How does discord manages roles and permissions in database?

Question

Users can have multiple roles, roles have multiple permissions, and roles are protected by servers. I was wondering do they use relational db for that? Is django capable of doing such thing? Because to fetch each user for server with role will be very expensive. Does discord uses django for this or any other framework? Any thoughts please? I am trying to build a similar schema but I think it will be very expensive for the db transactions and queries.

I have workspace, workspace have users, users have multiple roles, roles have multiple permissions(groups in djangos). And I think this will be very expensive to call a single user to check whether he belongs to this group or not.

Answer 1

If you check out the developer documentation of Discord, especially the Permission part, it might actually be quite straight forward:

The Role Structure shows us that it has a permissions field which is a string. Internally, the strings should be converted to BigInt but are represented by strings because some languages cannot display big numbers (such as JavaScript).

So, to realize a system like Discord, you actually only need two tables:

Users

Roles

This is because roles also use a Snowflake ID and are thus globally unique.

Of course, we somehow need to store what roles a user possesses. The simplest way to realize this would be a field in the User table that just takes comma separated strings. Whether that's performant or not is up to the developer implementing it. The obvious other way would be a mapping table like User_to_Role which maps the users to their roles in a 1:n relationship.

The last step would be to calculate the permissions a user ultimately has but this depends on how you want it to work. As for Discord, they probably check the permissions based on the context, which means the action a user is trying to do.

For example, if a user tries to send a message in a specific channel on a specific server, they will fetch all the roles a user has* and then use bitwise operations on each of the roles permission bits to see whether or not they have the corresponding permission.

Example:

Let's say the user has exactly 1 role with the following permissions (according to Discord's developer documentation): 66624

You would then check if the user has the SEND_MESSAGES permission. In this example, I'll ignore overriding permissions or whether or not the role has the administrator permission.

permissions = 0x400 | 0x40 | 0x10000 # 66624 (VIEW_CHANNEL, ADD_REACTIONS, READ_MESSAGE_HISTORY)

(permissions & 0x800) == 0x800 # False

As you can see, the role does not have the permission to send messages so now the application can act accordingly and display an error or another way to communicate this information (Discord just disabels the chat input, for example).

This is obviously just a very simplified way to look at it and most likely not the most optimized way either, but it should give you a good overview on how it could be done.