Storing and assigning user rights within an application with an unknown number of plugins
I have an application that uses 0 or more plugins, but I need to assign user rights for access to various parts of the application and then iterate those rights to show or hide / enable or disable / modify menu and UI items appropriately. At the moment users can log in, but only have three levels: basic user, power user, administrator. Anyone with Administrator priveleges can access anything so that is easy enough and short circuits the need to deal with other checks.
All other users, though, may need to be allowed to access part of the system on a read only, read and write, or some other combination such as can add but cannot delete.
In trying to determine the best way to store and process this information I have considered a bitwise value, but that only provides 64 permissions and I have no way of knowing how many may be required.
Given that the application uses plugins the plugins need to store some sort of rule that determines who can do what which the host application can then impleent.
Can anybody give me some advice about implementing this type of structure?
Chris Bray.
All other users, though, may need to be allowed to access part of the system on a read only, read and write, or some other combination such as can add but cannot delete.
In trying to determine the best way to store and process this information I have considered a bitwise value, but that only provides 64 permissions and I have no way of knowing how many may be required.
Given that the application uses plugins the plugins need to store some sort of rule that determines who can do what which the host application can then impleent.
Can anybody give me some advice about implementing this type of structure?
Chris Bray.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Bob,
Illusio gave a good answer, but not necessarily what I was looking for. Again, I was sincerely hoping for some more input from other experts....
That said, the suggestion was valid and I feel that perhaps some or all of the points on a B grade would be appropriate in this situation. Please advise if you feel this would fit in with the ethos and rules of EE.
Chris Bray.
Illusio gave a good answer, but not necessarily what I was looking for. Again, I was sincerely hoping for some more input from other experts....
That said, the suggestion was valid and I feel that perhaps some or all of the points on a B grade would be appropriate in this situation. Please advise if you feel this would fit in with the ethos and rules of EE.
Chris Bray.
Hi Chris,
Maybe you can comment on the ideas given and I can give further ideas and advise. There are some more solutions possible. The design I've lead out is a general one - usable in almost any case. For me the safest suggestion to start with since I don't know your specific situation in detail.
Maybe you can give some upper limits and minimum requirements.
Kind regards,
Peter
Maybe you can comment on the ideas given and I can give further ideas and advise. There are some more solutions possible. The design I've lead out is a general one - usable in almost any case. For me the safest suggestion to start with since I don't know your specific situation in detail.
Maybe you can give some upper limits and minimum requirements.
Kind regards,
Peter
Oh - grade of B is good for me - I'm not really in it for the points, just for the helping.
Peter
Peter
ASKER
Hi Illusio,
To be honest I have passed your suggestion to one of my co-developers but due to family illness on my part and holidays on his we have not yet had an opportunity to review your suggestion in detail in comparison with the project. Unfortunately that part of the project is more his responsbility so whilst I can ask the question and suggest he will have to make sure that your suggestion does not clash with whatever else he is coding.
We were certainly thinking of storing permissions for individuals rather than user groups, and the solution needs to be scalable. Your suggestion is not (yet) a complete solution but may well lead to one once we review it in context, and hopefully that review will take place tomorrow. I suggest that I ask him to review that before our meeting and I will come back and ask any further questions or request more assistance if required.
I do feel that your answer deserves points rather than deletion, and thank you for both your help so far and your offer of further assistance.
Chris Bray.
To be honest I have passed your suggestion to one of my co-developers but due to family illness on my part and holidays on his we have not yet had an opportunity to review your suggestion in detail in comparison with the project. Unfortunately that part of the project is more his responsbility so whilst I can ask the question and suggest he will have to make sure that your suggestion does not clash with whatever else he is coding.
We were certainly thinking of storing permissions for individuals rather than user groups, and the solution needs to be scalable. Your suggestion is not (yet) a complete solution but may well lead to one once we review it in context, and hopefully that review will take place tomorrow. I suggest that I ask him to review that before our meeting and I will come back and ask any further questions or request more assistance if required.
I do feel that your answer deserves points rather than deletion, and thank you for both your help so far and your offer of further assistance.
Chris Bray.
ASKER
Hi Peter
After all that my colleague is now ill and not fit for our coding review today!! However, he has reviewed the suggestion youput forward and says that with modification it is workable for our purposes. I therefore propose to assign you the points as described above and thank you for your efforts.
If we come across any further issues I will post another question which hopefully you will spot and be able to answer.
Chris Bray.
After all that my colleague is now ill and not fit for our coding review today!! However, he has reviewed the suggestion youput forward and says that with modification it is workable for our purposes. I therefore propose to assign you the points as described above and thank you for your efforts.
If we come across any further issues I will post another question which hopefully you will spot and be able to answer.
Chris Bray.
say u number ur entities(ur addons) say
Addon - 1 is 100
addon -2 is 200
and so on
and for each add on u will have privilege from 1-99
like 101 - 199;
then for each user u can store the privileges in a string list
like
usera - 101,102,201,202,203,204,10
userb - 301,302,201,302,203,304,10