Skip to content

Instantly share code, notes, and snippets.

@kpnemo

kpnemo/users_groups_showobox.md

Last active August 29, 2015 14:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kpnemo/d7f65af06d1d7132b029 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kpnemo/d7f65af06d1d7132b029 to your computer and use it in GitHub Desktop.
Download ZIP
users_groups_showbox
Raw
users_groups_showobox.md

mongo #Users { _id: 'user_id', name: 'name', group: ['group_id', 'group_id'], // or null if not part of any group role: 'role_id' }

mongo #Groups { _id: 'group_id', name: 'Group Name', group_admin: ['user_id', 'user_id'], group_role: 'role_id' }

mongo #Roles { _id: 'role_id', name: 'user', //roles for groups and users rules: { can_edit: true, can_publish_youtube: false, can_upload: true, can_view_group_bin: true } }

The flow:

User can be added to group by adding group_id to user.group array, same way to remove user to the group User can be group admin by admin user_id to group.admin array. To remove, just remove the user from this array

Those two very fast with mongoDB.

To get all users from the group, you just fetching users where group.id in group.

This is top layer group user abstraction. Now, about permissions.

Groups and Users can be assigned to Roles (user, admin, super_user, system_user) and so on. Every role hav a rules object with true/false rules.

We merge those rules, that user role always owerite group_roles. For example regular user added to group Canal. Canal has a role of 'users'. So all users have a regular users permissions. But the admin role will be changed to user.roles['group_admin']. So those admin users will have more rules, for example {can_see_other_users_shows: true}

This way we can manage permissions by roles, or create special roles for special groups without changing things.

Now, let's go deeper. How do i fetch group bin, or how to fetch group warehouse items or group format. There is 2 ways to do it.

#Fetching Group bin

  1. Get group users
  2. Generate query to MIS with user_id[]=id&user_id=[]

#Get Warehouse items for specific group

  1. Get group id
  2. Generate query to MIS with group_id=id

So on API level the permissions (what user can or can't) will be filtered for every request. Those filters work's very fast.

This user/group/role model is a basic model from drupal/wordpress, with a small change because of the database. So the data model a little bit adopted to work very fast with mongo. If we were in relation DB the structure was a little bit different.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment