I would just like to ask anyone out there who has ever programmed an application that allows an administrator(through a web interface) to control which page or option or field of a form are available and whether they are read only , editable or not, whether a user has the rights to delete or not based on the authorizations a person is given. I am sure there are applications out there that have been developed with such features but how messy or complicated were they?
to programme an application with page control(controls which page a user can see or not) is not too difficult but to not only control that page access and also the visibility of those fields in that page and its properties such as editable or not, i think it might be quite a headache
if i were to store all these access control list information in a database, how would the information be organized ?
i have come across applications that store references to elements to a form in a page as a "page.form.element" string so that at first glance, it becomes immediately recognizable in the database to a human to which element in the form does this permission belong to and the application also uses this string(the identifier) to match its permissions according to the the user rights.
is there already a design pattern out there already for this issue? I hope seasoned developers might be able to give me some pointers or shed some light into this issue cos i think a lot of people might faced the same task and go about it in different ways, some better than the others , some worse