Aha, that sounds great.
One more thing though. I looked through the ACL system you zipped.
First of all, it is far too advanced for me.
But I got an idea from that system, that I want for my system.
That is allowedUsers and disallowedUsers.
Basically my tables would look something like this:
Code:
Usergroups:
group_id, group_name
Resources:
res_id, res_name
Permissions:
perm_id, perm_resource, perm_allowedGroups, perm_allowedUsers, perm_disallowedUsers
My "permissions" table would basically be like your "resourcesAllow".
My "usergroups" table would basically be like your "roles".
My "perm_allowedGroups" would basically be like your "roleId" in your "resourcesAllow" table.
As you see, I added allowedUsers and disallowedUsers.
"allowedUsers" is so I can grant access to a specific user to a specific resource even if they are in a usergroup that originally DOESN'T have access to that resource.
"disallowedUsers" is so I can remove access from a specific user to a specific resource even if they are in a usergroup that originally HAVE access to that resource.
All that is good.
But how would I do that in the PHP(in the ACL class) ??