Take a peek at shiro spatial permissions maybe, it looks like it :) On Fri, Aug 19, 2016, 21:53 Brian Demers <[email protected]> wrote:
> Response Inline: > > On Fri, Aug 19, 2016 at 3:05 PM, chambrenoire <[email protected]> wrote: > > So store role-permissions as many role>permission rows rather than one > > role>permissionsAsString row per role. > > > > But how does this change the problem of accumulating large numbers of > role > > > permission associations as when there are many user > project > associations? > > With what I am suggesting (and it is defiantly not the only way to to > do this). Your users would not be directly > associated with a permission, they would be associated with a role, > and those roles would be associated with the permissions. > > How many projects do you have? a few thousand? or millions? How often > are would the permission to role mapping be updated? if infrequent, > and you have a manageable number, it would probably cache well. > > > > > Other question: I assume that (by default) project:p1:write doesn't imply > > project:p1:read? I would have to write my own code for such implications? > > Yes and no. > > Permissions are just strings, but if in your app write always implies > read (common scenario), you have two options, either add two > permissions to the role (read, and write), or assign a single > 'project:p1:read,write' permission. >
