How to implement Restricted access to application features

Posted by DroidUser on Programmers See other posts from Programmers or by DroidUser
Published on 2011-11-22T23:34:42Z Indexed on 2011/11/23 2:07 UTC
Read the original article Hit count: 94

I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific actions but up to a limit defined by the plan.
A Plan will also limit access to certain features, which will not be available at all for some plans.

As an example : say there are 3 plans, 2 actions throughout the application

  • users in plan-1 can perform action-1 3 times, and they can't perform action-2 at all
  • users in plan-2 can perform action-1 10 times, action-2 5 times
  • users in plan-3 can perform action-1 20 times, action-2 10 times

So i'm looking for the best way to get this done, and my main concerns besides implementing it, are the following(in no particular order)

  • maintainability/changeability : the number of plans, and type of features/actions will change in the final product
  • industry standard/best practice : for future readiness!!
  • efficiency : ofcourse, i want fast code!!

I have never done anything like this before, so i have no clue about how do i go about implementing these functionalities. Any tips/guides/patterns/resources/examples?
I did read a little about ACL, RBAC, are they the patterns that i need to follow?
Really any sort of feedback will help.

© Programmers or respective owner

Related posts about best-practices

Related posts about web-development