ProcessMaker 4.0Permission Storage

Oleg Khimich

PermissionName convention:case.plugin.signature.can_create^-- entity name --^^--- permission name ---^

Example:$this->registerPermissions('case', [ 'case.can_create', 'case.can_edit', 'case.can_delete']);

StorageSparse matrix in MySQL

permission_list permission_matrix

Granting Permissions var_dump($this->wipePermissionsForUser($user_id)); // bool(true)

var_dump($this->setPermissionsForUser($user_id, [ 'case.can_create', 'case.can_edit', 'nonexistent' ]));/* ["case.can_create"]=> bool(true) ["case.can_edit"]=> bool(true) ["nonexistent"]=> NULL*/

Granting Permissions var_dump($this->setPermissionsForUser($user_id, ['case.can_create', 'case.can_delete']));/* ["case.can_create"]=> bool(false) ["case.can_delete"]=> bool(true)*/

Revoking Permissions var_dump($this->unsetPermissionsForUser($user_id, ['case.can_edit','nonexistent']));/* ["case.can_edit"]=> bool(true) ["nonexistent"]=> NULL*/ var_dump($this->unsetPermissionsForUser($user_id, ['case.can_edit'])); /* ["case.can_edit"]=> bool(false) */

Validating Permissions $allowed_perms = $this->getPermissionsForUser($user_id, [ 'case.can_create', 'case.can_edit', 'nonexistent’ ]); /* ["case.can_create"]=> bool(true) ["case.can_edit"]=> bool(false) ["nonexistent"]=> NULL*/

Performance Stress test

• 20k permissions• 10k users - each 100 random permissions• MySQL 5.7 backend, PHP 7.0

1000 samples for random user

Single lookup for:• 3 permissions = 4-6ms• 100 permissions = 10-12ms

Next Steps

• Multiple dimensions (User, Group, Entities, etc.)

• Implement PDO• Unit tests• Documentation