如何实现论坛特权 [英] How can I implement forum privileges

问题描述

我已经开始在MVC框架上使用PHP开发论坛应用程序，并且已经达到向成员分配权限(例如:READ，WRITE，UPDATE，DELETE)的阶段.

I've started developing a forum application in PHP on my MVC Framework and I've got to the stage where I assign permissions to members (for example: READ, WRITE, UPDATE, DELETE).

现在，我知道可以在数据库的用户表下添加5列并将其设置为1 |. 0，但对我来说，如果我想添加其他规则(例如MOVE)，对我来说似乎太多了.

Now, I know I can add 5 columns under the user table in my database and set them to 1 | 0, but that to me seems like too much if I want to add other rules, like MOVE for example.

又如何动态地将这些特权分别分配给用户?

And how can I dynamically assign these privileges them to users individually?

我听说过使用位掩码，但是如果我在继续之前能完全理解它们，那将是非常好的.

I've heard of using a bitmasks, but it would be really good if I could fully understand them before I continue.

您有一个示例说明如何实现此目标吗?

Do you have an example of how I might implement this?

推荐答案

您所描述的方法(存储在列中的个人权限)非常简单，但以牺牲灵活性为代价(如您所注意到的那样).

The method you described -- individual privileges stored in columns -- is straightforward at the expense of flexibility (as you noticed).

Zuul的方法更加简单，并且与您的方法基本相同，只是它避免了任何"ALTER TABLE"语句的需要.但是，它不是规范化的，不容易查询且不能自我记录.

Zuul's method is even more simple and essentially the same as yours, except it avoids the need for any "ALTER TABLE" statements. However, it is not normalized, not easily queryable and not self-documenting.

这两种方法的另一个问题是，随着用户群的增加，要正确设置每个人的特权，您会越来越感到痛苦.您会发现自己拥有许多需要完全相同特权的用户.但是，为了更改用户的特权(例如适应新的特权)，您将必须进入该特权并将其添加到每个单独需要它的用户.主要PITA.

Another problem with both of these methods is that as your user base grows, you will find it increasingly more of a pain to keep everybody's privileges set properly. You will find yourself with a lot of users who need exactly the same privileges. Yet in order to change a user's privileges, such as to accomodate a new privilege, you will have to go in and add that privilege to each user who needs it individually. Major PITA.

对于论坛，不太可能需要按用户权限管理.您更有可能拥有某些类别的用户，例如匿名用户，登录用户，主持人，管理员等.这将使其非常适合基于角色的访问控制(RBAC).在此系统中，您将为每个用户分配一个角色，并授予该角色特权.特权将作为行存储在特权"表中.因此简化的数据库架构如下所示:

For a forum, it's not likely that you'll need per-user privilege management. More likely you'll have certain classes of users like anonymous users, logged-in users, moderators, administrators, etc. This would make it well-suited for role-based access control (RBAC). In this system you would assign each user to a role, and grant privileges to the role. Privileges would be stored as rows in a "privilege" table. so the simplified database schema would look like:

PRIVILEGE
int id (primary key)
varchar description

ROLE_PRIVILEGE_JOIN
privilege_id (foreign key)
role_id (foreign key)

ROLE
int id (primary key)
varchar description

USER
int id (primary key)
int role_id (foreign key)

此模式在许多处理用户权限的应用程序中使用.在特权表中，将任何人可能拥有的所有特权添加为一行；在角色表中添加任何用户可能拥有的每个角色；并将它们适当地链接在role_privilege_join表中.

This pattern is used in many applications that deal with user privileges. Add every privilege that anyone could possibly have as a row in the privilege table; add every role that any user could possibly have in the role table; and link them appropriately in the role_privilege_join table.

唯一真正的缺点是，因为使用了联接表，所以"can user X do Y"查询会变慢一些.

The only real disadvantage is that because a join table is used, the "can user X do Y" query is going to be somewhat slower.

这篇关于如何实现论坛特权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！