Cliff Hirsch wrote: > Does anyone use phpGACL? Good, bad, ugly? Alternative? Other suggestions for > access control? This looks like an easy drop in, although the UI is wicked > confusing.
Back in the day I actually rewrote most of the phpGACL database structure and reskinned the 'wicked confusing' interface. Unfortunately the project I was planning to use it for never eventuated. It has some definite strengths, not the least of which is that it is seriously fast at answering questions like 'can user X perform action Y on object Z?' due to the MPTT database structure, and the use of caching. I dug up my tests from 2005, and on my P4 2.8 laptop with 1GB ram and a 5400rpm hdd, the average query time was 0.05s. That is with no caching, on a random database with 1,000 ACLs, 1,000 ACOs, 100,000 AROs, 1,000 ARO groups, 100,000 AXOs and 1,000 AXO groups. If you want to do your own performance testing the system ships with an included benchmarking suite. It isn't as quick at answering questions like 'who can perform action Y on object Z?', 'which actions can user X perform on object Z?', or 'which objects can user X perform action Y on?'. However, I don't know of any quicker solution which supports the level of granularity it does. I do believe that cakephp at least borrows some of the concepts, though I'm not sure of that. Nate? At the time I stopped active contribution to the project, the 2 main things I wanted to add were: 1. The ability to support multiple 'root' ARO/AXO elements. Currently the system requires a single 'root' node in each of these trees. Usually this is just a placeholder without any real use, but it would be possible to add the ability to support multiple root nodes which would be a neat way to partition the system and should yield a speed increase. 2. Consolidation of the ARO and AXO system into a single tree. Currently if you want to have permissions like 'user X can edit user Y', you must have all your users and groups in both ARO and AXO trees. It would be much simpler to just have objects, groups and permissions. If anyone were interested in implementing these features, I would be more than happy to answer any questions. Who knows, maybe the bug will bite again and I'll implement them myself! Dan _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
