Document Management System permission cloud

Programmers who have worked on the document management system know that the permission module is still complicated. Now I am confused, so I use this blog to analyze and record it. The following directory refers to: folder + file. Before talking about the permissions of the entire system, I want to set the tone to "suspect from sin". I assume that I am not authorized to all directories.

I. Primary permission Analysis

1. Position-Directory: a superior position can assign document permissions to lower-level positions, and the position permissions cannot be inherited. By default, permissions are denied for all positions.
2. Department-Directory: the person in the previous Department can assign permissions to the subordinate departments. The department can inherit the Department permissions, and all departments are denied by default.
3. Personal-Directory: Specifies the personal acceptance permission.
4. Directory: the directory can be associated with positions, departments, and individuals, and can inherit the parent directory.

Ii. Intermediate permission Analysis

Based on the initial permission analysis, we have obtained three basic permissions: Job-directory, department-directory, personal, and directory.

The following lists the permissions.

1. (Position-directory) + (Department-directory): the same directory is assigned permissions by the position and department.
2. (Job-directory) + (personal-directory): permissions are set by the job and the individual in the same directory.
3. (Department-directory) + (personal-directory): permissions are set by the department and individual for the same directory.
4. (Position-directory) + (Department-directory) + (personal-directory): permissions are set for positions, departments, and individuals in the same directory.

Iii. Advanced permission Analysis

In fact, I did not describe the details in the primary permission analysis, that is, each primary permission has three values: consent, rejection, and waiver, in general cases (assuming the positions, departments, and individuals have the same priority), their values are 1,-1, and 0.

However, in actual applications, the personal permission value is> job permission> Department permission,

So I will getPrimary permission Value:

1. Positions-Directory: Values of consent, rejection, and waivers are set to 2,-2, and 0, respectively.
2. Department-Directory: The values of consent, rejection, and waivers are set to 1,-1, and 0, respectively.
3. Personal-Directory: Values of consent, rejection, and waiver are set to 3,-3, and 0 respectively.

Based on the above definition, we will getIntermediate permission Value:

1. (Job-directory) + (Department-directory) :( 2 + 1), (2 + 0), (2-1)
2. (Job-directory) + (personal-directory) :( 2 + 3), (2 + 0), (2-3)
3. (Department-directory) + (personal-directory): (1 + 3), (1 + 0), (1-3)
4. (Position-directory) + (Department-directory) + (personal-directory): (2 + 1 + 3), (2 + 1 + 0), (2 + 1-3), (2 + 0 + 3), (2-1 + 3), and so on.

According to our definition in reality, as long as the permission value cannot be greater than 0, this indicates that this directory does not have this permission.

The above is a little abstract, and some may not be clear. You are welcome to make a brick.

Document Management System permission cloud