Comments on: How to write a permission system using bits and bitwise operations in PHP

By: tahir

tahir — Thu, 26 May 2011 10:06:36 +0000

Thanks for the quick repoly.

Infact i wanted to design a customized security module which can work on fields level. meaning every field in my application can have enable/diable/visible flags that can be configured for each user/group.

The idea is to use same technique (bitwise operators) which will eliminate defining hundereds of fields in my database and i will only define a few integer values for each user and screen combination.

I have tried to simulate the same with the provided example, it worked but the real problem now is the 32 bit nature of Int in C# cannot possibly go beyond 32 fields at most.

Any better thoughts for moving forward.

By: Codehead

Codehead — Wed, 25 May 2011 16:56:19 +0000

I’m not exactly understanding your question but if you mean what I think you mean then yes…

By: tahir

tahir — Wed, 25 May 2011 08:40:36 +0000

Thanks for the great article.
Can we use the similar approach to design the field/object level security and plug this with the customized security manager ?

By: Codehead

Codehead — Fri, 14 Aug 2009 20:19:39 +0000

Do you mean keeping permissions in a database so you are not hard coding it?!

If that’s what you mean, it’s OK to do it that way in situations where you need it otherwise you should always keep it simple…

Of course, permissions for each individual user should be kept in the database.

By: Kétszeri Csaba

Kétszeri Csaba — Fri, 14 Aug 2009 14:53:12 +0000

Fist of all it is a great example page to demonstrate the use of bitwise operators, but… implementing the example permission system this way is not as much flexible as it couud be in sql

users (userid PK, etc…)
permissiontypes (permid PK, etc)
user_permission(userid FK, permissiontype FK)

You would have much easier code on the long rin and implementing the mentioned group (role) based authentication is a breeze.

And yes, of course it is way better to wrap it with a permission class if you ever have to use a standard user/permission repository for example by LDAP.

By: Mendi

Mendi — Tue, 04 Aug 2009 14:54:46 +0000

Thanks! This is a great help for me!! Good job!

By: Codehead

Codehead — Thu, 30 Jul 2009 21:09:10 +0000

If you have to track more that 32 permissions then you could have permission groups I guess…

By: Tom

Tom — Thu, 30 Jul 2009 10:54:35 +0000

I understand that..
I asked it because I want to write a ACL class of my own.
And bitwise is the easiest solution in this case. The bit limit is something I don’t like though

By: Codehead

Codehead — Wed, 29 Jul 2009 20:56:31 +0000

Yes, that is technically correct, so you could have permission groups maybe…

I would assume 32 bits though, since you don’t know where your code is going to run.

By: Tom

Tom — Wed, 29 Jul 2009 20:25:38 +0000

Nice article, but does it mean that if you fix it this way, that you can only have 32 rights on a 32bit system and 64 rights on a 64bit system?

Or does it work in another way?