php - MVC frameworks, API layers, and Authentication/Permissions -

-

i asked question earlier, may have been vague or broad warrant answer. i've since reconsidered approach , question.

i'm working on framework specific application in mind, keeping re-usability @ forefront. key element of framework exposing api layer, json driven remote interaction.

my issue in planning out comes authentication/permissions. if i'm designing mvc style architecture in mind, yet want permit usage via api layer, should authentication/permissions check take place?

the web access layer same api layer, difference being output method (html vs. json), figured common business logic layer 2 make sense. requests normalized data structure, , sent business logic. business logic kicks out result data structure (query results, failure, success, etc.) either fed template engine, or serialized json.

it appears me permissions check needs performed in common business logic layer, there better place incorporate mvc/api framework?

i don't know else elaborate @ moment, feel free ask more details , i'll provide come them.

how plan on allowing users access api?

here's how role-based authorization:

  • each controller typically has multiple actions (methods) accessible frontend, e.g.
    • function action_get($id)
    • function action_delete($id)
  • each controller has class property specifies roles required each action, e.g. 
    protected $access = array(     'get' => null,  // can access; line isnt necessary though     'delete' => array('admin')  // admins can access )
  • a before() method fired before executing action. authorization check based on $access list.
  • each action responsible determining output, e.g.
public function action_get($id) {       // business logic... build data structure       # ...        if (request::is_ajax()) {           // output json       }       else {           // output html       }   }

that system expanded allow api calls. either expand on output portion of method, detecting if api request, or create action api call. if choose latter method , wish keep code dry, move business logic data structure helper method (e.g. protected function _get()). there may better ways of providing access , handling api well.. depends on how want allow access , how flexible/dry want make it.


Comments

Post a Comment

Popular posts from this blog

Javascript line number mapping -

-
magically formatted comments change reported line number of javascript errors in browsers; this: //@line n "f" n line number , f file name. unfortunately, //@line appears ungoogleable. know there documentation on feature, , browsers support it? (i found references here , here .) from can find available in mozilla based browsers. it using js_setoptions command can turn these options on or off depending on values passed. https://developer.mozilla.org/en/js_setoptions
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ...
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more