Implementing permissions based on reputation [closed]_问答_开发者

Closed. This question needs to be more focused. It is not currently accepting answers.

开发者_如何学编程

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 5 years ago.

Improve this question

I'm creating a website in which there are projects, users, and permissions for each user or groups of users. What this is is a community collaboration tool, and I have 4 different permissions:

Creator - make changes, accept changes, change permissions
Accept changes
Make changes
View

How could I implement, in a database, this kind of permission system, for groups of users?

Edit: Groups/permissions are defined by reputation, like on StackOverflow.

Edit 2 - more in detail: Each file needs to have a permission, projects need default permissions for newly created files, and I also need to set up MySQL database permissions.

user_table
id, etc

permission table
id, user_id, permission_type

with this structure, each user could have several permission types associated with their account, one for each set of features they could have access to. you would never need to change the table structure in order to add new types of permissions.

to take this a step further, you could make each type of permission a binary number. this way you could make a set of permissions be represented by one integer by using bitwise operators.

for instance if you had the constants

PERMISSION_CHANGE_PERMISSIONS = bindec('001') = 1
PERMISSION_MAKE_CHANGES = bindec('010') = 2
PERMISSION_ACCEPT_CHANGES = bindec('100') = 4

you could combine these values into one integer using a bitwise operator "|"

(PERMISSION_CHANGE_PERMISSIONS | PERMISSION_MAKE_CHANGES) = bindec('011') = 3 = $users_combined_permissions

then to check if they have a specific permission, use the bitwise operator "&"

($users_combined_permissions & PERMISSION_MAKE_CHANGES) = true

if you did that, you would only need one db record for each set of permissions.

I have used Zend_Acl in the past for this. I can recommend it. A tried and tested library that is quite easy to implement and can be used stand-alone. This option will scale well if you have different permission schemes to add afterwards.

I would create two tables; users and ranks.

User
-----
id
username
rankID


Ranks
------
id
makeChanges
acceptChanges
changePermissions
view

Then just create the various ranks that you want in the Ranks table and set the rankID of the users to match the corresponding one that you want. Make sure to set in the Ranks table each field to a value of 0 or 1; with 0 being not having that ability and 1 having that option.

Edit If you were going to do this without a database then you could give do it with the classes or even instances in PHP5. For instance, let's say that you had set a name for each of the things that you had in your original post:

Creator - make changes, accept changes, change permissions
Reviewer - Accept changes
Editor - Make changes
Regular - View

Then you could do something like below. (The database way would obviously be a much better way, but this is just an example.)

class Regular
{
    public function View()
    {
        //Do the view stuff in here
    }
}

class Editor extends Regular implements Edit
{

}

class Reviewer extends Regular implements Review
{

}

interface Review
{
    public function AcceptChanges()
    {
        //Do the accept changes here
    }
}

interface Edit
{
    public function MakeChanges()
    {
        //Do the make changes stuff here
    }
}


class Creator extends Regular implements Edit, Review
{
    public function ChangePermissions()
    {
        //Do the change permissions stuff here
    }
}