node_acl

node_acl copied to clipboard

I might be missing something with the terminology, but shouldn't we look at Role Hierarchy as a tree where all Parent nodes has all the permissions of their child nodes ?

So node has single Parent, Multiple children, and can access child resources but can't access parent resources.

It seems like node_acl is looking at it the opposite way.

1. Role can have multiple Parents.
2. Role has access to its Parents resources and they can't access its own resources Which means addRoleParents is actually addRoleChildrens

Exactly!

This is the situation I stumbled upon. I think the terminology is designed after Liskov Substitution Principle, which states that child classes inherit all the properties of parent classes, and can be used instead of the parent class in any case. Furthermore, specialization occurs in child classes and they are beyond the scope of the parent classes.

So it's not a tree in that the parents have all the access to the children, but a strict type hierarchy called behavioral subtyping.

Ok so to clarify:

acl.addRoleParents('usermanager', 'user'); //usermanager inherits all permissions of user
acl.addRoleParents('admin', 'usermanager'); //admin inherits all permissions of usermanager AND user