4

Stack Overflow 有一个基于积分的权限系统,它决定了网站上的很多事情,例如您可以编辑的内容以及向系统添加新标签的能力。

你会给设计这样一个系统的人什么建议,特别是关于架构实现的建议?你在哪里存储权限?您如何使用这些权限来确定哪些字段在视图中显示为可编辑?有没有好的开源代码示例可供学习?

关于对象模型(例如问题或文档)的所有权或共享,在该对象的模型上存储对所有者的引用与在帐户模型中存储对该对象的引用有何优缺点?例如

document = { id:          21234,
             owner_id:    4d3ca9f1c067,
             shared_with: [a50d1e000138, 4d3ca9f1c067a, 50d1e000138] }

对比

user = { id:              4d3ca9f1c067,
         documents_owned: [21234, 31452, 12312],
         collaborates_on: [23432, 43642, 12314, 23453] }
4

1 回答 1

1

Store the permission in a separate model as permission-required points pairs.

In the view, determine whether the logged-in user has sufficient permissions per item to display, referring to the permissions model described above.

Model options: I'd prefer the former since (1) it has a simpler, flatter structure, so no nested loops through the user table when listing questions, and (2) deleting a document will not entail updating a user object. (Unless their score drops when the doc is deleted or such.)

于 2011-02-23T19:52:34.353 回答