php - Order for storing user id vs user group
Get the solution ↓↓↓I'm currently working on a custom add-on for a forum, where it checks a json file to see if a user has permission to moderate a certain group. I was wondering in what order I should store this information.
Let's say my demo information is: User 1 and 2 have access to edit Group A. User 1 also has access to edit Group B.
Order 1 - ID First, Then Group (Mockup)
{
"1": [
"A",
"B"
],
"2": [
"A"
]
}
Order 2 - Group First, Then Id (Mockup)
{
"A": [
"1",
"2"
],
"B": [
"1"
]
}
Which one is easier to manage/work with when you're using php? (Or are either of these wrong when storing data in json? Should I be using some other combo? I don't want to use MySQL for this, since it's going to be a really small set of users who can manage these groups)
Answer
Solution:
Whenever I see a question like this, where there is not really a correct answer, as there are so many possibilities, I tend to think the OP is just trying to be as exhaustive and pedantic as possible in their research to find the best option, and that is really a great kind of curiosity, suited perfectly for programming. Knowing this, here are some thoughts.
Thoughts
I think you should look at this in a different way. When users can be differentiated by the privileges they are granted, you are essentially defining roles. Every role is distinguished by its level of access to content and how much that content can be modified.
When framing it like this, think of a pyramid. The most privileged roles have the best overview of all content, and consequently will be able to modify it according to their discretion. There are very few of these people. Descending the pyramid results in more and more people for every level of the pyramid, with an ever decreasing overview of the content and the ability to modify it. This continues until you reach the bottom of the pyramid, or the "Basic" user role, which the majority of the members of any community will be granted by default. They are the foundation of the pyramid but have very few privileges.
This means that users at the top of the community are granted more weight in their decisions. For example, say the highest role in a community is "Administrator." Any user granted this role can do anything. That is a lot of responsibility to carry. To put this in weighted terms, this role will be assigned a weight of 100. Beneath the Administrator are the "Moderators." They are essential to the community, but granting them the ability to delete entire categories and all child content might be too much power; they should be allowed to ban users and delete some content. If an Administrator fires them before demoting their role, they can totally destroy the community. Knowing this, Moderators do carry weight, but not as much as Administrators. They will be assigned a weight of 75. The community needs "Janitors" to clean up spam and reposts, but they should not be allowed to ban or delete users. Consequently, you assign them a weight of 50. This distribution of weight continues until all roles have been defined, each with distinct privileges.
The Question
Tying this together, sure, you can hardcode a specific user ID to a specific group ID, or vice versa, but that can become difficult to manage at some point, especially considering the duplication involved.
Consider then, that groups should only be accessed by users with a given weight. For example, Group A is assigned a user access weight of 25, and group B is assigned a user access weight of 10. What this means is that any users who have a weight of 25 or more will have automatic access to group A, and of course because group B only requires a user with a weight of 10, any user that can access group A can definitely access group B as well, because 25>10. In pyramid terms, 25 is equal to or greater than groups assigned a user access weight of 25 or 10. With this type of setup, there can be dozens of groups, each with their own user weight access. Further, that is the only variable that needs to be assigned to a group, instead of having to keep complicated user access lists for every group, or vice versa, with users keeping track of ever-growing lists of group IDs they can access.
With this knowledge, consider the example you provided. User 1 has access to edit group A and B. User 2 only has access to edit group B. This implies that User 1 has more privileges. If user 1 has more privileges, he also happens to carry more weight than user 2. Let us say that user 1 is assigned a weight of 30, while user 2 is assigned a weight of 15. Tying into the group scenario just described, this would mean that user 1 (weight: 30) can definitely access both groups A (weight user access: 25) and B (weight user access: 10), because 30 > 25 > 10. User 2, on the other hand, can only access group B, because 15 > 10. Furthermore, this means that while user 2 cannot access group A, it does not mean that he could not, for example, access group C, with a minimum user weight requirement of 5, because 15 > 10 > 5. In addition, this obviously means that user 1 could also access group C.
Afterword
You wake up one day and realize that group B should not be accessed by the community proletariat, with their peasant role weights of 10. Group B should be for the more dignified of the community, with weights of, like, 11 or more, so you increase the minimum role weight requirement of group B to 11. With a single change to a single integer assigned to group B, you have just prevented every single user with a weight of 10 or less from accessing their once cherished group B. The prole is not happy, but you do not care, because you are the community god, with a weight well over 9000, and you can do whatever the hell you want. You can also do it without having to modify dozens, hundreds, thousands, or millions of specific user/group access lists that are, as mentioned, way too clunky and unmanageable.
This is how smart access control is managed.
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: trying to access array offset on value of type bool
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.