User can view/edit/add/remove objects (categories, users, items etc.). What is the best practice to store (in MySQL), manage and check if user have such permissions.
Acl
class will control if user allowed to execute controller's method or not.
User can view/edit/add/remove objects (categories, users, items etc.). What is the best practice to store (in MySQL), manage and check if user have such permissions.
Acl
class will control if user allowed to execute controller's method or not.
Are you sure you want to go with bitmasks?
If you have many roles your bitmask number can get very high, and a query to search who has permission X would be bad performance wise.
Personally, I like to store such data in a two column table (UserId, PermissionId), this way it's both scalable and easy to maintain. To check who has a permission or which permissions has a user, you only need a SELECT or a JOIN.