问题
So, hey guys, I'm creating a Quiz Hosting website just for fun and I'm assigning roles to admin... There is a master admin, who can do/add/edit any and everything.. but I want privileges to other admins to be restricted.. say One can only add/edit questions and categories while other can only handles payments for quizzes..and so on
My first question is: Is this a good or rather I should say,the CORRECT thing to do??
My second question: Currently I have achieved this by using numbers 1 to 8 for privileges..the higher the number more the privileges.Is this method OK? is there any room for improvement(I'm sure there is)or is there a better method??
Kindly guide me in this respect friends.. THX
回答1:
First:
My first question is: Is this a good or rather I should say,the CORRECT
thing to do??
Nobody can say whether it is good or bad except you, because only you best understand the logics and scope and scalability of your system. Point is, it depends on your system and requirement. Moreover, what you are doing, is a very common Role based action scenario and you can see examples of it almost anywhere, be it Windows OS, or Sql Server, or your typical FB friends list privacy properties.
Second:
My second question: Currently I have achieved this by using numbers 1 to 8 for
privileges..the higher the number more the privileges.Is this method OK?
Again, it is totally your decision, nobody can say whether it is good or bad, it all depends on how simple or complex this decision of yours is going to make implementation of your system. On a more personal note, you shouldn't tie up permission levels based on value of a number, rather, you should take any unique identifier(number or string) for a given specific role and assign it privileges in the form of a mapping table i.e.
RolePermissionMaster:
RoleId AppActivity
1 1
1 2
1 3
1 4
2 1
where AppActivity is another table defining meaning of 1,2,3,4 and so on i.e.
AppActivityMaster:
Id Value
1 READ
2 EDIT
3 DELETE
4 CREATE
来源:https://stackoverflow.com/questions/18380646/admin-role-management-in-asp-net-website