a lock and key approach. 3 tables. Items are locked and a user must have
the appropriate key to use the system.
Profile
privileges
profile_privileges
Profile has profile_id and name in it
Privileges is usually a privilege name and id
profile_privileges then has priv_id, profile_id (many to many table).
Each user is assigned a profile. Many users may belong to the same group.
Privileges are associated with a profile.
I have a custom tag/udf called validate_permission which simply checks that
the profile id has the privilege id which is associated with a particular
name. if validate(permission, profile_id, priv_name) is true.
Since I do use Fusebox, I've actually written an entire security system
around it which allows using the <fuseaction permission /> attribute to
secure circuits or fuseactions to specific privileges. I can alsouse the
udf internally in scripts to secure specific lines of code.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
