Nested authorization support in Symfony2

Question

A system has nested resources. For example

Farm HasMany Sectors

An example object relation will be like below

farm1 => [sector1]
farm2 => [sector2, sector3]

Now say, user1 has read,write permission on farm1 .

user1 Has(read,write) on farm1

I need the system to automatically use the access for all the nested resources of farm1 , in this case sector1 .

In other words, something like user1.hasWritePermisson(sector1) should return true, though the ACL is actually stored with farm1 . I need this even to work on the nested resources of sector and so on.

A straightforward solution would probably be to copy the access to all of the children objects of farm1 at the updating its acl. But I believe this would be a really inefficient one if farm1 contains thousands of sectors.

What would be the best way to achieve this in symfony2 ?

Answer 1

First of all. I think your question has nothing to do with SF2. In my opinion, you should create a efficient database which helps you to do the task. The rest is only a few queries away.

As I understand, it will be 3 major objects: User , Farm and Sector .

User could be in many Farms and Farms could be seen/wrote by many users

A Farm has many sectors, but a sector can only be in one farm

That being clarified, you will also need to declare the permissions for every user has in a farm. But, this will be declared in the many-to-many relationship with two relationship properties (read, write).

Once everything well designed, you should be able to create queries that satisfy your needs.

I know it's hard to understand because I'm talking in abstract, but let me know if you don't understand and I will draw you a scheme.