DEV Community

Cover image for Build a Bitwise Permission System

Build a Bitwise Permission System

Jannis on October 20, 2022

Permissions are everywhere and very important to secure your application from unauthorized actions and potential data loss. A system to handle and ...
Collapse
 
naveennamani profile image
naveennamani

const naveen = DEFAULT + DEFAULT

Now I can enter LABORATORY

Collapse
 
jannisdev profile image
Jannis

That's not quite how it works and how you should do it in your application but technically yes πŸ˜‚πŸ”₯

Collapse
 
naveennamani profile image
naveennamani

That's why you should use only bitwise OR when combining permissions instead of addition as you used in your example.

Thread Thread
 
jannisdev profile image
Jannis

Now i get what you exactly mean. I was also thinking about this but now I realized.
I will edit this! Thanks

Thread Thread
 
naveennamani profile image
naveennamani

Yes, that's what I mean. You only said about adding permissions. For removing and toggling them you can use following operations

let naveen = DEFAULT;
naveen |= PARK; // add permission
naveen ^= LABORATORY; // toggle permission
naveen &= (~PARK); // remove permission
console.log(naveen);  // should be 3 (0011)
Enter fullscreen mode Exit fullscreen mode
Thread Thread
 
jannisdev profile image
Jannis

Awesome I'll paste that in the post πŸ‘

Collapse
 
zyabxwcd profile image
Akash

Woah, nice. Never thought permissions would be managed using such low level concepts when high level plug n play abstractions are the way to go these days. I would like to see implementations like these in other areas as well.

Collapse
 
jannisdev profile image
Jannis

Thank you a lot! In what areas would you prefer?

Collapse
 
zyabxwcd profile image
Akash

Not sure but I can give you a rough idea. When I was talking about low level concepts, I was talking about concepts included in OS design (drivers, interfaces, paging, separation of concerns by layering), computer architecture and programming language basics. Bitwise operators is one such topic that I think we only hear or learn about while studying computer science basics. But here its directly used to manage permissions in a very practical way and further on, you said that its ever more efficient due to its operating on a binary level.
By other areas, I can think of maybe plugging in security loopholes in applications (prevention of various injection attacks maybe) and optimization techniques for both space and time. I got a gut feeling that preventing injection attacks requires us to validate user input or user supplied data on the server and so maybe that is where we might be able to plug in bitwise operators to do things more efficiently.

Thread Thread
 
jannisdev profile image
Jannis

Now I get what you meant. I can only agree with that! πŸ”₯

Collapse
 
galileo profile image
JosΓ© Gilson

Nice job and excellent idea! Thanks a lot.

Collapse
 
webjose profile image
JosΓ© Pablo RamΓ­rez Vargas

The idea is actually a very old one. For example, this is exactly how NTFS permissions work.

Collapse
 
jannisdev profile image
Jannis

That's correct. But even if it's old it's still very useful. It's also very fast. If you get deeper into it you begin to love the simplicity and scalability.

Collapse
 
jannisdev profile image
Jannis

Thank you very much! πŸ™

Collapse
 
userr profile image
Dominic Ruggiero

Interesting! I've heard of bitfields, are those similar?

Collapse
 
jannisdev profile image
Jannis

I've looked into bit fields and it says A bit field is a data structure that consists of one or more adjacent bits. So it seems like yes those are familiar and in my understand a bit field is in this example either DEFAULT or LABORATORY but also
them combined e.g. Jenny is a bit field. πŸ”₯

If someone knows more specific about this feel free to correct me πŸ˜‰.

Collapse
 
boxtonie profile image
tonie box

Du bist Meine Rettung! DAS war das was ich unbedingt gebraucht habe!!!!!!
Vielen Dank fΓΌr das tolle Tutorial

Collapse
 
jannisdev profile image
Jannis

It's a pleasure! I wish you much succes! And happy coding πŸ˜‰

Collapse
 
brentdalling profile image
Brent Dalling

I built something similar. However, it was for storing days of weeks. It aims to reduce data size on large datasets. Say, a booking system with millions of records.

npmjs.com/package/daystobits

Great job explaining how it works! Kudos!

Collapse
 
jannisdev profile image
Jannis

Very nice! πŸ”₯