Pm 4.0 permission_storage
-
Upload
oleg-k -
Category
Engineering
-
view
31 -
download
1
Transcript of Pm 4.0 permission_storage
ProcessMaker 4.0Permission Storage
Oleg Khimich
PermissionName convention:case.plugin.signature.can_create^-- entity name --^^--- permission name ---^
Example:$this->registerPermissions('case', [ 'case.can_create', 'case.can_edit', 'case.can_delete']);
StorageSparse matrix in MySQL
permission_list permission_matrix
Granting Permissions var_dump($this->wipePermissionsForUser($user_id)); // bool(true)
var_dump($this->setPermissionsForUser($user_id, [ 'case.can_create', 'case.can_edit', 'nonexistent' ]));/* ["case.can_create"]=> bool(true) ["case.can_edit"]=> bool(true) ["nonexistent"]=> NULL*/
Granting Permissions var_dump($this->setPermissionsForUser($user_id, ['case.can_create', 'case.can_delete']));/* ["case.can_create"]=> bool(false) ["case.can_delete"]=> bool(true)*/
Revoking Permissions var_dump($this->unsetPermissionsForUser($user_id, ['case.can_edit','nonexistent']));/* ["case.can_edit"]=> bool(true) ["nonexistent"]=> NULL*/ var_dump($this->unsetPermissionsForUser($user_id, ['case.can_edit'])); /* ["case.can_edit"]=> bool(false) */
Validating Permissions $allowed_perms = $this->getPermissionsForUser($user_id, [ 'case.can_create', 'case.can_edit', 'nonexistent’ ]); /* ["case.can_create"]=> bool(true) ["case.can_edit"]=> bool(false) ["nonexistent"]=> NULL*/
Performance Stress test
• 20k permissions• 10k users - each 100 random permissions• MySQL 5.7 backend, PHP 7.0
1000 samples for random user
Single lookup for:• 3 permissions = 4-6ms• 100 permissions = 10-12ms
Next Steps
• Multiple dimensions (User, Group, Entities, etc.)
• Implement PDO• Unit tests• Documentation