Topic: On creating module permissions module... how do I do it (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=29848" title="Pages that link to Topic: On creating module permissions module... how do I do it (Page 1 of 1)" rel="nofollow" >Topic: On creating module permissions module... how do I do it <span class="small">(Page 1 of 1)</span>\

 
paritycheck
Bipolar (III) Inmate

From: you tell me
Insane since: Mar 2004

posted posted 01-07-2008 09:11

Hi guys, need some advice .. again.. well again for the umpteenth time my project seems to be in for another revision [as if thats not new] well the revision isn't real collossal but again any revision is a revision nonetheless.. Currently my project has modules and a simple module permissions based system. Each module can have teh following permissions i.e. Read, Write, Delete, Edit, Full or None - I know it sounds odd like as though its somekind of filesystem but hey this was my co workers bright Idea to make up such a system... The information is stored in a db as a single encrypted value...in hex format - sounds linux ... anyway it now appears that my boss doesn't want to have a simple read, write,edit etc idea of modules.. but instead he'd like to have something more specific and so he's decided that he wants that access to each module be controlled as such that whatever link or function can be performed on a module be checked or not checked. Like lets say a module has links like - add item, view item, download item, classify item, delete item, group item etc he'd like that access to links on teh module be configured through the module permissions settings part.

This is a total revampment of the original code idea and simply complexes things further - anyone have any idea on how I shoudl implement such a module based system? It would be greatly appreciated...

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 01-07-2008 13:52

Depends a bit on the language, but one way to go
basicall give each and every functionality a (sensible) name (module.whatever.verb),
then have a big table of (user, name) and then have a function to do the central checking
if there's an entry to with value user,name in the table, and if not, abort & go to error page.

Bear in mind, that if you have this fine grained activity control, it's going to be a pain in the ass
to allow somebody something (ie. you have to click a gazillion things for your new news editor
to be able to work), or you'll have 'permission templates' - and are virtually every time where you
were before you started this ordeal, just with a lot more resources spend on bogus security.



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu