Designing a User Access/Permissions class

Question

I'm working on a site, which will have several modules that either fully available to certain users, semi available to other users, and unavailable to the rest.

For example:

• An 'employee' is able to respond to the customer support tickets assigned to him.

• A 'Manager' is able to manage all employees and support tickets in his team, including viewing the tickets of a specific employee.

• An 'Admin' is able to manage all managers, employees, and tickets in all teams, as well as some other core functionality.

In addition, on some pages there will be some additional fields shown if the current user is an admin or manager. (E.g links to delete/flag things). These won't be shown to employees.

I want to create one 'Permissions' model which will handle the logic for:

• Determining if a user can access the current page or not.

• Determining whether a particular part of a page should be displayed or not. (E.g special links for editing/deleting to be shown to admins and managers only).

I need some recommendations/advice for designing this class, particularly what methods it should have in order to accomplish the 2nd requirement.

Answer 1

The way I have approached this problem when it has come up is to give each action that can be taken or piece of information that can be shown it's own Permission. Each User then has a collection of Permissions. From this, you can add other layers of structure to help manage the huge number of permissions that will exist, such as hierarchies or categories of permissions.

Once that is in place, you can either have the various parts ask the User if they have the needed permission(s), or you can have a PermissionManager take a User and a set of Permissions and determine if the given user has the needed Permissions. Either way will work fine, but which one you choose has an impact on dependencies and the architecture of your system.

The PermissionManager approach has the advantage that your application pieces don't need to depend on a User, so you could use a different PermissionManager that always returns False if no permissions is appropriate, or True if all permissions is appropriate.

For simple situations, this approach can be overkill, and it often seems like it is at first, but I've gone the route of using basic hierarchical or coarse-grained Roles and fond that virtually every system I've worked on quickly got too complicated for most vanilla, pre-built Roles-based permission systems.

Answer 2

My approach to this problem from database point of view would be to have a user table which holds the list of users, a role table for the list of roles, e.g.: employee, manager, admin; and permission table which stores all of the values of every action/feature available in the system and its permission for a specific role, e.g.: say for admin, the values for actions/features like create, edit, delete, view are all true. The relationships can be seen below whereas (N) ---- (N) is a many-to-many relationship.

Users (N) ------- (N) Roles (N) -------- (N) Permission