Is this database design or authorization / permissions responsibility_问答_开发者

Is this database design or authorization / permissions responsibility

开发者 https://www.devze.com 2023-02-04 01:48 出处：网络

I\'m thinking about permissions system for my project and I can\'t make a decision on how to organize my permissions system. In开发者_StackOverflow short abstract form I would describe my question as

I'm thinking about permissions system for my project and I can't make a decision on how to organize my permissions system. In开发者_StackOverflow short abstract form I would describe my question as :

Should I create shared entities (rows) and apply permissions or create separate entity (row) copy for each user?

My situation: I have 2 entities

Company
{
   [PK]
   Id,
   Name, 
   Contacts, 
   OwnerUser
}, 
Contact
{
   [PK]
   Phone,
   ContactPerson
}

which have many-to-many relationship. Users are allowed to modify Company entity which they created (own).

My problem: Contact entity(row) can be shared between Companies which are owned by different users, and suppose both users want to edit Contact.ContactPerson to different value (for example one user claims that than phone number belongs to John, and other that it's Tom's number), this situation can be resolved if I create separate copy of Contact for each Company (and therefore user), but my business rules doesn't allow duplicate Contacts with same phone number, and there other Contact properties that must be shared (according to my business rules) besides phone number.

How to resolve this situation?

In the end you must create a policy. you can apply a policy to merging if conflict occurred (like in version control), or a strict policy that only creator of contact that can edit, or anyone can edit contact as long as the contact is in her company, or complex policy that using rating (point) to get access to edit like stackoverflow :P.

and this problems only can be solved with asking directly to the client, what a policy that he want to apply.

It sounds like your business logic is in conflict there. At one hand you're saying that it's possible for two users to disagree over who's telephone number a number is (which is perfectly valid, if two people share a desk/phone). On the other hand you say that your business logic doesn't allow duplicate phone numbers.

Why does your logic insist on unique phone numbers? It sounds to me like you've created a PK that is not guaranteed to be unique, and therefor unsuitable.