Build a Better Access Control System

Question

I'm in the process of a building an access control system as part of a web framework I am developing. I want to make it super flexible and awesome. Can you help me by providing input and insight on my design? Here is my work so far (my specific questions are at the bottom):

Users

• Users have a username (32 characters, no spaces) and password
• Users have one or more e-mail addresses that must be verified
• Users may login using either their username or any of their e-mail addresses
• Users may be associated to zero or many accounts

Accounts

• Accounts represent one or more users
• Each user may have specific permissions or roles for an account (e.g., account owner or "can add new user")
• All accounts are tied to an account type

Account Types

• Account types have zero or many account type roles
• Account types have zero or many account type features

Account Type Roles

• E.g., "Owner", "Administrator", "Power User", "Guest", etc.
• Account type roles are a collection of account type permissions

Account Type Permissions

• Account type permissions are specific actions in the system that application logic will verify against
• They may reference a parent, so they can be hierarchically grouped
• E.g.:
  • "User Management"
    • "Add User"
    • "Remove User"
• These permissions may be specifically for an account type feature

Account Type Features

• 可以在帐户上激活帐户类型功能,以便为其提供更多权限
• 例如,"标准账户"或"高级账户"
• 如果在帐户上激活这些功能,则会为帐户所有者提供对系统的更大访问权限
• 它们在被激活或停用时被跟踪,并且可以定期或按需计费

问题

对用户操作进行应用程序逻辑检查的最佳方法是什么？我正在考虑将所有用户的权限存储在一个对象中用于他们的会话(这需要注销/登录才能刷新权限,我不喜欢这个 - 实时权限管理的任何想法？):

{
  "All Permissions": {
    "User Management": {
        "Add User",
        "Delete User"
    },
    "Premium Account": {
        "Download Files",
        "Upload Files"
    },
  }
}

然后,我将声明系统中特定操作所需的权限.也许是这样的:

Permission::require('Add User');

如果声明的权限不在users权限对象中,则请求将失败.这对于每个用户操作来说似乎都很激烈.另外,如果另一个权限子集的字符串为"添加用户",该怎么办？

在此先感谢您对此的任何帮助!

Answer 1

查看您的帐户类型权限,您会发现您考虑了访问控制列表(ACL)样式的系统设计.

如果你想让它超级灵活和令人敬畏,那么我建议这不是一个好的设计.ACL系统的工作对于简单的权限 - 也许在您的方案中实际上是可以的 - 但是一旦授予权限的规则变得极其动态 - 即依赖于超出用户身份或角色的任何上下文数据 - ACL的下降平快.

该视频详细介绍了ACL的缺陷,并讨论了实现访问控制的其他方法,以解决实际情况.

此外,这已经完成了(尽管我们可以看到的实现很少); 或许看看Rhino Security.原始链接http://ayende.com/Blog/category/548.aspx已损坏,因此请保留互联网档案链接以供参考.

Answer 2

我发现我喜欢的一种方式是一种“级联”权限。您拥有一组核心权限 - 比如说读、写、删除 - 并且这些权限可以分配给组或用户。

READ    USER1
READ    USER2
WRITE   USER2
READ    USER3
WRITE   USER3
DELETE  USER3

或者，您可以指定“组”而不是用户名。

READ    SUBSCRIBER
READ    EDITOR
READ    ADMIN
WRITE   EDITOR
WRITE   ADMIN
DELETE  ADMIN
USER1   SUBSCRIBER
USER2   EDITOR
USER3   ADMIN

然后您可以简单地使用表中的值来排序和查找记录。这允许灵活地成为具有互斥权限等的多个组的成员。