I have a question about ACL implementation.
Is it good to maintain the ACL rules in DB? or we can create the ACL rules at file level (in one of the file) and read it from there.
As i was reading about the ACL implementation in CakePHP & other frameworks. They use both as per the requirement.
I think maintaing the rules in one file & checking it there is more feasible & faster way to retrive & maintain the complexity of the system where we have more than 200 url actions to control.
Is it right way to follow?
Question comes down to how big your system is, how many users do you have, how many different functions do you have, etc. I would recommend doing it the database way, it can be tedious but it allows you to grow and there are many plugins out there that make ACL a lot easier to manage, i.e. http://www.alaxos.net/blaxos/pages/view/plugin_acl_2.0