permissionsweb-development
I am using cppcms to create a blog like application and I'm trying to write a permission system, although I'm confused as to what would be the most efficient and manageable method.
At the moment, I have a table with permission id, user id, permission type (int) and permission value (an optional parameter, of sorts). For each separate permission, a row must be added.
Which method would you recommend?
If you want any clarification or extra information, feel free to ask.
There are several ways to manage permissions. Wanting to validate these in the database, one of the possible options is to establish a list of permissions, and associate these permissions to possible actions by the user (the creation of groups is a consequence of this report).
Assuming then a very simple case, where the user decides to perform an action on the interface, for example, "add a comment to a post," a possible workflow is as follows
Pressing a button in the interface invokes the "Add Comment" (which acts on the interface to create a text field and a button, if that user has permission to do so. Otherwise the error message will be shown.)
All of the methods, not public, in the backend, provide for the control of permissions before running the rest of the code. So the query is executed in the database to see if the user has permission for action "Comment".
The database performs a select in the table where are recorded users and actions. Responding with a NULL (there is no permission) or ID (allowed).
At this point we can assume that:
The groups should (could) be managed as presets of permission. There are so many ways to manage the permissions of the group. Probably one of the least expensive in terms of development, is to create a table for managing the relationship between Groups and Users.
The structures of our database will therefore be as follows:
As Rucamzu mentions a decorator pattern seems to fit. A visitor pattern seems like it also might fit as the object that runs the animation visits the DOM element multiple times throughout the course of an animation to update a DOM elements properties/styling to create the visual change.
Post spelling out the differences between the patterns.
There are several libraries that feature concurrent/successive asynchronous operation queuing. What to typically look for(in whatever target client one is programming for) should include:
There's a couple of libraries that I could consider.
Selection will probably be based on how intense the animations need to be as well as the browsers and devices that need to be supported.
Even though you aren't probably building a flash project, they have been known for complicated animation in their day. The top two items above have roots from the flash world of things, so they've been around for more than a few years. I've implemented almost every flash project for a 6 year period with Greensock's library. His documentation is solid and there's plenty of examples too: Greensock JS getting started.
Best Answer
My recommendation: think about how many
So, it is very good that you started thinking about it, created a simple implementation, identified the core components and their functions.
But now you should focus on the task you have to do, and don't waste time on access management. It will surely be worse (less features, weaker structure, less tested, has several vulnerabilities caused by the problems of your platform you haven't even known) than anything that is available for you right now to integrate and use (well, I have assumed that you are not Superman and not pioneering on an esoteric field, both are very likely).
Imagine your application in its full size, collect the features and assumed counts (user, feature, role, requests per second, ...). Use Google to narrow your search to like five solutions, compare them by their reflection on forums, blogs, etc., select one and use it. On the other hand: separate you actual choice from your code with a custom interface that you create by your feature list. This will be a bless if you have to switch to another solution because of something that you don't know today.
I think this approach has more benefits even if you write this system in order to learn. You should adapt to formalize your requirements, evaluate available solutions and learn from other coders' good solutions instead of making the same beginner mistakes from which those solutions have evolved. To become a reliable programmer, you have to find the right balance between writing and using components, and learn to objectively value your time, and the quality of your code compared to what is available (background knowledge, coding perfection, available amount of man-hours to bug fix and maintain, for development and real-life test).
You don't write your word processor to edit a text file. Why? Then why should you write an access control component (and copy-paste it to other systems that you make)?
In some cases, there is an objective reason for both. In most cases, there is none. Sadly enough, programmers tend to think that a word processor is more serious task (so they use one) than a writing a truly reliable access management (so they write one). Last note: contrary to all above, it is very likely that I will write an access manager - but I have a good reason to do it. :-)