I'm writing an ACL class that takes its rules from "setter" methods:
<?php
$acl = new AccessControlList();
$acl->allow('someController', 'publicAction', 'guestRole');
$acl->deny('someController', 'privateAction', 'guestRole');
The question is: what's the best option for storing these rules in the ACL object?
At the moment, I'm considering an array like this:
array(
'guest' => array(
'someController' => array(
'publicAction' => true,
'privateAction' => false
)
),
'admin' => array (
...
)
)
But it looks like it will be a performance disaster when it grows, keeping in mind the logic to read the array (infering isAllowed(...) results) and writing it (with rule conflicts, overwrites, inheritance between roles and resources...).
Maybe I'm wrong from the begining and those "setters" are the problem. Is there any well established design pattern to follow?