Geek Answers Handbook

How to implement a permission system like highrise or facebook

Hey, I'm looking to implement a permission system like highrise or facebook.

The problem with this problem is that permissions must be determined on the instance of the object (visibility). At the top of my head, I can think of storing user_ids or group_ids in a hash for each entry. Is this the best way to do this?

I use mongodb to make this easier. Although we can also switch to sql (highrise probably does this with sql).

Edit: I ended up writing a gem that works with a magnoid, you can read more about it here

+6
sql ruby-on-rails mongodb mongoid
source share
3 answers

@Abhishiv: for this task, I would follow some form of agreement to set field access.

For an object like the following:

{ name : "me", user : "me01234", salary : "100", address : "123 Nowhere drive" }

I would add permissions by doing something like this:

 { name : "me", user : "me01234", salary : "100", address : "123 Nowhere drive" p_salary : [ 'g/accounting', 'g/management', 'u/owner' ] p_address : [ 'g/accounting', 'g/hr', 'u/me' ] }

Under these conventions, you can support document-level access permissions. And it's pretty easy to figure out how to program such a thing.

Now you usually need access rights to both the object and the collection itself. This makes the whole process much drier. For such a thing, I would simply create a collection of "permissions" that contains the default permissions for each other collection in the database.

On top of my head, I don’t know of any structure that makes it out of the box. I would look at Mongoid and MongoMapper and see if this type of parts is suitable for the plugin.

+2
source share

Take a look at Cancan: https://github.com/ryanb/cancan

+1
source share

Have you tried declarative permission ?

+1
source share

More articles:


All Articles