[英]Understanding Web App Permissions with MySQL
Assume I have a schema defined with the 4 following entities: 假设我有一个使用以下4个实体定义的架构:
Users
-> Timeline (fk: userId)
-> Entries (fk: timelineId)
-> Tags (fk: entryId), where fk means foreign key.
Now, let's say I want to check in the web application if a user has permission to delete a particular tag. 现在,假设我要在Web应用程序中签入用户是否有权删除特定标签。 Right now I use Basic Authentication, check if the user's email // password exist in the database, and if so, grab the userId.
现在,我使用基本身份验证,检查数据库中是否存在用户的电子邮件//密码,如果存在,请获取userId。
Because of the userId only existing on the Timeline entity, I feel like I'd need to do the following: 由于userId仅存在于时间轴实体上,因此我需要执行以下操作:
DELETE t.* FROM `tags` AS t
INNER JOIN `entries` AS e ON t.entryId = e.id
INNER JOIN `timelines` AS tl ON e.timelineId = tl.id
WHERE
tl.userId = ? AND
t.id = ?
This approach works, but I feel like it would be inefficient. 这种方法有效,但我觉得效率不高。 Instead, I could add a userId FK to every single table such as the tags, but that also seems like a maintenance nightmare.
取而代之的是,我可以将userId FK添加到每个表(例如标签),但这似乎也像一场维护噩梦。
I can't think of any other approaches other than implementing some other type of permission system, such as using an ACL. 除了实现某种其他类型的权限系统(例如使用ACL)之外,我无法想到任何其他方法。 Any suggestions?
有什么建议么?
I think you can choose from a few options: 我认为您可以从以下几种选择中进行选择:
Basically and in general it's a compute / storage tradeoff I think. 基本上,总的来说,这是我认为的计算/存储权衡。 You either compute permissions every time or store them pre-computed somewhere, which means you need to re-compute them sometimes (but probably not all the time).
您要么每次都计算权限,要么将它们预先计算后存储在某个地方,这意味着您有时需要重新计算它们(但可能并非始终如此)。
The right solution depends on your exact scenario. 正确的解决方案取决于您的实际情况。 My experience is that in most cases it's not worth to fix something that is not broken yet (unless of course you know it will not work that way in the scenario you want to use it in).
我的经验是,在大多数情况下,不值得修复尚未损坏的东西(除非您当然知道在您要使用的情况下它不会以这种方式工作)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.