实施基于声誉的权限

2022-01-04 00:00:00 permissions sql php mysql

我正在创建一个网站,其中有每个用户或用户组的项目、用户和权限.这是一个社区协作工具,我有 4 个不同的权限:

I'm creating a website in which there are projects, users, and permissions for each user or groups of users. What this is is a community collaboration tool, and I have 4 different permissions:

  • 创建者 - 进行更改、接受更改、更改权限
  • 接受更改
  • 进行更改
  • 查看

如何在数据库中为用户组实现这种权限系统?

How could I implement, in a database, this kind of permission system, for groups of users?

组/权限由声誉定义,就像在 StackOverflow 上一样.

Groups/permissions are defined by reputation, like on StackOverflow.

编辑2 - 更详细:每个文件都需要有权限,项目需要新创建的文件的默认权限,我还需要设置MySQL数据库权限.

Edit 2 - more in detail: Each file needs to have a permission, projects need default permissions for newly created files, and I also need to set up MySQL database permissions.

推荐答案

user_table
id, etc

permission table
id, user_id, permission_type

通过这种结构,每个用户都可以拥有多种与其帐户相关联的权限类型,他们可以访问的每组功能都对应一种权限类型.您永远不需要为了添加新类型的权限而更改表结构.

with this structure, each user could have several permission types associated with their account, one for each set of features they could have access to. you would never need to change the table structure in order to add new types of permissions.

更进一步,您可以将每种类型的权限设为二进制数.通过这种方式,您可以使用按位运算符将一组权限用一个整数表示.

to take this a step further, you could make each type of permission a binary number. this way you could make a set of permissions be represented by one integer by using bitwise operators.

例如如果你有常量

PERMISSION_CHANGE_PERMISSIONS = bindec('001') = 1
PERMISSION_MAKE_CHANGES = bindec('010') = 2
PERMISSION_ACCEPT_CHANGES = bindec('100') = 4

您可以使用按位运算符|"将这些值组合成一个整数

you could combine these values into one integer using a bitwise operator "|"

(PERMISSION_CHANGE_PERMISSIONS | PERMISSION_MAKE_CHANGES) = bindec('011') = 3 = $users_combined_permissions

然后检查他们是否有特定的权限,使用按位运算符&"

then to check if they have a specific permission, use the bitwise operator "&"

($users_combined_permissions & PERMISSION_MAKE_CHANGES) = true

如果你这样做了,你将只需要为每组权限创建一个数据库记录.

if you did that, you would only need one db record for each set of permissions.

相关文章