I have a fairly large database where multiple organisations are stored. Users only need access to the data from one organisation so I need to make sure they can only access and change the data that pertains to them.
I have users and rights module installed which is working very well at restricting access to certain controllers/actions but im not sure of the best way to restrict the user to only their organisations records within a controller/action. The links within the pages will only ever let them see their own organisations data but the url could easily be overwritten with an id for data that does not belong to them.
In my data model, the organisation can be up to 6 levels up the hierarchy from the current data. I have all the required relationships set up so its pretty easy to write a line of code to go back up the tree to get the organisation id and compare it to the org id in their session profile (org id is set when user logs in) but Im just wondering about the overhead/efficiency in this.
For instance, I was thinking that in each model I could get the orgid in the OnAfterFind event, then check it against their profile org id then accept or reject them at this point.
So if the model is 6 levels down from the organisation table, what is the impact of running code like the following every time I get a record?
$orgid = $this->parent->parent->parent->parent->id;
I would only need to get to the table below the organisation table as it should have an orgid foreign key that I could use and therefore save that extra step.
As this is a security issue I need to implement the most robust option but with minimal coding, ie I dont what to have to add something to every controller/action, that will be painful. Im thinking that by attaching it to the model and having it fire when data is retrieved might be the most efficient way but have concerns with the overhead.
One way around this might be to load up all the ids from all the models that are valid and store them in the session, there might be 2,000 - 3,000 of these though so again, not sure of the impact/efficiency of this approach.
Any expert advice would be appreciated.