homepage Welcome to WebmasterWorld Guest from 184.72.72.182
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Class Structure/layout
for user to user permissions
Tommybs




msg:4148905
 3:33 pm on Jun 8, 2010 (gmt 0)

Hi all,

Wondering if I could get the input of some fellow coders. I'm looking at setting something up that will allow users varying privacy settings ( think facebook, friends only etc.) and I wanted to ask a question about structure.

Say I have a class Blog that has a users blog entries, and another class of User ( the logged in user). Where would you suggest putting the userCanView style function? Should it sit in Blog or should it sit in User? Or should it sit in a class on it's own? Say I wanted to then have a gallery class, a separate class for privacy would then become beneficial. But then how do I structure the queries?e.g. would privacy then be a separate db table such as

user
entity_type // E.g Gallery or Blog
privacy_type

and then another table that maps users to users?

Would appreciate people's opinions on this?

 

Little_G




msg:4149224
 10:41 pm on Jun 8, 2010 (gmt 0)

Hi,

I suppose it's a matter of personal preference, but if I understand what you've described I'm thinking of something like this.
Page 
+Blog
+Gallery
User

The Blog and Gallery classes extend the abstract class or interface Page (or whatever you want to call it). Page defines methods for displaying itself, etc. It also defines a method or methods for checking user permissions (which can be passed an instance of User). This method can then be implemented by the Blog and Gallery classes to perform the operation in a way that is specific to them.

As for the database there are, as ever, multiple ways of structuring it, a generic table:
permissions 
user_id | property | value
1 | "blog.viewPostDate" | true

Or, page specific tables:
blog_perms 
user_id | canViewBody | canViewPostDate | canViewAuthor
1 | true | false | false

And I'm sure a hundred other ways.

Andrew

Tommybs




msg:4149414
 6:41 am on Jun 9, 2010 (gmt 0)

Hi,

Thanks, it's weird, I've been using interfaces and abstract classes a lot more in my code lately, and despite being presented with an ideal situation to use them I failed to notice it. Guess it's back to hitting the books for a bit.

What I did come up with ( which is similar to page) is Entity. I was going to have a number of Entity types which would be defined as constants. I was then going to use an entity_type_id column on the DB to work out what type of entity it was and using another id then use a join to work out permissions. In essence doing it all on the database. Though looking at it this would probably make it more tightly coupled in the long run. I think I'll try out your idea of a "Page" class with an abstract check security method

Thanks again

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved