Roles, Permission and Entity id

Hi guys, I'm trying to implement a roles and permission functionality based on a specific entity.

Scenario feature: Having shows in the website each user can have different permission in different show, example: edit show, see statistics, and more... So it's id show based permission.

My unique thought has been to create a pivot table having an extra field show_id

id | role_id | user_id | show_id

Problem

Going in this way the sync() method doesn't work because I can't add extra parameters ( in this case show_id ) during the insert of the roles.

Way I think to go

I also have a role and permission functionality based on users, so I think is better to extract this show permission functionality in it's own table keeping the roles and permission names in the permissions and roles table without duplicate them. Please correct me if I'm wrong.

The tables will look like so

- users
- shows
- permissions
- roles
- role_permission
- role_user
- role_user_show

Questions

1 - How do you sync() permissions adding an extra field?

2 - if the above question is not possible, how do you achieve the attach and deatch action with where show_id = x ?

Any suggest will be highly appreciated. :)

nolros

11 years ago

Level 23

The best way to setup permissions / ACL is with bitmasks, but you can setup with table columns.

Note this can get very complex very quickly, but will attempt to outline the basic approach. I have a very complex ACL system on my app and it is a crap load of code. At a certain point you will need to look at bitmasks to minimize DB usage.

Create roles table with all the roles you will ever need for any type of event roles_types e.g. admin, user, event coordinator, manager, etc. Columns would be id, user_id, name, description, slug, etc.
Create a permission table with all the sets of permissions you can think of for any event permission_types. Example, 20 perm types. can_attend, can_get_content, can_access_web, can .... etc.
Create an events type table - the event detail.
Create an events_permission_map which maps the the types of permissions you want from the selection above to a role permissions_roles_map i.e. so what you are setting up is that a AdminTradeShow role can 10 permissions. Note, still not coupled to an event.
Optional - create a permissions granted table to set the state of 10 permissions OR you can set them permissions_roles_map, I prefer to have a granted table, but your call. WHy do you need this? Permissions_roles_map just says the AdminTradeShow has a permission but not its state. Example, you could have a Boolean can_read column that will default to null or 0 if no value is set in the DB which equates to cannot read so you will need to set can_read = 1 (or true)
Create a roles_event_map table which maps the event to the permissions_roles_map. Which now states that there is a role AdminTradeShow available for event id = 77. Think of this as a Group, or Security Group. You now have an Event Mapped To Role that is Mapped to a set of Permissions. Next step is invite members to this "group"
You would then have users mapped to permissions_roles_map so that fenos userId = 55 is AdminTradeShow at event id = 77. In my app I have this as group members setup where I add or remove users from the different security groups.

Unsure if that helped.

Nolan

Note: you will need set