I am going to launch a project that will require several users with different “permissions”.
To give a little context, I expect 1,000 to 10,000 users.
I have at least 3 "layers": A, B, C
“A” can be “consulting companies”, each of which has different clients “B”, each of which has several projects “C”.
A single user may need an overview of all projects managed by his company "A". Another of them is one of the companies "B". Another project "A". Some users may be provided with finer-grained information at each level (perhaps the user has a fine-grained level at level "B", but does not see anything at level "A"). Some users may have read permission only, others read and modify, others read, modify and create.
In the end, I can get 100,000 or one million "objects" to which I must grant read / write / delete / modify permission.
I need to choose between a relatively simple voter system or a full ACL. I noticed that the ACL is not so well documented, despite the seemingly quite powerful one. I almost dropped the voters, but then I read this article , which is why I changed my mind. Quote from the article:
This is usually what you think of when talking about ACLs: the ability to say that "this user" has access to "edit" some "object". In Symfony2, you can use custom selector to use any complex business logic that you must define.
According to this article, you can use Voters for this as:
Another common property of isGranted is that theres a second argument, which is any type of “object”
So, here are my questions regarding the context that I have uncovered:
1) Will the Voters option provide all the necessary flexibility?
2) It will work well with wisdom (the ACL specifically states that even with millions of facilities there is no performance breakdown, I have doubts about voters)
3) If I choose voters, can I safely use the FOSUserBundle , despite the fact that something related to Symfony 1.2 has been specified?