I'm currently creating a permissions table which replicated the "777" method used in linux.
To do this I wanted to create a table like:
user_id, class1, class2, class3
Where class can be some feature on the website which requires permissions.
Does this seem like a good way to go about it? Are there an problems with this method?
Also, which datatype would best suit this data. I could use INT(3) but I'm assuming there's no "binary" datatype that replicates this type of thing
Use set('ru', 'rg', ro', 'wu', 'wg', 'wo', 'xu', 'xg', 'xo', 'sgid', 'suid', 't')
This is bit-optimized.
However, if you need to filter on individual permissions (like "select all users who can read from here"), you better implement it as a plain many-to-many tables:
user_permissions (object_id, user_id, permission ENUM ('r', 'w', 'x'))
group_permissions (object_id, group_id, permission ENUM ('r', 'w', 'x'))
other_permissions (object_id, permission ENUM('r', 'w', 'x', 'sgid', 'suid', 't'))
with each permission in its own record, create the PRIMARY KEY
constraints:
object_id, permission, user_id
object_id, permission, group_id,
object_id, permission
and query:
SELECT u.id
FROM user_permissions up
JOIN users u
ON u.id = up.user_id
WHERE object_id = $object
AND permission = 'r'
UNION
SELECT g.user_id
FROM group_permissions gp
JOIN user_groups ug
ON ug.group_id = gp.group_id
WHERE object_id = $object
AND permission = 'r'
UNION
SELECT u.id
FROM users u
JOIN other_permissions op
ON object_id = $object
AND permission = 'r'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.