设计多级用户权限系统
我正在开发一个具有像树一样的数据库架构的网站。从上到下我有:
- 一个公司可以有许多
- 位置,可以有许多
- 车队,可以有许多
- 车辆
用户权限系统必须灵活,因为某人可以在树的任何级别获得或限制访问。例如,管理位置 x 的人员默认具有对位置 x 以下的所有车队和位置 x 以下的所有车辆的完全访问权限。但我还应该能够限制用户对位置 x 以下的任何节点的访问。
为这样的权限系统开发模式的正确方法是什么?存储用户有权访问的每个节点是否现实,即使它有点多余?我的目标是能够轻松运行查询,例如获取用户有权访问的所有位置。
I am working on a site that has a database schema like a tree. From top to bottom I have:
- One Company can have many
- Locations that can have many
- Fleets that can have many
- Vehicles
The user permission system has to be flexible in that someone can gain or have restricted access at any level of the tree. For example, a person that manages location x will by default have full access to all fleets below location x and all vehicles below location x. But I should also be able to restrict the user's access to any node below location x.
What would be the proper way to develop a schema for a permission system such as this? Would it be realistic to store each node a user has access to even though it would be kind of redundant? The goal is for me to be able to easily run queries for example to get all locations a user has access to.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可能会发现许多有趣的主题。其中:
根据信誉实现权限
ACL 的数据库架构
You might find a number of threads on SO interesting. Among them:
Implementing permissions based on reputation
Database schema for ACL