Implementing permissions based on reputation [closed]

Answer 1

user_table
id, etc

permission table
id, user_id, permission_type

with this structure, each user could have several permission types associated with their account, one for each set of features they could have access to. you would never need to change the table structure in order to add new types of permissions.

to take this a step further, you could make each type of permission a binary number. this way you could make a set of permissions be represented by one integer by using bitwise operators.

for instance if you had the constants

PERMISSION_CHANGE_PERMISSIONS = bindec('001') = 1
PERMISSION_MAKE_CHANGES = bindec('010') = 2
PERMISSION_ACCEPT_CHANGES = bindec('100') = 4

you could combine these values into one integer using a bitwise operator "|"

(PERMISSION_CHANGE_PERMISSIONS | PERMISSION_MAKE_CHANGES) = bindec('011') = 3 = $users_combined_permissions

then to check if they have a specific permission, use the bitwise operator "&"

($users_combined_permissions & PERMISSION_MAKE_CHANGES) = true

if you did that, you would only need one db record for each set of permissions.

Answer 2

I would create two tables; users and ranks.

User
-----
id
username
rankID


Ranks
------
id
makeChanges
acceptChanges
changePermissions
view

Then just create the various ranks that you want in the Ranks table and set the rankID of the users to match the corresponding one that you want. Make sure to set in the Ranks table each field to a value of 0 or 1; with 0 being not having that ability and 1 having that option.

Edit If you were going to do this without a database then you could give do it with the classes or even instances in PHP5. For instance, let's say that you had set a name for each of the things that you had in your original post:

Creator - make changes, accept changes, change permissions
Reviewer - Accept changes
Editor - Make changes
Regular - View

Then you could do something like below. (The database way would obviously be a much better way, but this is just an example.)

class Regular
{
    public function View()
    {
        //Do the view stuff in here
    }
}

class Editor extends Regular implements Edit
{

}

class Reviewer extends Regular implements Review
{

}

interface Review
{
    public function AcceptChanges()
    {
        //Do the accept changes here
    }
}

interface Edit
{
    public function MakeChanges()
    {
        //Do the make changes stuff here
    }
}


class Creator extends Regular implements Edit, Review
{
    public function ChangePermissions()
    {
        //Do the change permissions stuff here
    }
}

Answer 3

I have used Zend_Acl in the past for this. I can recommend it. A tried and tested library that is quite easy to implement and can be used stand-alone. This option will scale well if you have different permission schemes to add afterwards.