开发者

privacy concerns- database

开发者 https://www.devze.com 2023-03-14 11:13 出处:网络
i开发者_运维百科f i have this table: users ----- id_users (pk) age name gender salary it is needed for each of these values an option to set visible or not in user profile.

i开发者_运维百科f i have this table:

users
-----
id_users (pk)
age
name
gender
salary

it is needed for each of these values an option to set visible or not in user profile. What do you think that is the best way to do that?

For example hide the field salary to the person x, but allows to the person y. basically some persons can watch some attributes.

thanks


If the default privacy will be show to all, then you can create a table to hold all the hide settings of a certain user to a certain user.

This is the table I would suggest, with a compound PK of the three columns:

hide_details
------------
visitor_id
user_id
what

Some sample data would be:

visitor_id      |       user_id     |       what
    1                       2               age
    1                       2               name
    3                       4               salary

This table schema will not have to be updated in the future if you add another column to your users' table. Suggestion, if you want to make this amazingly fast you can map the column names to integers, and use that in your application logic to compare against. E.g. name = 1, age = 2, etc... So, when you do the comparison to hide the name or not, you just check if there is a record with that integer in the hide array.

You can use it like the following: before you display a profile, you fetch all the hide records of that visitor to that profile, and put them in an array, and then display anything, which hasn't been hidden.

E.g.

$hide = array('name', 'age', 'salary');

Then, you can check like:

echo (in_array($hide)) ? '' : '<div>Name:'.$name.'</div>';


You need to have a rights table for the persons who view the data. It can have the fields like id_person, may_view_age, may_view_salary, etc.

If visitors should be able to see some information of only certain people, then you need to also include a field for that in the users table, for example a department_id

It's hard to suggest something more specific if we don't know anything about your application.

0

精彩评论

暂无评论...
验证码 换一张
取 消