I'm creating a website in which there are projects, users, and permissions for each user or groups of users. What this is is a community collaboration tool, and I have 4 different permissions:
- Creator - make changes, accept changes, change permissions
- Accept changes
- Make changes
- View
How could I implement, in a database, this kind of permission system, for groups of users?
Edit: Groups/permissions are defined by reputation, like on StackOverflow.
Edit 2 - more in detail: Each file needs to have a permission, projects need default permissions for newly created files, and I also need to set up MySQL database permissions.
user_table
id, etc
permission table
id, user_id, permission_type
with this structure, each user could have several permission types associated with their account, one for each set of features they could have access to. you would never need to change the table structure in order to add new types of permissions.
to take this a step further, you could make each type of permission a binary number. this way you could make a set of permissions be represented by one integer by using bitwise operators.
for instance if you had the constants
PERMISSION_CHANGE_PERMISSIONS = bindec('001') = 1
PERMISSION_MAKE_CHANGES = bindec('010') = 2
PERMISSION_ACCEPT_CHANGES = bindec('100') = 4
you could combine these values into one integer using a bitwise operator "|"
(PERMISSION_CHANGE_PERMISSIONS | PERMISSION_MAKE_CHANGES) = bindec('011') = 3 = $users_combined_permissions
then to check if they have a specific permission, use the bitwise operator "&"
($users_combined_permissions & PERMISSION_MAKE_CHANGES) = true
if you did that, you would only need one db record for each set of permissions.
I have used Zend_Acl in the past for this. I can recommend it. A tried and tested library that is quite easy to implement and can be used stand-alone. This option will scale well if you have different permission schemes to add afterwards.
I would create two tables; users and ranks.
User
-----
id
username
rankID
Ranks
------
id
makeChanges
acceptChanges
changePermissions
view
Then just create the various ranks that you want in the Ranks table and set the rankID of the users to match the corresponding one that you want. Make sure to set in the Ranks table each field to a value of 0 or 1; with 0 being not having that ability and 1 having that option.
Edit If you were going to do this without a database then you could give do it with the classes or even instances in PHP5. For instance, let's say that you had set a name for each of the things that you had in your original post:
Creator - make changes, accept changes, change permissions
Reviewer - Accept changes
Editor - Make changes
Regular - View
Then you could do something like below. (The database way would obviously be a much better way, but this is just an example.)
class Regular
{
public function View()
{
//Do the view stuff in here
}
}
class Editor extends Regular implements Edit
{
}
class Reviewer extends Regular implements Review
{
}
interface Review
{
public function AcceptChanges()
{
//Do the accept changes here
}
}
interface Edit
{
public function MakeChanges()
{
//Do the make changes stuff here
}
}
class Creator extends Regular implements Edit, Review
{
public function ChangePermissions()
{
//Do the change permissions stuff here
}
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 太酷不给撩 的文章《Implementing permissions based on reputation [clos》','https://www.manongdao.com/article-140342.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}