What is wise priviledge system in CMS?

Re: What is wise priviledge system in CMS?

Perttu Pulkkinen wrote:[color=blue]
> Content management system I'm working consists pages, categories, users (and
> images). It is in the first place dircted to companies where 1-10 persons
> are taking care of site content. I am thinking how should I set my
> privilegde system:
>
> 1) use priviledge levels in a simple way: each normal admin is either
> allowed just to make drafts for superadmins to accept or not. superadmins
> can do anything.
> * dbtable solution:
> field like priv enum('superadmi n', 'admin') in admins table
>
> 2) connect piviledge levels to categories also: certain adminLEVEL can write
> only to those categories that superadmin allows him/her to (while he/she may
> still make drafts to every category?)
> * dbtable solution:
> connector table levels_categori es
>
> 3) connect every admin personally to certain categories
> * dbtable solution: connector table admins_categori es
>
>[/color]

I would say Use bit fields.

example.

define("SUPERAD MIN", 1);
define("ADMIN", 2);

if ($userpermissio n & SUPERADMIN) {
//the user is a super user
}

etc...

Each user need a permission field too, with their right bit value stored
in it. That means each user can have many roles as well, because you can
just add all the bit values together and you have one permission int. In
the categories table you can add the bit field required for accessing
the category.

if ($categorypermi ssion & $userpermission ) {
//the user have access
}


Do you follow the idea ?

--
Henrik Hansen

Re: What is wise priviledge system in CMS?

If you want a really flexible privilege system then go for a database table
solution. I have outlined my ideas on this in a document at
http://www.tonymarston.co.uk/php-mys...s-control.html which
is based on my experiences of such systems over the past 20 years.

HTH.

--
Tony Marston





"Perttu Pulkkinen" <perttu.pulkkin en@co.jyu.fi> wrote in message
news:98MKc.85$Q 47.4@read3.inet .fi...[color=blue]
> Content management system I'm working consists pages, categories, users[/color]
(and[color=blue]
> images). It is in the first place dircted to companies where 1-10 persons
> are taking care of site content. I am thinking how should I set my
> privilegde system:
>
> 1) use priviledge levels in a simple way: each normal admin is either
> allowed just to make drafts for superadmins to accept or not. superadmins
> can do anything.
> * dbtable solution:
> field like priv enum('superadmi n', 'admin') in admins table
>
> 2) connect piviledge levels to categories also: certain adminLEVEL can[/color]
write[color=blue]
> only to those categories that superadmin allows him/her to (while he/she[/color]
may[color=blue]
> still make drafts to every category?)
> * dbtable solution:
> connector table levels_categori es
>
> 3) connect every admin personally to certain categories
> * dbtable solution: connector table admins_categori es
>
>[/color]

Re: What is wise priviledge system in CMS?

"Henrik Hansen" <hhSPAM@fsck.dk > kirjoitti viestissä news:apMKc.2608 6[color=blue]
> I would say Use bit fields.
> example.
> define("SUPERAD MIN", 1);
> define("ADMIN", 2);
> if ($userpermissio n & SUPERADMIN) {
> //the user is a super user
> }
> etc...
> Each user need a permission field too, with their right bit value stored
> in it. That means each user can have many roles as well, because you can
> just add all the bit values together and you have one permission int. In
> the categories table you can add the bit field required for accessing
> the category.
> if ($categorypermi ssion & $userpermission ) {
> //the user have access
> }
> Do you follow the idea ?
> Henrik Hansen[/color]

I don't have much experience with binary thing other than simple boolean
values. Do you mean that in binary system somepriv = 1, otherpriv= 10 and
someotherpriv = 100 and then all possibilities for user's priv_field are 000
,001, 010, 011, 100, 110 and 111? Can you give more examples?

Re: What is wise priviledge system in CMS?

On Mon, 19 Jul 2004 10:06:02 GMT
"Perttu Pulkkinen" <perttu.pulkkin en@co.jyu.fi> wrote:
[color=blue]
> "Henrik Hansen" <hhSPAM@fsck.dk > kirjoitti viestissä news:apMKc.2608 6[color=green]
> > I would say Use bit fields.
> > example.
> > define("SUPERAD MIN", 1);
> > define("ADMIN", 2);
> > if ($userpermissio n & SUPERADMIN) {
> > //the user is a super user
> > }
> > etc...
> > Each user need a permission field too, with their right bit value
> > stored in it. That means each user can have many roles as well,
> > because you can just add all the bit values together and you have
> > one permission int. In the categories table you can add the bit
> > field required for accessing the category.
> > if ($categorypermi ssion & $userpermission ) {
> > //the user have access
> > }
> > Do you follow the idea ?
> > Henrik Hansen[/color]
>
> I don't have much experience with binary thing other than simple
> boolean values. Do you mean that in binary system somepriv = 1,
> otherpriv= 10 and someotherpriv = 100 and then all possibilities for
> user's priv_field are 000,001, 010, 011, 100, 110 and 111? Can you
> give more examples?
> [/color]

No, a bitwise priv system works this way.
Ex.:

// Map privileges
define("UBERADM IN", 1);
define("NEWS", 2);
define("ARTICLE S" 4);
define("FORUM_M OD" 8);
/**
* The sums of these are always unique to the combination.
* Two different combinations of the above privileges
* cannot have the same value.
*/


// Let's pretend that $user has the $priv = 10.
// That is NEWS + FORUM_MOD (2 + 8).

