As a role model (User — Roles) to implement the ban?

0 like 0 dislike
10 views
I have implemented a user some roles
When registering, the user automatically receives the ROLE_USER role
It is possible to set ROLE_ADMIN, ROLE_MODERATOR etc.

But I want implement the ban and did not quite understand how this is done
the essence of the ban to the prohibition of certain actions, for example write a message, put a + under the message etc
It is necessary to add ROLE_BAN and check every time? Or you need to remove ROLE_USER?

Bans also assumed in several levels, the higher the level of the ban, the more action will be denied.

As typically implemented ban in such cases?
by | 10 views

3 Answers

0 like 0 dislike
You described user roles.
Want to create the role of ACL (access level system), lowering operating privileges.

First, create an ACL for all user roles that You described (USER_ACL, MODERATOR_ACL, etc.). This is a table with privileges (bit mask with powers of two): 1,2,4,8,16,32,64, etc. the Sum of these values gives the number that uniquely identifies the ACL to access the different functions.

Then create a different BAN-sets (ACL on the same kreteriyam).
BAN_CHAT, BAN_EDIT, BAN_DELETE, BAN_REOWNER etc.

And current *_ACL subtract BAN_*.

Received and will be applicable ACL, but with limitations on the BAN mask.
(less than or equal to 0 - means all without any rights)
by
0 like 0 dislike
I'm usually in a DB done for a home project column "ban_level" and there entered a figure depending on the restriction level of the person. And the code is already processed.
1 - Mut chat, 2 - lock account, 3 to reset the password, etc.

Then a couple of years have made this approach: each user created a column with the restrictions, initially empty, as violations in the json I was down there a string limitation (because it was impossible to divide the levels of the constraints. you can only limit specific action). Then every time I get from the database - and tested - is there a limit or not on the current action
{"restrictions": { "chat", "levelup", "teleport"}}
by
0 like 0 dislike
As an option to do some separate table type
permission will be right, like the right to work, the right to edit the message... the attitude of the user permission table for many-to-many. And thus we can each user to issue any rights. At check-in on default give the right to translation editing, adding posts, etc. Or can all razvernut in the opposite direction. All rights added so forbidden, all that is added is allowed. Well, you can also like to think that such a user with ROLE_USER should be ignored values for example rights to change a role to a user, ban polzovania (admin rights)
by

Related questions

0 like 0 dislike
5 answers
0 like 0 dislike
3 answers
asked May 20, 2019 by drboboev
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
110,608 questions
257,186 answers
0 comments
33,949 users