I actually had in mind an unlimited parent/child relationships in the
groups. So that the super-parent would be the "Admin" group, that all
other groups are derived from, like "superusers" inherit the rights from
the admin group, but with rights X,Y & Z revoked. And the "regular users
group" is a child of the "superusers" group, etc. In addition, a user
should be able to have specific rights assigned to him.
Hmm... it is getting complicated...
-------------------------------------------------------------
Hugo Ahlenius E-Mail: [EMAIL PROTECTED]
Project Officer Phone: +46 8 230460
UNEP GRID-Arendal Fax: +46 8 230441
Stockholm Office Mobile: +46 733 467111
WWW: http://www.grida.no
-------------------------------------------------------------
| -----Original Message-----
| From: brob [mailto:[EMAIL PROTECTED]
| Sent: Monday, October 13, 2003 11:26
| To: CF-Talk
| Subject: Re: ACL database design
|
|
| ot that i have much experience in this, but here's a shot.
|
| I'm assuming that users dont have any rights unless they
| belong to a group. Also asumme that it's a 1 level
| parent/child scheme (like, just parent and many childs, not
| grandparents or great-great grandchildren). but that wont
| make a diffenrece. It's just my brain isn't evolved enough
| to understand how that works lol. Also using the table below,
| one user can belong to many groups.
|
|
| Rights
| id
| descr
|
| Users
| id <--key to id in tbl_groups_rights
| f_name
| l_name
| other Info
|
| Groups
| id
| parent_id <--key to id in tbl_groups (all top level groups
| (first parents) get parent_id 0)
| group_name
| description
|
|
|
| user_groups
| id <---key to id in group_rights
| users_id <---key to id in tbl_users
| groups_id <---key to id in tbl_groups
|
|
| group_rights
| id <---key to id in user_groups
| rights_id <--key to id in tbl_rights
| group_id <---key to id in tbl_groups
| description
|
|
|
|
|
| So lets say the user logs into the admin or whatever. you
| need to do 2 queries regarding the roles. you first query
| the ids of the groups it's in and get the rights_id belonging
| to that group.
| Append those ids to a session list or cookie or sumthin.
| Then you query for the Ids of the parents of that group (if
| the parent's ID is 0, then it means it has no parents), and
| get the rights belonging to those parents. Then append those
| ids to the previous list
|
| Now on your templates, you just need to write code to allow
| that person to do whatever according to what ids they have.
| That will mean u have to hard code the IDs to the conditions
| on those pages tho, which will be hard to maintain and keep
| track of. make another template that has all of the rights
| ID queried from tha databse) and assign them to variables.
| Then just include that template on your pages. And on those
| pages (or parts of the page), I would say if list doesn't
| contain X or Z, then don't show stuff below or goto error.
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