// Then if you want to check if this user has the correct privs
// for an UBERADMIN action you simply do:
if ($priv & UBERADMIN) {
echo "$user has UBERADMIN privilege.";
} else {
echo "$user haven't got UBERADMIN privilege.";
}

You can then easily add more, just remember that numbers are counted as
^2, i.e. 1, 2, 4, 8, 16, 32, 64, 128 etc...
That way no two different combinations can ever be the same.
if ($priv & UBERADMIN)
then checks to see if the UBERADMIN bit is set in $priv.

(This bitwise deal, is actually quite simple, but complicated to
explain.)

Another quick example:
<?php
$privs = array("a" => 1, "b" => 2, "c" => 4, "d" => 8, "e" => 16);
$priv = 27;
foreach ($privs as $key => $val) {
if ($priv & $val) {
$user_priv[] = $key;
}
}

echo "Privileges : " . join(", ", $user_priv);
// Will output: Privileges: a, b, d, e
?>

Does it make more sense now?

Madsen

--
Anders K. Madsen --- http://lillesvin.linux.dk

"There are 10 types of people in the world.
Those who understand binary - and those who don't."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA+7mNlNH Je/JASHcRAkMrAJ9/wAGC/N8BxsehQcxsNlrm Lbs3tACfe0ww
CAvlWuabuNBCQeC qR2Pgn9g=
=q/YI
-----END PGP SIGNATURE-----

Re: What is wise priviledge system in CMS?

Perttu Pulkkinen wrote:[color=blue]
> "Henrik Hansen" <hhSPAM@fsck.dk > kirjoitti viestissä news:apMKc.2608 6
>[color=green]
>>I would say Use bit fields.
>>example.
>>define("SUPER ADMIN", 1);
>>define("ADMIN ", 2);
>>if ($userpermissio n & SUPERADMIN) {
>>//the user is a super user
>>}
>>etc...
>>Each user need a permission field too, with their right bit value stored
>>in it. That means each user can have many roles as well, because you can
>>just add all the bit values together and you have one permission int. In
>>the categories table you can add the bit field required for accessing
>>the category.
>>if ($categorypermi ssion & $userpermission ) {
>>//the user have access
>>}
>>Do you follow the idea ?
>>Henrik Hansen[/color]
>
>
> I don't have much experience with binary thing other than simple boolean
> values. Do you mean that in binary system somepriv = 1, otherpriv= 10 and
> someotherpriv = 100 and then all possibilities for user's priv_field are 000
> ,001, 010, 011, 100, 110 and 111? Can you give more examples?
>
>
>[/color]


You need to know how to use bitwise operations
(http://www.php.net/manual/en/languag...rs.bitwise.php) when you
got to know them you see some good potentional in them.

& check if the bit is in both int's example:

$userpermission is 4 which means it contanins the bits 1 2 and 4 which
means if we do:

if (SUPERADMIN & $userpermission ) {

}

it will go into the if because we defined SUPERADMIN to 1 in the other
reply. But lets say $userpermission was 0 meaning for example a normal
user, the above if block would fail because the bit 1 is not in 0.

I am not very good at explaining, but hope it helps.


more info:



Just ask away, I will try to answer the best I can :)

--
Henrik Hansen

Re: What is wise priviledge system in CMS?


"Perttu Pulkkinen" <perttu.pulkkin en@co.jyu.fi> wrote in message
news:e2NKc.100$ Q47.63@read3.in et.fi...[color=blue]
> "Henrik Hansen" <hhSPAM@fsck.dk > kirjoitti viestissä news:apMKc.2608 6[color=green]
> > I would say Use bit fields.
> > example.
> > define("SUPERAD MIN", 1);
> > define("ADMIN", 2);
> > if ($userpermissio n & SUPERADMIN) {
> > //the user is a super user
> > }
> > etc...
> > Each user need a permission field too, with their right bit value stored
> > in it. That means each user can have many roles as well, because you can
> > just add all the bit values together and you have one permission int. In
> > the categories table you can add the bit field required for accessing
> > the category.
> > if ($categorypermi ssion & $userpermission ) {
> > //the user have access
> > }
> > Do you follow the idea ?
> > Henrik Hansen[/color]
>
> I don't have much experience with binary thing other than simple boolean
> values. Do you mean that in binary system somepriv = 1, otherpriv= 10 and
> someotherpriv = 100 and then all possibilities for user's priv_field are[/color]
000[color=blue]
> ,001, 010, 011, 100, 110 and 111? Can you give more examples?
>
>[/color]
To answer your question, you do have the right idea!
The statement:
if($userpermiss ions & PERMISSION)
simply tests to see if the bits in PERMISSION are set (=binary 1) in
$userpermission .
To set the bits you can simply use decimal though, eg to set 011 you would
make it equal to 3.

Re: What is wise priviledge system in CMS?

Thanks for these advices! I also ask kindly to check the reply and new
questions I gave to Tony Marston to keep this thread compact.

Re: What is wise priviledge system in CMS?

Thanks for these advices! I also ask kindly to check the reply and new
questions I gave to Tony Marston in order to keep this thread compact.