in reply to (Ovid) Re: Application Access Control
in thread Application Access Control

Thanks for posting these snippets. They've moved my own thinking on this subject along....

Ovid wrote here:
One change I'm planning on making to this in the future: I want to change the permission in the permission table to an integer, with the values of -1, 0 and 1. The benefit of this will be in group creation.

I may not understand your algorithm. You might run into problems if somebody is in multiple groups with a permission granted. 

01 group one
01 group two
-1 user
----
1

[download]
update: added attribution to quote from Ovid



--mandog

Replies are listed 'Best First'.
(Ovid) Re(3): Application Access Control
by Ovid (Cardinal) on Sep 24, 2001 at 06:34 UTC

    mandog wrote:

    You might run into problems if somebody is in multiple groups with a permission granted.

    That's a good point. In this case, for the application I'm going to port it to, I don't mean "groups" in the Unix sense. I mean "employee type". Users of the system will be a particular type of employee, so it's a one-to-many relationship, rather than the many-to-many scenario you can have on Unix. If I needed to go that route, I would probably do a bitwise OR on the group permissions and then add the user permission.

        perl -e 'print ((1 | 1) - 1)'

    [download]

    That will print 0 (zero). However, at that point, it's probably better to move that process into a stored procedure, rather than calculate it in Perl.

    Cheers,
    Ovid

    Vote for paco!

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
[d/l]

In Section Seekers of Perl Wisdom