Chapter 6: My permission control methodology - distributed permission control

Author:neo yang Time:2022/06/07 Read: 6271
Article outline 1. Distributed role permission system 1. Distributed permission control with front-end and back-end separation 2. Multi-terminal distributed permission control at the front end 3. Multi-mode back-end […]

Article outline

1. Distributed role permission system

1. Distributed permission control with front-end and back-end separation

2. Front-end multi-terminal distributed permission control

3. Back-end multi-module distributed permission control

2. Distributed credential authority system

No matter which SAAS or management system it is in, the design of permission control is a complex matter.

Let’s first take a look at WordPress’ permission design.

CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
create_sitesY     
delete_sitesY     
manage_networkY     
manage_sitesY     
manage_network_usersY     
manage_network_pluginsY     
manage_network_themesY     
manage_network_optionsY     
upload_pluginsY     
upload_themesY     
upgrade_networkY     
setup_networkY     
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
activate_pluginsYY (single site or enabled by network setting)    
create_usersYY (single site)    
delete_pluginsYY (single site)    
delete_themesYY (single site)    
delete_usersYY (single site)    
edit_filesYY (single site)    
edit_pluginsYY (single site)    
edit_theme_optionsYY    
edit_themesYY (single site)    
edit_usersYY (single site)    
exportYY    
importYY    
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
install_pluginsYY (single site)    
install_themesYY (single site)    
list_usersYY    
manage_optionsYY    
promote_usersYY    
remove_usersYY    
switch_themesYY    
update_coreYY (single site)    
update_pluginsYY (single site)    
update_themesYY (single site)    
edit_dashboardYY    
customizeYY    
delete_siteYY    
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
moderate_commentsYYY   
manage_categoriesYYY   
manage_linksYYY   
edit_others_postsYYY   
edit_pagesYYY   
edit_others_pagesYYY   
edit_published_pagesYYY   
publish_pagesYYY   
delete_pagesYYY   
delete_others_pagesYYY   
delete_published_pagesYYY   
delete_others_postsYYY   
delete_private_postsYYY   
edit_private_postsYYY   
read_private_postsYYY   
delete_private_pagesYYY   
edit_private_pagesYYY   
read_private_pagesYYY   
unfiltered_htmlYY (single site)Y (single site)   
unfiltered_htmlYYY   
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
edit_published_postsYYYY  
upload_filesYYYY  
publish_postsYYYY  
delete_published_postsYYYY  
edit_postsYYYYY 
delete_postsYYYYY 
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
readYYYYYY

Based on user roles and user levels, a hierarchical role authority control system is implemented.

The WordPress permission control system is a very classic permission control system. However, because WordPress is very “lightweight” in terms of users and permissions, the WordPress permission control system can be said to be only a complete “skeleton”. However, it is only Even a skeleton is enough to make many people dizzy.

So, you can imagine how outrageously complex permission control can be in those large and complex systems.

I have worked on many products, covering a wide range of areas. The permission control system is involved in almost every product, so I have accumulated a lot of experience in this area.

I have optimized and simplified various permission control systems countless times. Finally, a simple and effective method was summarized. I call this method: distributed permission control.

The most fundamental reason why permission control is complicated is that centralized permission design, distribution and management force us to consider various roles in various scenarios from a "centralized" perspective. of "can" and "can't".

However, if the distribution and management of permissions are decentralized, everything will become much simpler.

1. Distributed role permission system

Classic permission control systems are centralized role permission systems.

The role permission system has always been the mainstream.

What is introduced here is the distributed role permission system.

Regardless of whether it is centralized or distributed, the role permission system has one thing in common: roles determine permissions, and who determines what capabilities they have.

The distributed role permission system can be divided into three types.

The following content can only be viewed by VIP users.

Subscribe to VIP

Subscribe to my VIP membership and you can read all paid VIP content.

If you are already a VIP member, please log in.


copyright © www.lyustu.com all rights reserved.
Theme: TheMoon V3.0. Author:neo yang