Joining tables in ORM

Question

I'm trying to write my own RBAC module in Kohana. I don't want to use an existing module, I just want to do this to learn.

My tables are: users, roles, permission and users_roles, roles_permissions (because of the many to many relations between users<->roles, and roles<->permissions);

My User model:

class Model_User extends ORM {

    protected $_primary_key = 'user_id';

    protected $_has_many = array(
        'roles' => array(
            'model'   => 'role',
            'through' => 'users_roles',
        ),
    );
}

My Role Model:

class Model_Role extends ORM {

    protected $_primary_key = 'role_id';

    protected $_has_many = array(
        'users' => array(
            'model'   => 'user',
            'through' => 'users_roles',
        ),

        'permissions' => array(
            'model'   => 'permission',
            'through' => 'roles_permissions',
        ),
    );
}

and my Permission model:

class Model_Permission extends ORM {

    protected $_primary_key = 'permission_id';

    protected $_has_many = array(
        'roles' => array(
            'model'   => 'role',
            'through' => 'roles_permissions',
        ),
    );
}

I create users:

$user = ORM::factory('user');
$user->username = 'johndoe';
$user->email = '[email protected]';
//etc
$user.save();

I create roles:

$author = ORM::factory('role');
$author->name = 'author';
$author->save();

I create permissions:

$read = ORM::factory('permission');
$read->name = 'read';
$read->description = 'can read posts';
$read->save();

$write = ORM::factory('permission');
$write->name = 'write';
$write->description = 'can write posts';
$write->save();

I add roles to users:

$user->add('roles', $author);

I add permissions to roles:

$author->add('permissions', $read);
$author->add('permissions', $write);

and everything is working fine.

But, my question is how to check if a user has a given permission: in this case how to check if johndoe has permission to write a post?

Thank you for your help!

Get all the authors permissions and then go through them and look if the write permission is in that set of permission objects. — hakre
I want to check if $user has write permission, and not if $author has write permission.. — Tamás Pap
Then you first need to get the role(s) of the user, then go through them to look if the permission is given. What's so complicated with that? — hakre
True, but isn't there a more elegant solution. Can't I do this in a single query? — Tamás Pap
You're using an ORM. As I understand you, you should not care about queries when you use the ORM's provided interface. As you want to write your ORM on your own, well, the ORM does what you made it doing. As you don't want to use a ready solution (which is normally highly suggested because ORM is complex software), live with what you have. If you're interested how you can create a sophisticated ORM on your own, there are plenty of books that describe things in detail. But as written, the topic is complex, so expect to read a few thousand pages before you start to code. — hakre

Anton Serdyuk Anton Serdyuk · Accepted Answer · 2011-12-27T21:26:31

One query, but only two joins as compared to the previous answer

class Model_User extends ORM {

// ... some stuff here

public function has_permission($permission_name)
{
    return (bool) ORM::factory('permission')
        ->where('permission.name', '=', $permission_name)
        ->join('roles_permissions')
            ->on('roles_permissions.permission_id', '=', 'permision.permission_id')
        ->join('roles_users')
            ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
            ->on('roles_users.user_id', '=', DB::expr((int) $this->user_id))
        ->count_all();
}

}

Joining tables in ORM

3 Answers