The difference between controller-based permissions and ACL-based is basically that the former uses code and the latter uses data. There are complexities in both. With controller-based permissions, complex checks are done by code we write when create the output. With ACL-based permissions, complex associations are set up when we save records.
In the case of contact info, each person in the system would be both an ACO and an ARO (and those records are created automatically by the system when the person record is created, by us simply having set a static variable in the model class). The complexity happens whenever the person is added to or removed from a roster (their captains and co-ordinators of the league the team is in need to have ARO-ACO read permission granted or revoked), when teams are moved between leagues with different co-ordinators, or when a co-ordinator is added to or removed from a league (must have read permissions granted or revoked on all players on all teams in that league). Assuming that all the ARO-ACO permissions are correct, all we do at display time is ask the ACL system whether there is read access, and generate the output as appropriate. I think I agree that the controller-based method is the way to go, but I wanted to give a more in-depth example to make it clearer. I do think that the ACL method provides good flexibility, and perhaps maps best to what we need to accomplish. If it supported putting users into multiple groups, I think it would be a no-brainer, as it would mean a lot less ARO-ACO record maintenance, but that's not an option, at least for now. Greg. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dave O'Neill Sent: Thursday, January 07, 2010 3:06 PM To: Development discussion for the Leaguerunner league management system Subject: Re: [Leaguerunner] Converting Leaguerunner to CakePHP On Thu, Jan 07, 2010 at 02:49:36PM -0500, Greg Schmidt wrote: > The second most common option is for the various controllers to do their own > security checking (using the tools provided by CakePHP). This is perhaps > the closest to how Leaguerunner currently works, but there are problems with > this. In particular, the code for things like checking whether the current > user is allowed to see another person's contact information is quite > complex. I think it's probably best to have the controllers perform their own checking. The player contact info permission-checking code is going to be quite complex anyway, regardless of how it's implemented. > The third method is to use CakePHP's ACL (access control list) component. I haven't looked at Cake's ACL stuff yet, but based on your description of it, I think it's a non-starter, at least at this point. The entire point of switching to CakePHP is to make things simpler, after all. Cheers, Dave _______________________________________________ Leaguerunner mailing list [email protected] http://www.dmo.ca/cgi-bin/mailman/listinfo/leaguerunner _______________________________________________ Leaguerunner mailing list [email protected] http://www.dmo.ca/cgi-bin/mailman/listinfo/leaguerunner
