My approach is to set a published status for the document to be published. If it is a published status, it will be controlled with ACL; if it is an audit status (unpublished), an audit log will be created. Each log corresponds to an audit. Each link records the initiator and recipient. Only people in the audit log can access the corresponding issues and perform corresponding operations. Give a reference database structure.
$sql = "create table if not exists xxt_article_review_log(";
$sql .= 'id int not null auto_increment';
$sql .= ',mpid varchar(32) not null';
$sql .= ',article_id int not null';
$sql .= ',seq int not null';
$sql .= ',mid varchar(32) not null';
$sql .= ',disposer_name varchar(255) not null';
$sql .= ',send_at int not null';
$sql .= ',receive_at int not null default 0';
$sql .= ',read_at int not null default 0';
$sql .= ',close_at int not null default 0';
$sql .= ',phase char(1) not null'; // Review|Typeset
$sql .= ",state char(1) not null"; // Pending|Disposing|Forward|Close
$sql .= ',remark text';
$sql .= ",primary key(id)) ENGINE=MyISAM DEFAULT CHARSET=utf8";
Permission control is most suitable to be implemented by Shiro, a permission management framework based on RBAC, but the quality of using it depends on your level
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
My approach is to set a published status for the document to be published. If it is a published status, it will be controlled with ACL; if it is an audit status (unpublished), an audit log will be created. Each log corresponds to an audit. Each link records the initiator and recipient. Only people in the audit log can access the corresponding issues and perform corresponding operations. Give a reference database structure.
Permission control is most suitable to be implemented by Shiro, a permission management framework based on RBAC, but the quality of using it depends on your level