I implement access control on an intranet site. It would be easy if the company did not have more than 200 employees and user permissions for almost everyone. This is crazy, I know, but I can't change it.
So, I tried to find a common implementation that would meet my needs, but could not find it, so I went to do it myself. In the end, I came up with a fairly general solution that made me think: someone should have done this before!
I called it STOP (Subject Object Object Permission) Access Control. I have the following relationship:
.-------. .-----------. .-------. | users |1---*| STOPRules |*---1| tasks | `-------' '-----------' '-------'
The STOP rule has the following attributes
STOPRule { Subject; Task; ObjectType; Permission; Relation; }
An object relation can be: owner, creator, revisor, etc. This field is not required to support general tasks. When it is there, the relationship between the current user and the object instance is computed by the delegate. The current relation is then compared with the desired rule relation to allow or deny access.
Let me know if I have not been clear enough.
Two questions arise:
EDIT: I went ahead and actually started implementing this model. The first problem was that I needed a connection between the object and the object to support any use case. Now I can save the following rule:
John (topic) can (permission) change (task) (object), if he is the creator (relation) of order.
Please, can you guys use a REALISTIC use case that could not be expressed with this model?