Good morning everybody, I am trying to transfer our existing task management from a MySQL base towards Neo4J as this seems to fit better. Unfortunately, I am at the beginning so its time to develop some graph-thinking and get rid of the relational tables.
The first thing I am struggling with is to develop a permission concept for the two questions: - Does the user has access to that page? - Does the user is allowed to read, create, edit or delete (r,c,e,d) an object The users are assigned to roles and on top are organized in groups. A user can be member of different groups and is also able to hold different roles in a group, e.g. he can be a normal member in group A and be a superuser in group B with extended permissions. Also we have a menu with main menu points, submenues and pages. So when I target a special site, lets say view of a task, I have to check the following things before the user can see the site in total: 1. Is the user logged in correctly (I would consider having a relationsship with an active status between user and main menu node as permission to log in -> would be stored in a session after check, so this runs only once) 2. Does the user has the permission to select the main menu, the sub menue and the page? Here the interesting part starts. I could think of a parent/child relation between the main menue, the sub menue and the site node. While checking the permissions I would start with the site node and lookup if I have a relation towards the user with permission (r,c,e,d) - if I find one I am set. If not I would travel to the next parent node (here sub menu) and would check again. If I have a relation I would assume that this is also valid for the site and I am set, as the site doesnt have its won relation towards the user. If not I would travel to the main menu node. No relation means that the user is not allowed to see that site at all. A found relation would been valid for all nodes below which have not a direct relation to the user. As long as I have no relationsship between user and node for the current level I would consider the level above as valid also for this child node - else the permissions of the child node override any permissions of the parent node respective I would not even read the permissions of the parent asd I have found child permissions. 3. The same would be valid for a task action entry - I would need to check, if the entry has permissions (e.g. it should have a r,c,e,d permission towards the owner of that action entry and maybe it has r,c permissions for the users of the same group the parent task node is assigned to and maybe r only for all other users. For me as beginner this would mean that I need to create relations between users and all relevant objects, which holds then the allowed permissions to access the node in question. Looks like a lot of relations between user-nodes and each node in the graph - is that a proper approach? I am unsure if thats the way to go and would appreciate hints or links to existing threads / examples very much. As sidenote: I am working with PHP 5.4.7 (Zend Engine v2.4.0) and Neo4J 2.0.1 - so I appreciate very much examples that deal with PHP if available. Thanks to all for reading, Kami -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
