The hardest part of a framework usually comes first right? Security. I am trying to see how ColdBox will fit into a flat file company portal that has been around for a while. There are the normal parts of our system:
- users
- access rights
- roles
I have looked into ForgeBox trying to see if there are any examples of a security module, but none meets my needs. Our idea is to be able to list all the things that a user can access/do in the system in a table. Roles and ACLs and what not, all end up saving to an already existing table of a user’s permissions:
- resource_name
- user_id
The resource can be anything - a page, a button, etc. For example, in a DataTable there might be a button for “Delete” and so there will be a record of:
- resource_name: “orders.results.delete”
- user_id: 50
Outside of ColdBox, we save all of the users’ permissions in an APPLICATION scope struct (not that many users since this is a portal with few users), using the users’ ID as the keys, and then use a simple function, “HasAccess(user_id, resource)”, to check against a user and their permissions. That’s a really easy way to hide/show elements on a page for each user. The reason we used APPLICATION scope is because for other reasons we do not have SESSIONs enabled in our cluster.
The current model is working fine for us, so I am looking to see how to port this into ColdBox. I know this is a major task, and by no means am I looking for someone to post any code here for me, but perhaps there is already a module that can handle something like this? Or perhaps, people more knowledgeable with ColdBox can suggest the best way to go about this, so that I don’t end up building and tearing down code until I get it right?
Thanks!