Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

codedoktor's avatar

How do you handle creators in your application?

I was wondering what your approach is to handling data creators?

What I mean by that: Let’s say a user, "John," creates a new entry in the "books" table. Usually, I would take the approach of adding a "user_id" column in the "books" table.

So far, so good...

Now, let’s say we want to grant multiple users access to the book. We would need a pivot table, "book_user," with the addition of a "role_id" column (just as an example).

Great! That works. Normally, I would consider this done, but...

Problem 1) Let’s now say John deletes his account, but I still want people to see who created the book. Sure, I could soft-delete John and keep the reference, but then I would have a lot of unused data, as I only need John's name and not his address or any other personal information in the "users" table. Also, what if John, as a data subject, requests that all of his personal data be deleted? This would not include the book (or any other non-personal data).

So now we have a book without a creator. The easiest solution would be to make the "user_id" column nullable and return something like "Anonymous Creator" in the getCreator method.

However, by setting the column to nullable, I cannot enforce, on the database side, that the "user_id" column must be populated when a book is created.

Problem 2) As I said the users having access to the book would also have roles. But now I have to check two tables for sufficient permissions. Something like (isCreator() || hasPermission()). Which to sounds cumbersome performance wise...

So my question is, what would be the best approach here?

I hope I’ve made my point clear. If not, let me know and I can try again. Maybe I’m just missing something obvious. :D

Thanks in advance! Tim

0 likes
8 replies
EveAT's avatar

Let's look how I would do it. I would proceed from the fact that the user's right to complete deletion is above all. Then I would divide the logic into three parts: Database, Back End and Front End.

From the Database point of view, you are right, the user_id should be nullable. If the user decides to delete himself permanently, you do so. This way you comply with user's rights and do not accumulate "garbage" in the database.

At the Back End level, you fill in the user_id when creating. And if you do not have another entry point for creating books, the user_id is always filled in, since only authenticated users have access to creating books. And only this ID will be able to change the book. If the user_id of a book is empty, then no one can modify that book. Here we can talk about the portal administrator, who will have access to do that, I think this is clear anyway.

The only question left at the Front End level is what to display as the author of the book. Here you need to look at the circumstances dictated, for example, by the agreement between your platform and the author. Let's say in the agreement that the author signs upon registration, you can directly indicate how you will deal with his books when deleting his account:

  • delete along with the account;
  • appropriate authorship (e.g. display the admin's nickname);
  • leave on the site without indicating the author;
  • reserve the right to display the author's First and Last Name without reference to his account.
1 like
codedoktor's avatar

@EveAT First of all, thanks a lot for your reply!

I like the way you seperate concerns into three parts. I'd say I agree with all that you wrote.

But would you still go with a user_id field on the books table or rather have a role "creator" that is set on the book_user table, which should reduce the amount of queries?

EveAT's avatar

@codedoktor This is a good question and I don't have a precise answer. Everything is subjective.

In such cases, I rely on the principle "Keep it as simple as possible". If you have a technical task and it clearly states the need to separate roles, then you need to implement it from the very beginning. If it is not clearly required, or there is no technical task at all - discuss it with your customer. Perhaps it will not be required at all or you will take it out into functionality for future development.

If there is no technical task, then at the initial stage I would limit myself to a nullable user_id field and focus on the fastest possible release of the product. Then, as the application works, the direction will become clear to you.

I hope my abstract answer will help you =)

1 like
codedoktor's avatar

@EveAT I think "fastest possible release" is a good point here. Thinking about it, it won't be a huge deal to change it afterwards, so I should be good.

Thanks for your time!

1 like
ShahedPHP's avatar

If you don't want to go through the nullable route. Create an separate account called "Anonymous User" and just update the ID

I have a username function it will grab the id and fetch the username. Within this function I can change the colours of the user depending roles and customise it more and if an ID can't be found in the database it will return with Guest

1 like
codedoktor's avatar

@ShahedPHP I thought about the Anonymous user as well and I might even choose that route. Btw a very nice idea to set the avatar color based on roles. I will keep that in mind!

Snapey's avatar
Snapey
1 year ago
Best Answer
Level 122

I would overwrite the user's name with "Anon" and set their email to a meaningless string. Everything else can stay as it is.

1 like
codedoktor's avatar

@Snapey I think that's what I'm going to do. That way I can keep all the relationships intact, which is the least invasive solution. As a bonus, it's also GDPR compliant Thanks for that! :)

Please or to participate in this conversation.