This is just a design proposal for a permission system; it does not contain any code.

Overview

What is Bitwise operations?

Bitwise operations are calculations performed on binary bits, but do not include mathematical operations such as addition, subtraction, multiplication, and division. Common bitwise operations include AND (&), OR (|), NOT (～), XOR (^), left shift («), and right shift (»).

• AND: As the name suggests, 1001 & 1010 => 1000. The result is 1 only if both corresponding bits in the binary representation are 1.

• OR: If either bit in the binary representation is 1 (e.g., 1001 | 1010 => 1011), the result is 1.

• NOT: Bitwise NOT. This is a unary operator; in binary representation, 0 becomes 1, and 1 becomes 0 (e.g., ～1001 => 0110).

• XOR: If the bits in the binary representation are not equal, the result is 1.

• Left Shift: Each bit is shifted to the left, discarding any overflowing bits (higher bits on the left) and filling the lower bits (right) with 0s (e.g., 0b00001010 « 1 => 0b00010100 => 10 * pow(2 * 1) => 20).

• Right Shift: Each bit is shifted to the right, discarding any overflowing bits (lower bits on the right) (e.g., 0b00100100 » 3 => 0b00000100).

Permission struct

Here are a few concepts to understand:

1. Permission Node: Used to indicate what permissions a certain function requires. For example, in Minecraft Java Edition, if you need to ban a player (using the /ban command), you need the minecraft.command.ban permission. This example isn’t part of our solution, but it’s similar.

2. Permission Index/Coordinates: Used to indicate the specific operation permissions for a certain function. For example, in the Linux operating system, each file has basic permissions (read, write, execute), with permission values ​​of 4, 2, and 1 respectively. Each permission is represented by a binary bit (rwx -> 000 ~ 111), with a value of 1 indicating the granted permission.

To give a specific example:

Permission nodes: CRUD for Order(node = 0) and CRUD for User(node = 1)

Permission position define: C -> 0, R -> 1, U -> 2, D -> 3

Permission list: Create Order: {node = 0, pos = 0} Read Order: {node = 0, pos = 1} Update Order: {node = 0, pos = 2} Delete Order: {node = 0, pos = 3}

Create User: {node = 1, pos = 0} Read User: {node = 1, pos = 1} Update User: {node = 1, pos = 2} Delete User: {node = 1, pos = 3}

Notes: The calculation method for other permissions is similar, and each POS can be expanded to 63 (i.e. 64 bits)

How to grant permissions?

If user ‘Steven’ can ‘create’, ‘read’, and ‘delete’ orders, his permission set is {idx = 0, number = 11}.

number = (1 << pos1) | ... | (1 << posN)
number = (1 << 0) | (1 << 1) | (1 << 3)
= 0b0001 | 0b0010 | 0b1000
= 0b1011
= 11

How do I revoke permissions?

If I want to revoke ‘Steven’s’ permission to delete orders, his permission set is {idx = 0, number = 3}.

number = number & ～(1 << posN)
number = 0b1011 & ～(1 << 3)
= 0b1011 & ～(0b1000)
= 0b1011 & 0b0111
= 0b0011
= 3

How to check Steven’s permissions?

We can use bitwise operator.

We were know Steven’s permission set is {idx = 0, number = 11}.

1. Check create permission: (number » pos) & 1 == 1 -> (11D » 0) & 1 == 1 -> (1011 » 0) & 1 == 1 -> result is 1.

2. Check read permission: (number » pos) & 1 == 1 -> (11D » 1) & 1 == 1 -> (1011 » 1) & 1 == 1 -> 101 & 1 == 1 -> result is 1 or true

3. Check update permission: (number » pos) & 1 == 1 -> (11D » 2) & 1 == 1 -> (1011 » 2) & 1 == 1 -> 10 & 1 == 1 -> result is 0 or false

4. Check delete permission: (number » pos) & 1 == 1 -> (1D » 3) & 1 == 1 -> (1011 » 3) & 1 == 1 -> 1 & 1 == 1 -> result is 1 or true

Tips: ‘11D’ represents decimal ‘11’.

If the result is 1, then he has this permission.

Features