From: Joao Prado Maia Date: March 4 2004 4:00pm Subject: RE: FW: eventum - permissions & roles List-Archive: http://lists.mysql.com/eventum-devel/11 Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Marcin, Sorry for the delay in answering you, but I had a busy day yesterday (as usual). Here's what I have in mind for a permission system that can be expanded and customized: - Permission level titles should be customizable - Allowed actions should be attached to each permission level - Permission levels should be associated to many projects So in practice, what we would do is create the following tables: permission_level prm_id, prm_title project_user_permission_level pup_prj_id, pup_usr_id, pup_prm_id (unique key on [pup_prj_id, pup_usr_id]) permission_action pra_id, pra_title permission_level_action pla_prm_id, pla_pra_id And then in each part of the code that needs to handle the supported actions, we will add a condition to check to see if the permission level of the current user allows for that action to be performed. If not, an error message is displayed. This is my idea for the perfect permission system, but I can always discuss changes to it. I just wrote this pretty quickly, but it seems correct at first glance. --Joao