Implementing privileges system – advice needed

I want to build privileges system.

Assuming that in my application i have the following models:

- User
- Organization
- Event

I want my User to have roles like i.e editor but then **i also want to associate this role with some set of privileges.**

**Examples of things i want to achieve:**

-Bob has a role editor and can edit organization title.
-John has a role editor and can edit organization title and add photos.
-Mathew has an employee role and can create events and add upload materials


My ideas:

**I. Privileges code**

Create tables privileges containing:

- user_id - reference to user record form users table
- name - i.e editor - general indication of a role
- resource_type/id - polimorphic columns - reference to either Organization, Event or some other model that user has previleges applied to
- privileges - number composed of 'enumm' values mapping to certain privileges in a given model


class Organization < ActiveRecord::Base @@editor_privileges = { edit_description: 1, add_photo: 2} # ... end When user(1) can edit description of the organization(2) and add some photos: *privileges table:* user_id: 5 resource_type: "Organization" resource_id: 8 privileges: 12 **II. Store array of privileges** Basically the same idea as above but i would store the array of privileges either in a form of integers mapped from a 'enum like variable' in a model or just strings like "adding_photos" which doesn;t look so tidy but it would be more readable when looking at the table. user_id: 5 resource_type: "Organization" resource_id: 8 privileges: [12] **III. role has many privileges through role_privileges** In this example let's consider tables: - **roles**: - user_id - ref to the user record - resource_type - (polim.) resource that user is about to have privileges to - resource_id - name - role name i.e employee, editor.. - **privileges** - resource_type - resource_id - reference organization or event.. - privileges - i.e "adding_photos", "editting_title" - **role_privileges** - join table - role_id - privilege_id **Relations:** Organization: - has_many :privileges, as: :resourcable Event: - has_many :privileges, as: :resourcable User: - has_many :roles Role: - has_many :role_privileges - has many :privileges through: :role_privileges Privilege: - has_many :role_privileges - has many :roles through: :role_privileges - belongs_to :resourcable, polymorphic: true RolePrivilege: - belongs_to :role - belongs_to :privilege **Graph** [db schema - privileges system][1] [1]: not sure if Role is the right name for this just represents user and associated role on a given resource. I want my system to be easily scalable and relatively fast. Please, give me some feedback because i have never implemented such things and don't know if this is the right direction. If not, please give me some other clues on how to approach such problem. best

Leave a Comment