PHP Classes

in the days of MySQL, JSON and other Data-Sources i think thi...

Recommend this page to a friend!

      User Roles  >  All threads  >  in the days of MySQL, JSON and other...  >  (Un) Subscribe thread alerts  
Subject:in the days of MySQL, JSON and other...
Summary:Package rating comment
Messages:6
Author:Timo Henke
Date:2011-09-22 06:20:56
Update:2011-09-26 09:00:14
 

Timo Henke rated this package as follows:

Utility: Not sure
Consistency: Not sure
Examples: Not sure

  1. in the days of MySQL, JSON and other...   Reply   Report abuse  
Picture of Timo Henke Timo Henke - 2011-09-22 06:20:57
in the days of MySQL, JSON and other Data-Sources i think this kind of bitmasked userprivileges is outdated. Using Bitmasks requires overhead in maintaining and every-day usage.

Maybe there are use-cases for where this method is preferable but as of now i would stay - even if the data is bigger compared to bitmasks - with my JSON storing the permissions and privileges.

  2. Re: in the days of MySQL, JSON and other...   Reply   Report abuse  
Picture of Stefan Jibrail Froelich Stefan Jibrail Froelich - 2011-09-22 07:53:16 - In reply to message 1 from Timo Henke
How can bitmasks be outdated?
Maybe, you need to get updated, or you really do not understand the use of the class.
The overhead you will get from maintaining integer or string based roles is so huge, bitmasks are the only practical way to do it.

  3. Re: in the days of MySQL, JSON and other...   Reply   Report abuse  
Picture of Timo Henke Timo Henke - 2011-09-22 13:26:16 - In reply to message 2 from Stefan Jibrail Froelich
If i have to define the Bitmasks by named Array Keys like in the class we are talking about where is the pro vs. other string based definitions?

Say you store the bitmasks in your local mysql / sqlite / whatever DB and you have to access the Data from several sources (like your local PHP Script, maybe from another ruby oder python script or maybe even from some node.js script) you need to have the "decoding" mechanism everywhere.

If you store the privileges in some native format like JSON it is much easier to handle the data.

Just my 2cent - everyone is free to use such Classes but it's not my recomndation

  4. Re: in the days of MySQL, JSON and other...   Reply   Report abuse  
Picture of Stefan Jibrail Froelich Stefan Jibrail Froelich - 2011-09-23 07:42:52 - In reply to message 3 from Timo Henke
The array is just to give you a visual representation of the role names.
It is the ability to combine and check for roles that this class was made.

So do you mean if you need to define a range of roles, you pass it to the class in json? Arrays are the native data structure of php and it is better than decoding a json object each time you load the class.

You can actually choose to ignore the array and simply define the roles in your script. If you wish to export the roles, you can simply json_encode the object, or extend the class to provide a method that returns the whole list of roles for export.

I still think you've missed the point of the class.

  5. Re: in the days of MySQL, JSON and other...   Reply   Report abuse  
Picture of Timo Henke Timo Henke - 2011-09-23 21:03:02 - In reply to message 4 from Stefan Jibrail Froelich
Well from what i saw is, that rolenames are important - you use $this->_roles[$name] in your set_role() function.

All i was about is, that using bitmasking in a seperate class to determine a users privileges is an overhead in a real world example.

What use-case you need roles for ... in a user/role based environment. So what previously has been done is (else you won't be in the need of roles ) some login / auth where you get all the userdata.

Within the Userdata-Record (i mysqld do store a json string with the privileges the user has, e.g. {"read":1,"write":1} ... privileges the user do not have are left off) in the Userdata-Record.

The decoding of this string will be done once - not every time - after reading the data from mysql, couchdb, mongodb, sqlite or wherever you store your userdata (couchdb and mongo are natively using json as default, so you could go further and retrieve the data without encoding needs).

Whatever way ... once i got the roles from the record the AUTH Information (username, roles and whatever additional data) will be stored in the session and i never ever have to decode them again.

To see if a role is valid you would easily query the data from your Sessiobject

if( $this->SessionData->Auth->Roles->read === true )
{
}

or you could bake a class around this - depends on the use-case and framework .. something like this (just typed in this message window - just to give you an idea of what i am talking about ):

class Roles
{
public $roles = null;

public function __construct( $roles = null )
{
$this->roles = $roles;
return $this;
}

public hasRole( $role = null )
{
return (!is_null($role) && isset($this->roles->{$role});
}
}

class MyFramework
{
public $Roles = null;
public function prepareEnvironment()
{
// $this->Session->Auth->Roles is the decoded JSON as said above
$this->Roles = new Roles( $this->Session->Auth->Roles );
}

public function getCustomer( $customerID = null )
{
if( $this->Roles->hasRole('read') )
{
// ....
}
}
}

This way i can easily extend the roles and i am not limited to the bitsizes.

I think the maintainance is much easier. If you would like to add a new privilege to all users who e.g. have the read privilege, you could (in mysql) do something like:

update usertable set privileges = replace(privileges,'"read"','"newprivilege":1') WHERE privileges LIKE '%"read":1%';

And from this second on, all Users with read privilege set to 1 will own the "newprivilege"

Nuff said - my intention was not to offend you.

If i am totaly wrong pardon me

  6. Re: in the days of MySQL, JSON and other...   Reply   Report abuse  
Picture of Stefan Jibrail Froelich Stefan Jibrail Froelich - 2011-09-26 09:00:15 - In reply to message 5 from Timo Henke
Nice point.

But you should note that, bitmasks have a proven track record at being efficient and good at this kind of thing.
Take for example, you have the usual roles, read, write, delete and update.

Now a user registers, in your site, all you do is (after setting the usual human readable role labels in the array),

$role = $userroles->get_role_combo(array('read', 'write'));//the usual roles a normal user has.

Then you save $role as in a single column in the database table (int should do).

When you need to check if the user can delete, a simple $userroles->has_role($role, 'delete') will fetch you what you want.

Later on, you want to fetch all users with 'edit' roles from the db,
$edit = $userroles->get_role('edit');

mysql provides bit maths in queries so , a simple
'SELECT id FROM table WHERE role & '. $edit// all users with edit in their roles will be fetched

The beauty of this is, in some applications, the roles system gets really complex. more than the basic CRUD. and complex combinations need to be formed. that is when you really feel the power of bitmasks.

The database space required is really small and the power and flexibility is great.
I understand that for noSQL databases, you might prefer the json format, but for someone like me coming from a mysql background, this is like heaven.

But seriously, i some cases, without bitmasks, role management can become overwhelming.


Anyway, I am not offended at all. I appreciate another opinion. Ad that is why we are in a community.