Permissions System Design. Want feedback
Posted: Sat Jul 15, 2006 9:13 am
I was thinking something along the lines of CHMOD but that might not be the best idea mostly because i don't know how to test for it.
what i wanted to know is how to design the permissions system. setting it is trivial. if anything i could set it as a 32int and bit flag their permissions. jeez, now that i think of it that would work great in C++ but can i do that in PHP? that's just another question now lmao
but checking for it w/o having to do like 300 checks to make sure that they are the right role with the correct permission. it's a pretty complicated system because i've set up the account architecture to have multiple types of accoutns (admin/mod/editor/author/user) and then there are sub accounts from within that. then i planned to set permissions to that as well so that the main admin (god admin) can set the bottom personnel to have different permissions.
for instance. you install forums onto my framework. the god admin sets the roles for the forums. he wants 20 admins (more than excessive i know) and 40 mods. then he install the estore and then again he assigns roles for them in the same fashion. mixing and matching the previous admins and completely new admins and same for the mods.
now, you have all these roles but now you need to set thier permissions. for instance the god admin doesn't want to allow all the admins to change the offtopic forum name. only one. and he does the same for all the forums. the mods take care of the users and posts and threads within the system.
so there are now set permissions for each personnel type.
users we can figure out on our own. no problems.
so that being said how could i check for permissions? checking for roles is easy enough but then you have to check permissions.
now, the question. after I've setup which roles can do what, how do i check within the code thier permissions for what they are allowed to do. that one account?
any good ideas?
what i wanted to know is how to design the permissions system. setting it is trivial. if anything i could set it as a 32int and bit flag their permissions. jeez, now that i think of it that would work great in C++ but can i do that in PHP? that's just another question now lmao
but checking for it w/o having to do like 300 checks to make sure that they are the right role with the correct permission. it's a pretty complicated system because i've set up the account architecture to have multiple types of accoutns (admin/mod/editor/author/user) and then there are sub accounts from within that. then i planned to set permissions to that as well so that the main admin (god admin) can set the bottom personnel to have different permissions.
for instance. you install forums onto my framework. the god admin sets the roles for the forums. he wants 20 admins (more than excessive i know) and 40 mods. then he install the estore and then again he assigns roles for them in the same fashion. mixing and matching the previous admins and completely new admins and same for the mods.
now, you have all these roles but now you need to set thier permissions. for instance the god admin doesn't want to allow all the admins to change the offtopic forum name. only one. and he does the same for all the forums. the mods take care of the users and posts and threads within the system.
so there are now set permissions for each personnel type.
users we can figure out on our own. no problems.
so that being said how could i check for permissions? checking for roles is easy enough but then you have to check permissions.
now, the question. after I've setup which roles can do what, how do i check within the code thier permissions for what they are allowed to do. that one account?
any good ideas?