Re: Re: Bitmask or Named permissions

Thanks for the feedback.
Let me say that more up-front work is definitely not a con =]
I am a firm believer that a little more work up-front can save a lot of work on the backend.
Really, I think the biggest issue with a permissions system is how to store a user's assigned permissions. This will then generally dictate how permissions are stored. The plan is to create a class that does nothing but answer authorization questsions something like the following pseudo-code:

class Authorize
{
    constructor( string user )
    {
        # get user permissions from persistent storage
    }

    hasPermission(PermissionPrimitive perm)
    {
        # compare user's permissions with given primitive
        # and return true or false accordingly
    }
}
[download]

Of course this scenario would probably have more methods, but those two are really the core functionality.
Given this scenario we have a central place to store a user's permissions and a central place for querying the user's permissions. This allows for the system as a whole to be ignorant of permissions, and puts the power into the specific components that will actually need authorization information.

Comment on Re: Re: Bitmask or Named permissions Download Code

Replies are listed 'Best First'.
Re: Re: Re: Bitmask or Named permissions by waswas-fng (Curate) on Oct 06, 2003 at 18:53 UTC
Then you also have to either place business logic about how permissions react with each other in those methods, or rely on general statements about permissions -- like they are always additive or the minimalistic. Either way limits you on how permissions that are inherently tied together can work (think requisite permissions). also exclusive permissions are hard to deal with as well. -Waswas	[reply]