I agree with this approach. +1
On Fri, Jun 18, 2010 at 9:03 PM, Suhothayan Sriskandarajah < [email protected]> wrote: > I believe the authentication is now stable in Photark. > I'm now going to start working on implementing a simple "Role Based > Access Control" next, and > here is the initial approach i have in mind... > > I thought of creating some well defined mutually exclusive roles > 1. Super admin Role : have only 1 user (The one who login from > FORM authentication) > 2. Registered user Role > 3. Unregistered user Role : the users who are not logged in. > 4. Blocked user Role > > And there will be other normal roles which are kind of a groups > (groupRoles) > these can be created by uses in "Registered user Role" and "Super admin > Role" > for e.g. > a RegisteredUser1 in "Registered user Role" can create a groupRole > called myFriends and add user1, user2 & user3 > and sets myFriends groupRole permissions to allow users to add/remove > images from AlbumA and AlbumB > > provided the users user1, user2 & user3 are also in the Registered > user Role they can execute the given permissions > and only the RegisteredUser1 and the Super Admin have the rights to > view and edit the myFriends Role (it's users and permissions) > > > each of these roles will have permissions > 1. Super admin Role : > * change users from one role to another (Registered to Blocked and other) > * view and delete all albums, image, album descriptions of all users > * create and manage groupRoles > > 2. Registered user Role : > * can create an album > * can delete his albums, edit album description and add/remove images > from his album > * create and mange groupRoles (add/remove users to it and change > permissions) , he can manage only groupRoles he created > > 3. Unregistered user Role : > * view the albums (only giving access to view by Unregistered user > Role) (public albums) > > 4. Blocked user Role : > * same as Unregistered user Role > > the roles are arranged in a hierarchy where > Super Admin Role (top) > Group Roles > Registered user Role > Unregistered user Role > Blocked user Role > > the basic permissions for now > *adding images > *removing images > *creating albums > *deleting albums > *editing album description > > I think this model is scalable in future. > Please do give your thoughts on this and guide me in the correct path > > Suho > -- Avdhesh Yadav http://www.avdheshyadav.com http://twitter.com/yadavavdhesh
