Thread: Access Control List(s)?
View Single Post
Old 09-03-2009, 03:02 PM   #19 (permalink)
Tanax
The Prestige
Upcoming Programmer Inquisitive 
 
Tanax's Avatar
 
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
Tanax is on a distinguished road
Default
Quote:
Originally Posted by ioan1k View Post
You would simply take the if statement for the deny check and drop it below the if statement for the group and user allow check puesdo code would be

Code:
if usergroup in allowlist:
     access is true
elseif user in allowlist:
     access is true

if user in denyuserlist:
    access is false

return access
Ah! I understand now. Wouldn't this be a little more efficient?
Code:
if usergroup in allowedgroups_list OR userid in allowedusers_list
     access is true

if userid in disallowedusers_list
     access is false
Quote:
Originally Posted by ioan1k View Post
For the friends list you are going to need to add the user'sId that references their account in the database along with the friendlistID such as

Code:
FriendsList Table
---------------------------
friendID        userId
EDIT:



Yes this is true, but if the access is to a very critical system resource and you happen to forget that the code works this way and forget to remove them from the allow listing, they will still have access, a good basis to follow is that if someone is going to be denied something specifically for their account there is likely a good reason so you always
Yes, I know how I would store the friendlists in the database.
Like: friendlist- userid, friendid

The problem I have though, is.. you remember this?
Code:
["Allowed Users"]=>
  array(3) {
    [0]=>
    string(2) "45"
    [1]=>
    string(2) "34"
    [2]=>
    string(3) "123"
  }
How would I know if 45, 34 and 123 are user ids or friendlist ids?? Since I store the "permissions" in a column "Allowed Users" ?

Like..

Your example about
"23_blog_post_415_comment_edit"

What if I want that user with id 23 to be allowed to have the option to allow the users on his friendlist to be able to edit the comments on his blogpost with id 415?

My tables looks like this
Code:
Usergroups:
group_id
group_name

Resources:
res_id
res_name

Permissions:
perm_id
perm_resource (<- the ID of the resource, not the name)
perm_allowedGroups
perm_allowedUsers
perm_disallowedUsers
Where would the friendlist ID's then be stored? If I store the friendlist ID in allowedUsers, the ids would be treated as user id's since it's in that column..

I'm TRYING to explain, but I'm not sure I'm explaining very good.. do you understand what I mean?
__________________
Tanax is offline   		Reply With Quote