I control access to some of my static web resources using some PHP logic. Since directory-based authorization through a web server is not suitable or easily possible.
The combination of things determines whether access is granted or denied. And these rules change from time to time.
At the beginning, it was a simple match of the regular expression path and checking for one session variable. Now it’s more difficult, because it involves several more variables.
I am wondering how to do this, so quickly and easily change the rules. When it was simple: "if it And this, then deliver another 403." it was perfect to do this in direct php. Now the conditions are more complex and there are several levels of nesting with common, but slightly different conditions inside. It is simple enough for refactoring, but it is not the most intuitive and easy to update.
I think of one of two things.
Set classes for each of the upper levels of conditions and use the Factory strategy to select the correct authorization. Derive everything from the base class containing the common bits, and overload everything you need. I think this may still be subject to some shuffling when some conditions change.
Make a simple engine that iterates through a 2d array of ordered rules, sort of like a firewall rule. Sort of:<allow|deny>, <auth_group>, <path_regex>, <other vars>
I did not fully think about this, but it seems that it would be easier to update, and also read as a person.
What would you do? Is there an installed template or library that I can use for this?
I ran into a similar problem in another application some time ago. Where I wanted to easily update the way rules and results are combined together on several levels of conditions. It is not as difficult as this application, but I would be interested to know how people use this problem to solve this problem.
Jamie
source
share