上下文中的用户和角色 [英] Users and roles in context

问题描述

我想了解如何为我正在编写的应用程序实现用户/角色关系。持久层是Google App Engine的数据存储，它为可以完成的工作提供了一些有趣的（但通常是有益的）限制。任何想法都会受到赞赏。

保持事情非常具体可能会有所帮助。我希望有组织，用户，测试内容和测试管理部门（测试记录）。用户可以具有参与者（测试者），测试材料的贡献者或两者的角色。用户也可以是零个或更多组织的成员。在参与者的角色中，用户可以看到他或她已经接受过测试的以前的主管部门。如果该参与者已授予用户授权，用户还可以看到另一个参与者的测试管理。用户可以看到已经公开的测试材料，并且他或她可以在对该用户已经被组织授权的测试的特定管理期间看到受限制的内容作为参与者。作为组织的成员，用户可以看到贡献者角色中的受限内容，他或她可能也可能不能编辑内容。每个组织应该有一个或多个管理员，可以确定成员是否可以查看和编辑内容并确定谁具有管理员权限。还应该有一个或多个应用程序范围的超级用户可以解决问题并解决问题。组织成员可以看到相关参与者授权他们查看的测试管理机构，如果没有授权，他们可以看到匿名数据。在任何其他情况下，用户都无法看到其他用户的测试结果。

由于App Engine数据存储区中没有连接，因此可能需要将事情归一化为了确保检查权限的查询速度快（例如，确定是否显示链接的查询），典型的SQL数据库比平常要复杂。

我的问题是：

1. 我该如何前进？我应该为了正确使用模型而花费大量时间，还是可以迭代多次，并逐渐增加复杂性？


2. 有没有人有一些关于如何在这种情况下分解事情？


3. 是否有任何GAE库以与此安排兼容的方式处理角色？

解决方案

我不太确定我是否正确理解您的问题，但我会尽我所能回答：

1. 我总是发现迭代编程更容易测试和编写，所以这是我的建议。


2. 我认为你已经有了必要的实体正确划分，但我认为你需要一个额外的实体： Permission ，它定义每个角色可以做什么，每个角色有零个或多个 Permission 链接。请记住，对于GAE中的每个多对多关系，您需要定义一个密钥列表，或者一个单独的实体作为中介。


3. 不是我所知道的，但是你可能想要调查基于Django的角色系统，并尝试改编一个基于Django的解决方案（因为Django已经存在很久了）。您可以使用 App Engine修补程序来很好地将Django加入GAE。




I'm trying to get a sense of how to implement the user/role relationships for an application I'm writing. The persistence layer is Google App Engine's datastore, which places some interesting (but generally beneficial) constraints on what can be done. Any thoughts are appreciated.

It might be helpful to keep things very concrete. I would like there to be organizations, users, test content and test administrations (records of tests that have been taken). A user can have the role of participant (test-taker), contributor of test material or both. A user can also be a member of zero or more organizations. In the role of participant, the user can see the previous administrations of tests he or she has taken. The user can also see a test administration of another participant if that participant has given the user authorization. The user can see test material that has been made public, and he or she can see restricted content as a participant during a specific administration of a test for which that user has been authorized by an organization. As a member of an organization, the user can see restricted content in the role of contributor, and he or she might or might not also be able to edit the content. Each organization should have one or more administrators that can determine whether a member can see and edit content and determine who has admin privileges. There should also be one or more application-wide superusers that can troubleshoot and solve problems. Members of organizations can see the administrations of tests that the participants concerned have authorized them to see, and they can see anonymous data if no authorization has been given. A user cannot see the test results of another user in any other circumstances.

Since there are no joins in the App Engine datastore, it might be necessary to have things less normalized than usual for the typical SQL database in order to ensure that queries that check permissions are fast (e.g., ones that determine whether a link is to be displayed).

My questions are:

1. How do I move forward on this? Should I spend a lot of time up front in order to get the model right, or can I iterate several times and gradually roll in additional complexity?
2. Does anyone have some general ideas about how to break things up in this instance?
3. Are there any GAE libraries that handle roles in a way that is compatible with this arrangement?

解决方案

I'm not quite sure I'm understanding your questions correctly, but I'll try my best to answer:

1. I always find iterative programming easier to test and write, so that's my recommendation.
2. I think you have the necessary entities already divided correctly, but I think you need an additional entity: Permission, that defines what each role can do, each Role having zero or more Permission links. Just remember that for each many-to-many relationship in GAE you need to either define a list of keys, or a separate entity to be the intermediary.
3. Not that I know of, but you may want to investigate Django-based role systems and try to adapt a Django-based solution (since Django's been around longer). You can hack Django onto GAE rather nicely with App Engine Patch.

这篇关于上下文中的用户和角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！