Menu
▾
▴
phpwebsite-developers
|
From: Todd O. <to...@da...> - 2001-05-01 01:43:00
|
*Users table will be minimalistic Instead of adding everything in the world to the users table, only _essential_ information will be provided like unique user_id, username, first name, last name, email address, preferred language, timezone, etc. Non-core information like department, personality profile, etc. can be implemented in modules (and additional db table with user_id as the foreign key [this id is used alot]). A state field will have something like 1 for active, 2 for disabled, 3 for suspended, etc. A creation date will also be added; last accessed will not be here since this is more of a read-mostly table. An authentication type field will be present with the following philosophy: 1-database authentication, 2-affiliated site authentication (see my previous xml-rpc post), 3-LDAP authentication, etc. An auth field will contain XML with is specific to the authentication type field selected as follows: Assume database authentication: <password type="md5">3hjk7894kjkoldf9lkju8</password> Assume affiliated site authentication: <authURL>www.example.com/authenticate.php</authURL> <methodCall> <methodName>authenticate.remote</methodName> <params> <domain><value><string>phpwebsite.appstate.edu</string></value></domain> <username><value><string>user1</string></value></username> </params> </methodCall> Assume LDAP authentication: <ldap_server>ldap.example.com</ldap_server> <ldap_user>, etc..... This core structure provides for writing only database authentication now and adding many other types in the future, even using a SHA hash ;-) **The XML field provides this extensibility without lots of rarely used database fields that must be added every time a new core authentication type is added.** You'll see my draw to XML database files throughout the project for this very reason! * User_space and Group_space will be flat. After considering many alternatives for user and group space, I decided that flat was best. Of course a flat namespace for users and groups is the most simple approach, I feared it would hinder administration for large organizations like colleges or school systems, which may have 25,000 members that must be _managed_. This is unlike slashdot style sites where anyone can join and userspace is _really_ flat. A flat namespace also gives the most flexibility for use, although the administration might be more involved. Let's say App State has 10,000 students and faculty on their site and has 15 departments with different administrators. If the name and group space was in a tree hierarchy, how would a Physics Dept student get to edit an English Dept document? The point is that you can administer a flat namespace as a tree, but not vice versa. Anyway, custom modules can be created for specialized administration where needed. A flat groupspace enables any user to be a member of any group. This is great until you only want a subset of the Physics Dept (group) to be moderators on Physics Dept announcements. I decided that instead of FORCING a group tree hierarchy, I would let the individual site administrator make sure that only Physics group member were in the Physics-moderators group. This is my philosophy for the phpWebsite core: **Make it as Flexible as Possible.** I will add a parent field to the group db schema to provide for those who want to write a custom module that will enforce the hierarchy through administration, but not in the core! Groups table: group_id INTEGER primary key name VARCHAR(32) parent_id INTEGER [foreign key to group_id] [root has same group and parent id] group_membership table (matrix): group_id INTEGER [foreign key] user_id INTEGER [foreign key] index on group_id index on user_id index on group_id, user_id [speeds up membership searches significantly] --Todd |
|
From: clayton c. <cc...@ca...> - 2001-05-01 16:08:18
|
Todd, good to hear from you. i was about to fire up a "call to action" email before i saw your post. > *Users table will be minimalistic absolutely ! > * User_space and Group_space will be flat. > A flat groupspace enables any user to be a member of any group. This is > great until you only want a subset of the Physics Dept (group) to be > moderators on Physics Dept announcements. I decided that instead of FORCING > a group tree hierarchy, I would let the individual site administrator make > sure that only Physics group member were in the Physics-moderators group. this can be simplified by allowing roles on the group membership table, which to me is a necessity anyway in the cases your envisioning. in the Physics Dept, for instance, i want to be able to set permissions on different activities based on whether a person is Chair, Faculty, Staff, Student or Moderator (administrator). the ACS code i ported accomodates this, though i can probably simplify it a bit. more comments below ... another idea that may make the administator's job easier is a group membership queue with 1 click approval on the admin side. that way anyone can try to join, but they're only in if approved. this can be made optional, too. > Groups table: > group_id INTEGER primary key > name VARCHAR(32) > parent_id INTEGER [foreign key to group_id] > [root has same group and parent id] or parent_id == NULL > > group_membership table (matrix): > group_id INTEGER [foreign key] > user_id INTEGER [foreign key] > index on group_id > index on user_id > index on group_id, user_id > [speeds up membership searches significantly] i think we should support roles for the reasons mentioned above. this should help mitigate the effects of a flat user-space (at least as it relates to group). as explained above, it allows more natural expression of other core processes (access control/security and task partitioning, etc). im trying to get an app out the door, but i'll post more as time permits. clayton |
|
From: Todd O. <to...@da...> - 2001-05-01 17:28:43
|
Part 2 will include roles and permissions and their relationship to users and groups. I didn't want the posts to be too long and deal with too many items at once. --Todd |
|
From: clayton c. <cc...@ca...> - 2001-05-01 18:00:51
|
> Part 2 will include roles and permissions and their relationship to users > and groups. > > I didn't want the posts to be too long and deal with too many items at once. > oh, i see. i dont know if you're dealing with the issue of group types, but i think this should be addressed, as this can greatly simplify administration. for instance, when AppState upgrades to phpWS/2 and wants to add register all their departments, all that should be needed is for the administrator to select the group type "Department" from a pull down, give a name and other basic info, and the system should insert the proper table entries and create the necessary relations so that roles, permissions, etc, dont have to be redone per department (assuming of course that all departments are similar). IOW, "Department" would be specified as a group type, and we can associate roles, etc with this group type (eg Faculty, Staff, Student, etc). this goes for other similar organizations, where there are multiple groups of similar structure. clayton |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X