Permission Design (II.)

In response to this demand, version one will be powerless (of course, you can also add several features: such as classification A of the press drafting and classification B of the press drafting, and then add this function to the corresponding role, but this should not be the solution we want to But version two is also based on this idea to solve.

In fact, a better example than news is the Moderator of the forum section.

Here is the solution for version two:

In version two of the function table added a resourcetype this field, which is used to denote a resource classification (such as news), we also to simulate (news category a resourcetype:NTA, category B for:NTB):

function table:

FunctionID	ResourceType	FunctionName
F1	NTA	Drafting News: Category A
F2	NTA	Editorial News: Category A
F3	NTA	Audit News: Category A
F4	NTA	Delete News: Category A
F1	NTB	Drafting News: Category B
F2	NTB	Editorial News: Category B
F3	NTB	Audit News: Category B
F4	NTB	Delete News: Category B

Then add the appropriate roles in the role table and add the corresponding features in the Roles menu.

the statement to get functions also changes accordingly:

Select FunctionID + ', ' + resourcetype from role function Table where Roleid in (Select roleid from User Role table where userid= ' U1 ')

The judgment of authority becomes:

Functions.contain (' F1,nta ');

When a new category is added, the corresponding record is added to the function table (not directly added in the database, but by functions related to the function).

Using this solution can be simply to classify the application (such as the Forum system) of each classification of different control (such as VIP plate, can only have VIP role of users to browse, publish, etc., and other plates as long as the registered users can use).

In practical applications, FunctionID is not a random string, but is encoded, its encoding contains the module ID and can reflect the parent-child relationship, for example: for the forum system, we give it a module ID of "30", The function of the forum we first divided into 2 categories, one is the management class (such as delete posts), a class is the use of classes (such as posts, replies, browse posts, etc.), to the management of a code:01, using the Class one code:02, we will The FunctionID is encoded as follows:

300101: Delete a post

300201: Post

300202: Replies

300203: Browse Posts

For resources (such as a section 1, the ID of the plate is:01), we can combine the following Functions (of course, this combination you can also use the comma-separated, other combinations can also, but do not create ambiguity):

300101, 01: Section 1 features for deleting posts

300201, 01: Plate 1 post function

......

For Roleid is also the use of encoding, but also can reflect the role of the parent-child relationship, you can also implement the role of the inheritance of functions (of course, the SQL statement to get the list of role functions is not so simple now). In my current application there is no inheritance of roles (although the character's encoding reflects the role's parent-child relationship).

Permission Design (II.)