Super User (or 'Super Admin Role')

Question

Super User (or 'Super Admin Role')

deviarte opened this issue 10 years ago · 3 comments

We are currently using this package in an internal application for our company.
Everything works as expected!

But we can't handle Super Users (or a Super Admin Role) seamlessly.
What we currently do is load all possible ACL actions and give the super admin ALLOW for everything.

But this is kind of wasteful use of resources since the application is designed to load ACL actions on a per request basis.

Example: If /contacts/* is being requested, fetch all ACL actions (from file) and all permissions (from db) just for the contacts module.

We currently have around 300 ACL actions and 20 roles, this can add up really quick if a super admin is detected, since we need to load all actions.

How can this be handled "better" ?

Note: I am happy to submit a pull request if needed, but would love to hear your ideas first.

Note 2: I am aware of $authority->allow(ALIAS, 'all');
But what i really need is: $authority->allow('all', 'all');
Since read,create,update,delete is not enough, we have tons of other uses like: send, pull, fetch etc.

Answer 1 · 2014-05-21T02:48:58.000Z

@deviarte so allow('all', 'all') doesn't currently work? If not I believe this is an oversight on my part.

Answer 2 · 2014-05-21T13:22:14.000Z

Nope, only the second 'all' works. (resources)

Answer 3 · 2014-07-15T07:51:20.000Z

@deviarte You can replace the line 92 of Rule.php by this one:

        return $this->action === 'manage' || in_array($this->action,$action);

Or you can test this behavior with my Authority-Controller package who patch Authority.
Then you can do:

$authority->allow('manage', 'all');