Plans to Revamp RBAC System?

CodeRus · October 31, 2017, 11:41pm

Are there any plans to revamp the RBAC system? It doesn’t seem to follow a very intuitive pattern as roles are mixed in with permissions with no distinction between them.

All RBAC systems I have ever used have followed the same pattern where users (or accounts in TC’s case) have a many-to-many relationship to roles and roles have a many-to-many relationship to permissions. This provides a more straight-forward and intuitive relationship which also makes the code to model the system simpler and more understandable.

Magnuss · November 2, 2017, 11:10am

More or less you can do that. What exactly do you miss ?

You can have a lot of accounts (many) and can link them to roles (many).

The roles (many) are linked to permissions (many).

Additionally I believe you can set accounts (many) to permissions (many).

CodeRus · November 2, 2017, 5:03pm

Yes, but the roles are mixed in with the permissions, correct? In other RBAC schemas, they are a separate entity and would constitute there being a separate roles table.

I suppose having the current schema makes it possible for a more simple implementation of your last point, since there would need to be a table to tie Roles to Accounts and another to tie any à la carte Permissions to accounts.

Do you know common it is to use that feature? I personally don’t see that getting much use but I’m not sure.

My only problem with how it sits now is that it seems difficult to tell what are roles and what are permissions.

Aokromes · November 2, 2017, 5:09pm

give a try to https://github.com/PHPscripts/RBAC_Manager or http://www.ac-web.org/forums/showthread.php?190847-Scat-s-RBAC-Manager