views:

79

answers:

3

I am rolling my own blogging system and I am wondering how to determine permissions and implement them in a blogging system?
What should be the permissions for a commenter, a blogger and an admin?
What is the best way to implement them?

+1  A: 

I'd go with a combination of a decoupled authentication component, that you can ask if the current user has the role X, and if so allow them to do the thing. That way you can leave the specifics of groups and expiry etcetera to the authentication component.

You could combine this with some specialized authentication for your blogging engine, eg. having a list of posters in the blog object, and always allowing those persons to make posts.

svinto
This doesn't really answer most of the question.
the_drow
Can you clarify the question?
svinto
+1  A: 

Give each user a "privilege" value and store it in the users table in the database.

for example:

  • 0: plain user (can comment)
  • 1: writer (can write new posts and modify his own posts)
  • 2: moderator (accepts/deletes comments)
  • 4: admin (access to all)

Use a combination of serverside sessions and cookies for logins.

For "advanced" user privileges, use bitmasks and create groups.

Bitmasking: for example, using previous values, user level 3 (2+1) would have both writer and moderator privileges.

Pedro Ladaria
+1  A: 

You didn't mention what language/framework you're using. Django includes a very useful and complete set of permissions that you can get up and running with. I'd assume that there are a number of other web frameworks that do the same.

Therefore, my advice is to find a web framework that you like and think is fun (this sounds like a personal project after all) that will handle these kinds of things for you.

Jason Baker