How to implement Restricted access to application features
- by DroidUser
I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific actions but up to a limit defined by the plan.
A Plan will also limit access to certain features, which will not be available at all for some plans.
As an example : say there are 3 plans, 2 actions throughout the application
users in plan-1 can perform action-1 3 times, and they can't perform
action-2 at all
users in plan-2 can perform action-1 10 times, action-2 5 times
users in plan-3 can perform action-1 20 times, action-2 10 times
So i'm looking for the best way to get this done, and my main concerns besides implementing it, are the following(in no particular order)
maintainability/changeability : the number of plans, and type of features/actions will change in the final product
industry standard/best practice : for future readiness!!
efficiency : ofcourse, i want fast code!!
I have never done anything like this before, so i have no clue about how do i go about implementing these functionalities. Any tips/guides/patterns/resources/examples?
I did read a little about ACL, RBAC, are they the patterns that i need to follow?
Really any sort of feedback will help.