Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2010-04-27 08:39:05

Siguo
Member
From: Beijing, China
Registered: 2008-05-22
Posts: 44

3. Topics about User & Permissions: permission class and group

According to our three level permission pattern and table design, the permissions should be divided into class and group(Or you can call it group and subgroup).

Why we should divide permissions into class and group?

because this make it possible to deal with plenty of permissions, say thousands permissions.
we know the permissionmask field has the datatype INTEGER, which commonly is 4 byte length, which is 32 bits, so each field can only hold no more than 32 permissions.

1. generic class
this class holds permissions that apply to every user but don’t belongs to any other group, like can visit the public site, can login into the admin panel, can email members…etc.

this class commonly only has one group.

2. administrator class
this class holds permissions that apply to site administrators, but don’t aplly to common users, like can edit other users profile, can add new users, can delete users, can edit others article, can edit page and form, can edit css…eth.

this class may have only one group, which include admin permissions, css permissions, user manage permissions, page/form permissions, when needed, can be divided into small group.

3. common class
this class holds permissions that don’t belong to the above two class, mostly belongs to section and special function permissions. like can view article content, can comment article, can publish article, can upload image, can search site, can edit own article……etc.

this class commonly has several group, like section permission group, article permission group, comment permission group, file permission group….

For example, according to this design, we can divide the permission in admin_config.php like below:

1.generic class permissions(with only one group)
tab.admin
tab.content
tab.extensions
tab.presentation

2. administrator class permissions(with only one group)
admin
admin.edit
admin.list
article.delete
article.edit
article.edit.published
list
category
css
diag
discuss
file
file.edit
file.delete
form
image
image.edit
image.delete
import
link
link.edit
link.delete
log
page
plugin
prefs
sections

3. common class(with some group)
a. article group:
article.delete.own
article.edit.own
article.edit.own.published
article.publish
article.php
article

b. file group
file.edit.own
file.delete.own
file.publish

c. image group
image.edit.own
image.delete.own

d. link group
link.edit.own
link.delete.own

Last edited by Siguo (2010-04-27 14:25:34)

Offline

Board footer

Powered by FluxBB