I have one MySQL DB table like the following, the resources table:
id | name | type
1 | guest | user
2 | member | user
3 | moderator | user
4 | owner | user
5 | admin | user
6 | index | controller
Onto the next table, the rules table:
id | user_id | rule | resource_id | extras
1 | 2 | 3 | 1 | null
2 | 3 | 3 | 2 | null
3 | 4 | 3 | 3 | null
4 | 5 | 3 | 4 | null
5 | 6 | 1 | 1 | index,login,register
6 | 6 | 2 | 2 | login,register
7 | 6 | 1 | 2 | logout
OK, sorry for the length, but I am trying to give a full picture of what I am trying to do.
So the way it works, a role (aka user) can be granted (rule: 1) access to a controller, a role can inherit (rule: 3) access from another role or a role and be denied (rule: 2) access to a controller. (A user is a resource and a controller is a resource)
Access to actions are granted / denied using the extras column.
This all works, its not a problem with setting up the ACL within zend.
What I am now trying to do is show the relationships; to do that I need to find the lowest level a role is granted access to a controller stopping if it has explicitly been removed. I plan on listing the roles. When I click a role, I want it to show all the controllers that role has access to. Then clicking on a controller shows the actions the role is allowed to do.
So in the example above, a guest is allowed to view the index action of the index controller along with the login action.
A member inherits the same access, but is then denied access to the login action and register action.
A moderator inherits the rules of a member.
So if I were to select the role moderator. I want to see the controller index listed. If I click on the controller, it should show the allowed actions as being action: index. (which was originally granted to the guest, but hasn't since been dissallowed)
Is there any examples to doing this. I am obviously working with the Zend MVC (PHP) and MySQL.
Even just a persudo code example would be a helpful starting point - this is one of the last parts of the jigsaw I am putting together.
P.S. Obviously I have the ACL object - is it going to be easier to interigate that or is it better to do it my self via PHP/MySQL?
The aim will be, show what a role can access which will then allow me to add or edit a role, controller and action in a GUI style (that is somewhat the easy bit) - currently I am updating the DB manually as I have been building the site.
