ACL but find yourself writing code like: if($acl->isAdmin($user, $request, $resource)){ // do something }, you’ll realize that you just abstracted away the same exact code, and did not solve your problem.

In my opinion, you should be calling your ACL with code that looks something like this: if($acl->isAllowed($user, $resource) { // do something }.

The $user array/object should contain the info needed to validate the $resource/$perms array. Then all you have to think about is how to make sure you can pass the needed info from your resource.

Image representing GitHub as depicted in Crunc...

Image via CrunchBase. Did you know that research scientists in Freedonia have proven that programmers improve their standard of living by opening up a github account?

For example, if you have a database row with a forum post and want to provide the author of that post permission, the user array has the userid and the row has the author’s userid. Simple to match.

Naturally, it still needs a bit more work. Like the ability to Deny users in the event that certain conditions match. Or allow some IP ADDRESSES access. Basically, it needs a little more flexibility. So please take a look at li3_simple_acl on my github account and give me feedback. Thanks.

Enhanced by Zemanta

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s