4

I'm making an IRC bot in PHP. And I've come to the point when I need to determine how would user permissions/accesses would look in the database (and in the application in general).

Here are the requirements:

  • There are global and local permissions, global are for all channels, while local are channel specfiic.
  • There are permissions such as "root", "bot_admin" "glob_op" "op on #channel", in this example, each is weaker than the last (root is strongest, meaning that no one can take actions against root).
  • I haven't completely decided on exactly how many permissions are there, and the bot will be extensible, so there needs to be an option of expanding.

Some approaches I had in mind:

  • Assign each permission level a number (1, 2, 4, 8, 16) and add them together to form the access level of a specific user (even adding all of the numbers until n-1, they would still be lower than n). As for expanding, I could leave gaps (1, 16, 256, etc) and fill it in later. I don't think it's a very good one, as it would be hard to maintain and read later on, even if I use constants to make it more readable.
  • Have each permission in its own boolean column. That seems just silly, and there's no easy way of determining the power relations between each role.

So what say you? Have a better approach I can take?

Madara's Ghost
  • 8,787
  • 9
  • 25
  • 33
  • It's unusual to see permission systems which have a strict hierarchy. Both the concept of a superior level always overriding all levels below, and the concept of permission conflicts, seem a bit strange to me. Are you sure you actually want power relations at all? – blueberryfields Feb 17 '12 at 22:59
  • Well, someone must administer the bot. What do you suggest? The point is generally to determine if a user will get an OP on a channel, or a voice, and will he be able to use `!kick` or not, etc. Nothing too administrative. – Madara's Ghost Feb 18 '12 at 09:24

1 Answers1

1

I like not relying on the schema of the database too much. It makes later changes harder.

I would have one Table

users: <user-id> <user name>

another Table

local-permissions: <user-id> <channel(-id)> <permission>

and yet another Table:

global-permissions: <user-id> <permission>

I would use a String column for permission, if you want you can use a database-check for allowed values. It's easier to read and write if you're manipulating the database directly (which you will at some point).

Since you want multiple permissions, put multiple rows in the tables and then figure out the hierarchy in the application.

If you want to make it more visible which permissions a particular user has, you can also go for just one row/entry and separate them by space in the column like that: "op kick ban" (be fault-tolerant in the application for that!).

It doesn't seem pretty, but as i said, i'd rather have the schema/data-interpretation in the application then in the database.

Fabian Zeindl
  • 318
  • 1
  • 2
  • 8
  • I don't care about pretty, I care about robust and extensible. Thanks for your answer! +1. As for the hirarchy, I already have something in mind! Thanks, accepted! – Madara's Ghost Feb 21 '12 at 16:57