[Phpwebsite-developers] Central group authorization table

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hey all!

While working on TalkBox (I finally named it!) I again ran into a conceptual
problem of how to implement group-based display authorizations.  The
string-based approach causes a severe memory problem when you have to load
10,000 rows of  _id and _groups and then start unset()ing the unauthorized
ones.

As a test, I reconfigured ArticleManager to utilize a lookup table-based
system.  It worked a lot better in terms of memory outlay.  However, there
was still a problem in how other modules like FatCat and TalkBox would be
able to access the group restrictions for all other modules in 1 sql
statement.

The solution I came up with is a central table with 3 columns:

# --------------------------------------------------------
# TABLE DESCRIPTION:
# A summary table listing all groups that are authorized to
# access a specific module's item.
# If all groups can access/view a particular item then
# no entry will exist in this table for that item_id
# & module_title.
#
# NORMAL USAGE:
# group_id is compared against a string containing
# comma-delimited group ids.
#
# EXAMPLE SQL:
# 'WHERE item_id='.$item.' AND module_title='.$module
# .'AND group_id IN ('
# .implode(',', array_keys($_SESSION['OBJ_user']->groups))
# .')'
#
CREATE TABLE mod_authgroups (
    group_id int unsigned NOT NULL default '0',
    module_title varchar(20) NOT NULL default '',
    item_id int unsigned NOT NULL default '0',
    key (item_id),
    key (group_id)
  );

This way, if any module needs to access the group requirements of any other
module, they'll automatically know where to look and they won't have to
generate a separate sql query for each module scanned.  copies of Group
strings won't have to get stored in fatcat or approval or whatever else
comes down the road.

Approval? Criticism? Any thoughts?

-Eloi George-