Database-driven policy feature

I still remember back then when I was working as a trainee in one of my former companies. My boss gave a requirement wherein a user will only have specific areas of the application(this is a webapp) which he can gain access. I have to admit that it was one hard task for an inexperienced developer like me back then... It actually still is right now... I have very little idea and to think that everytime you access a page, you require database access so the app would verify if you are indeed allowed to access that facility. How is this done?

Basically, you have a list of pages with let's say page_id, page_name fields... I'll assume you also have  a users_tbl with user_id, username, password, etc. fields in it


+--------------------------+
users_tbl
--------------------------
user_id
username
password
...
...
+--------------------------+

+--------------------------+
pages_tbl
----------------------------
page_id
page_name
+--------------------------+


Now, I have a  lot of doubts with this second step wherein you have a many to many relationship and has a user_id, and page_id referenced to it.


+--------------------------+
permissions_tbl
----------------------------
permission_id
user_id
page_id
+--------------------------+





This is all just from the top of my head... I wasn't actually able to implement this so if any of you guys has a suggestion or much better if you've done something like this before please correct my mistakes and give suggestions. Thank you.




Published 09-06-2006 9:46 PM by lamia
Filed under: