quasi random (kaolinfire) wrote,
quasi random
kaolinfire

collaboration software issue

I've been pounding my head on this for a few years, on and off. I need to design a "permission" scheme for objects within a collaborative environment.

I've decided the following permissions are a good start: ability to see something exists, ability to view it, ability to edit it, and the ability to add things to it.

But these permissions don't exist in a vacuum and aren't the same for everyone. But I'd rather not have to specify the permissions for every single user every time an object is created. So there should be defaults. But beyond that, there should be defaults for different classes of users, of a sort. "Of course", admins can ovverride anything, but beyond that... this is collaboration stuff. There should be "group" permissions.

I'm having trouble with how to define a "group", basically. Maybe. There are other issues, but that's one thing that needs to be tackled. Umm, and it extends to ... eh, perhaps if I could explain the problem fully I'd have the answer in the same breath. That is definitely part of the problem -- I don't know how to phrase any of this; wisps of ideas ramble through my head, unconnected. Why???

question 1: what database table(s) should be created for storage of permissions?

question 2: what should this (these) table(s) hold???

I kinda see one "generic" permissions for each object... which might as well go in the main object table. UNLESS. okay, we assume the creator/owner of an object has full permissions to do anything to it. (is that a bad assumption???) then the default permissions on an object could be "world" rights -- what any user of the system has access to. then... GROUPS (collections of users) as well as USERS could be assigned "override" permissions? maybe? Would there be permission inheritance? Maybe just on the UI side? But still that needs to be addressed. Do you see why I'm so confused? HELP!

Hmm. I think I'll doublepost this to developers area and see what happens. :blinkblinksmilefingerscrossed:

...

crap! developers has been deleted.

More thoughts, going back and editing the post:

maybe permissions could inherit based on where you are... with a memory of how you got there. {the issue being the place you're at can be in multiple things, so...} or ... it could be okay to just inherit based on precisely where you are and looking no further up than that. because there should be no "cloudy" permissions where you are -- they've been set when the object you're in was created (or they've been modified since then but that's okay)

but that still doesn't handle "groups" and such. maybe... all users' permissions to a parent object are copied to a child object, not just the "global" defaults?

that sounds like it might work. COOL!

I really would like feedback, though. I'll sleep on it and see what happens. Perhaps I've finally grokked the situation.
Subscribe

  • feedback loops

    Ah, feedback loops. I was kind of out of sorts, yesterday, and for some reason had a lot of diet coke (to try to feel better, though I "knew" it…

  • What would I say?

    What would I say, if I were here? It's 2014, almost 2015—though on and off this year, I've been sure it was 2015. Something about that number. Next…

  • a list of games....

    A friend recently asked for a list of all the games I have available. And I'd made most of this list up a week ago, for someone else, and figured,…

  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments