staying consistent and permissions
at 11:11 I was playing basketball. at 11:11 I also decided I want to do this for real
Here’s a problem I’ve been trying to solve for a while now:
Suppose I want to create a testing platform for students and instructors.
- Instructors can have courses, courses can have sections, students, quizzes and teaching assistants
- Quizzes and teaching assistants can exist at the course level but they can also exist at the section level
- Quizzes have results and answers
Okay, so the question is really simple, how do I manage access?
It’s difficult to answer. TA’s can view the results of students in a section but they can’t view all the students in a class. And if you collaborate on a quiz, you can view all the results for students that have taken the quiz. But you can’t view any other results for the students.
My first intuition was to store the record ID of each asset (quiz, course, section, result, answer) and white list every user when they have access. I very quickly realized this was a bad idea. If you add a user, for every asset a user would need to access, the table with white listing access to records would have to increase by at least 6 entries in the table (if an instructor was added as a course collaborator and access would cascade to sections, quizzes, results, answers). This isn’t so bad.
What’s worse is the inverse of that. If you add a resource, say a quiz to a course. Every instructor collaborator would have to have cascading access. So would every TA, and every student, and all of a sudden you’re adding millions of records to the permissions table.
It also turns out, there is a solution.
2 - 02/26/2025