I'm assuming that users dont have any rights unless they belong to a group. Also asumme that it's a 1 level parent/child scheme (like, just parent and many childs, not grandparents or great-great grandchildren). but that wont make a diffenrece. It's just my brain isn't evolved enough to understand how that works lol. Also using the table below, one user can belong to many groups.
Rights
id
descr
Users
id <--key to id in tbl_groups_rights
f_name
l_name
other Info
Groups
id
parent_id <--key to id in tbl_groups (all top level groups (first parents) get parent_id 0)
group_name
description
user_groups
id <---key to id in group_rights
users_id <---key to id in tbl_users
groups_id <---key to id in tbl_groups
group_rights
id <---key to id in user_groups
rights_id <--key to id in tbl_rights
group_id <---key to id in tbl_groups
description
So lets say the user logs into the admin or whatever. you need to do 2 queries regarding the roles. you first query the ids of the groups it's in and get the rights_id belonging to that group.
Append those ids to a session list or cookie or sumthin. Then you query for the Ids of the parents of that group (if the parent's ID is 0, then it means it has no parents), and get the rights belonging to those parents. Then append those ids to the previous list
Now on your templates, you just need to write code to allow that person to do whatever according to what ids they have. That will mean u have to hard code the IDs to the conditions on those pages tho, which will be hard to maintain and keep track of. make another template that has all of the rights ID queried from tha databse) and assign them to variables. Then just include that template on your pages. And on those pages (or parts of the page), I would say if list doesn't contain X or Z, then don't show stuff below or goto error.
----- Original Message -----
From: Hugo Ahlenius
To: CF-Talk
Sent: Monday, October 13, 2003 2:18 AM
Subject: ACL database design
Hi,
I am trying to set up a fairly advanced security/rights/permissions system
for a web-app. I am having some trouble just to figure out how to set up
the database with a list of rights, groups and users. I would to set up
the groups in a parent/child relationship that inherit rights, and I would
like the number of childs to be indefinate.
Any tips?
Thanks,
Hugo
-------------------------------------------------------------
Hugo Ahlenius E-Mail: [EMAIL PROTECTED]
Project Officer Phone: +46 8 230460
UNEP GRID-Arendal Fax: +46 8 230441
Stockholm Office Mobile: +46 733 467111
WWW: http://www.grida.no
-------------------------------------------------------------
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
