Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: Permissions

  1. #1
    Regular Coder
    Join Date
    Jul 2009
    Location
    Chicago, IL
    Posts
    169
    Thanks
    26
    Thanked 3 Times in 3 Posts

    Permissions

    The place I work at has decided to, in the near future, completely rewrite its extremely extensive permissioning software (using PHP). There are literally thousands of files, each with their own permissions. There are also thousands of users. Flat file permissions in a database didn't seem to work very well with the last permissioning system, and we are looking for a better way to keep track of such huge permissions. I was trying to think of data structures that might speed up the checking of such permissions, but nothing really came to mind. Any ideas on how to store this kind of data in a database? I've never worked with such large datasets before.

    I appreciate the help!
    Thanks

  • #2
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,388
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    PHP and MySQL seems like the logical choice.

  • #3
    Senior Coder gnomeontherun's Avatar
    Join Date
    Sep 2007
    Location
    Houston
    Posts
    2,846
    Thanks
    10
    Thanked 238 Times in 229 Posts
    I would use a CMS that has built in permissions, if I understand what you are asking.
    jeremy - gnomeontherun
    Educated questions often get educated answers, and simple questions often get simple answers.

  • #4
    Regular Coder
    Join Date
    Jul 2009
    Location
    Chicago, IL
    Posts
    169
    Thanks
    26
    Thanked 3 Times in 3 Posts
    I would use PHP MySQL. That wasn't really the question I was trying to ask. In a nut shell, how would you organize such massive permissions that wouldn't take forever? Creating a table with every single file and which permission each user has for each file seems to be a bit of an inefficient solution because of the scale of all this.

    Thanks!

  • #5
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,388
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    What kind of files are they?
    Give a list of file types (file extensions).

  • #6
    Regular Coder
    Join Date
    Jul 2009
    Location
    Chicago, IL
    Posts
    169
    Thanks
    26
    Thanked 3 Times in 3 Posts
    PDF, txt, html, php, etc. Also, the old permissioning had APIs to handle permissioning on external software. The problem is that htaccess isn't enough.

  • #7
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,388
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    You have one table with just the user profiles, and yes, you'll have thousands of users:
    unique id|user id|username|password|user last name|user first name|level|phone|etc.

    Users can log in and change their profile. Only the admin can change the user's level.
    Perhaps level 9 is admin. The admin can make anyone else an admin level.

    There is another table for every permission and file. This table will end-up with
    thousands of rows, but that's OK.

    unique row id|userid|filename

    If I have permission to access 100 files, there would be 100 rows with my userid in it.

    There is another table for files that fall into a "level" permissive. That means that
    perhaps every user with a level code of 3 might be able to all access the same file.
    There may be only 200 or so files that end-up in this table:

    unique row id|level|filename

    So now, you have 3 tables and there are some "like" columns between them.
    That allows you to use MySQL JOIN to cross-link the tables.

    If I am one user and I log-in, a successful log-in will set a PHP SESSION variable.
    Now, any queries with my userid will only yield the rows were I have permission.
    This makes the query result rather small and efficient.

    Because ALL of the protected file are in ONE protected directory, and nobody knows the
    name or path to that directory, PHP can "stream" or "serve" the files to the user only
    if they have permission. PHP can allow the files to be displayed (open) or (save-as).

    Administrators can edit any user's profile, and do infinite number of various searches
    and sorts on the database, and JOIN-ing of tables.



    .

  • Users who have thanked mlseim for this post:

    wldrumstcs (04-19-2010)

  • #8
    Regular Coder
    Join Date
    Jul 2009
    Location
    Chicago, IL
    Posts
    169
    Thanks
    26
    Thanked 3 Times in 3 Posts
    Wow thank you so much for that well-thought out idea!! I will definitely give this a whirl when the time comes to change the permissions.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •