Adding user rights assignments using bitmasks

Geek content

So, for the longest time now, I've have had to deal with the legacy of a website that I didn't create, at work. It's like an online application for the management team and our employees, showing statistics, attendance and adherence data, and a bunch of other stuff.

It ain't bad, but it ain't good. The first incarnation I had nothing to do with, the second is only slightly better (and considering the guys who created the system started out with no knowledge of HTML whatsoever I have to admit they did a hell of a job), the third incarnation is better yet (DIVs and CSS instead of a table based layout), but it still uses the legacy access control system…

… are you ready? Sitting down?

"Singularly assigned user groups". Each group is assigned a number (1 through 8) which indicates what people can see and do…

… and each user can be assigned to one group. No overlaps. No sharing. Worst of all, if someone in a lower group needs access to a page that's restricted, his ID must be hard-coded into an exception list.

Yeah, *shudder*, right? Consider that the web server is an IIS 6.0 server using Classic ASP and .Net 2.5 installed, and it's a downright nightmare.

And for months, it got me stumped. Searching on the internet for better ACL systems or any other method to allow for a better definable user management system only led me to true nerdsites where they used magical terms like "bitmasking" and "user rights tables".

You'd think there were explanations, but if there were, you'd need a degree in advanced mathematical science to even remotely understand them.

Until I stopped looking for what I wanted, and focused on what I needed…

Read more »