CODEWITHSUNDEEP
phplaravellaravel-4rbac
GlomB
GlomB

Reputation: 11

Advanced Role-Based Access Control

So, I've done some research on RBAC and ACL but all examples are very "1 dimensional" and doesn't quite fit my needs (I think at least).

So, what I have is countries that have a president, vicepresi, Coach1, etc.

Currently I have 14 countries, and each role cannot have rights on a diffrent country.

Additionally, I have clubs with a manager, coach, players, etc.

What would the best solution be here?

Edit: A user can both be president of one country and be coach1 of another while being player of a club, and so on.

Upvotes: 0

Views: 681

Answers (1)

Boaz Rymland
Boaz Rymland

Reputation: 1467

Your question is not entirely clear but from what I can understand, a person can be a vice president on one country but be nobody on another country and this is what puzzles you - how do you model this? If I got the question right then in the RBAC implementation tnat I use (Yii framework written in PHP) there's this thing called 'business rules'. A business rule, which is a PHP code snippet that returns true or false, can be attached, or defined, for a specific role (for a simple example) and this means that every time a person being checked if he 'has this role' the business rule, its not enough for the person to be attached this role. If a biz rule is attached to this role, it is run and the answer from that code snippet (boolean) determines if the person 'really' has this role or not. In other words, you get an extra dimension of flexibility here so instead of:

does a person have 'vice president' role ? -> if he has this role he is vice president in every country (!...).

You can have a much more fine tuned check like this:

does a person have a vice president role for country A? (country A is being passed as parameter to the RBAC layer, which already has the 'person' data structure under its hands -> RBAC layer runs the biz rule snippet. The code, which you write, checks affinity of this certain user to that certain country and return boolean, which determines if the user is vice president of country A.

All there's left is inserting logic into the application that enforces uniqueness of 1 vice president per country in your DB (of choice) and you're done!

Hope that helps.

Upvotes: 1

Related Questions