Topic awaiting preservation: Uber permissions module - need to restrict usage on EVERYTHING on my webforms how do I do it?

Hi guys, new situation. Well the system we're working on has a simple module based permissions system in place. Basically all modules ids are stored in a db as are sub module details. Now when a user is granted access to modules a module access field for the use rin teh user table is populated with acolon delimmiter string of ids of the module and submodule ids the user can access.

Now we nee dto take it like one step further. We want to control what functionality can and cannot be visible to the users on the screens. Like lets say we want to grant userX access to address book module and file manager modules but we don't want the user to lets say associate a task concerning an address book or be able to upload files and stuff like that. The structure of our application from a user view is as this that we have contacts and emails and we assign tasks and associate files to individual contacts and emails through custom made little forms and widgets on each page.

The idea is that we want to control all that from the admin users provelidges page as well - any button any link - it shoudl be visible only if its allowed by an admin. This calls for having a central store for all teh links and widgets for each an devery modules page :| and quite simply I'm perplexed as to how to get along with it. How do I do this?

Well, the short answer is 'give every link and button a unique name, and only if the field for that name is set, show it (and don't forgot to actually restrict the functionality again'.

But the long answer is:
-who's gonna set 500 items to get a new user set up?
-How do you manage updates?
-Do you introduce 'roles' again that prefill a user's rights?
-What happens if a role changes? do the old users get updated?

Seriously you need to reconsider. You don't want to have a million little settings
that no one can all remember. You want to have a few broad strokes that turn
off file upload globally for a user and so on...

Well thats pretty much teh idea we do hope to include roles as well kinda like how facebook have set in their privacy settings - you can assign access rights to friend lists and along that you can add exceptions for certain individuals like you could grant access to photos for all friends in a list except one of them within that list...

How do you propose I would like store teh names of the link and button. In this case it would be that I would have to manually where ever the button is to be displayed - put a check saying - can I see this button and display based upon that or not. It seems tedious but hey its again another mutation of our collaboration system.

basically, I'd have a central object that handled checking a permission and displaying the content,
and it would have a special mode to display the permissions name next to it.


Seriously, great that you're being payed to do this.
But software *design* is something entirely different than what you guys are doing...

I'm beginning to understand the hard way that whatever I've studied at college with respect to the SDLC and design process has yet to be put into implementation.

How shoudl I actually implement this object - and how would I store teh permissions in this case. One co worker suggested entires for each button in atable for each user - I'm thinking kinda on teh lines of having teh eprmissions to be read into an dfrom a string kinda like how they set permissions on UNIX ssytems u know 777 rw-rx-wx - any tips on this

well, you coworker is right.

your object basically needs a displayIfPermited($strToDisplay, $strRequiredRight) function.