I'm about to start a project that will require several kind of users with different "powers".
To give a bit of context I'm expecting between 1000 and 10000 users.
I have at least 3 "layers": A, B, C
"A" could be "consulting companies", each with different clients "B", each with several projects "C".
One user might need to see an overview of all the projects managed by his company "A". Another just the ones of one of the companies "B". Another just project "A". Some users might be granted more fine grained detail on each level (maybe a user has fine grained level on "B" level but does not see anything on "A" level). Some users might have only read permission, others read and modify, others read, modify and create.
In the end I might end up with 100000 or one million "objects" to which I have to grant read/write/delete/modify permission.
I have to choose between a relatively simple Voters system or a full-fledged ACL. I noticed that ACL is not that well documented, despite seeming pretty powerful. I almost discarded Voters, but then I read this article which made me change my mind. Quote from the article:
This is typically what you think of when you talk about ACL: the ability to say that “this user” has access to “edit” some “object”. In Symfony2, you can leverage a custom voter to use whatever complex business logic you have to determine this.
According to the article you can use Voters for this as:
One other commonly-unknown property of isGranted is that there’s a second argument, which is any type of “object”
So here are my questions considering the context I've exposed:
1) Will the Voters option grant all the flexibility I need?
2) Will be ok performance wise (ACL specifically states that even with millions of objects there is no performance decay, I have doubts on Voters)
3) If I opt for Voters, can I safely use the FOSUserBundle, despite being specified something related with Symfony 1.2?
