How does Facebook handle Privacy settings in database side?

What are the design patterns to design privacy system like facebook's.

User decides which information to share based his friend groups. All user information (email, phone) is stored i开发者_开发问答n the data table which just key = value table.

Current Tables:

• User - (id)
• UserData - (id, user_id, datatype, value)
• Friendship - (user_id, friend_id, friendgroup_id)
• FriendGroup - (user_id, name)

Example:

• X group can see phone_1
• Y group can see phone_2
• All groups can see phone_3

This schema can be changed.

You will have to make permissions table for FriendGroup. In that you have to gather permission given to each FriendGroup while making group or user can change that permission.

Prmissions(permission_id, friend_group, parameter, visible)

Example:

• X group can see phone_1
• Y group can see phone_2
• All groups can see phone_3

(1,x,phone_1,true)
(1,Y,phone_2,true)
(1,x,phone_3,true)
(1,Y,phone_3,true)

You can more see about ACL following links:

Database model with users, roles and rights

A Role-Based Access Control (RBAC) system for PHP

Patterns for building social network type applications?

I have created a gem called Privacy setting that can help to integrate simple privacy setting to Rails application. Check it out: https://github.com/xuanchien/privacy_setting

You want a role-based rights management system. Take a look at the CanCan or DeclarativeAuthorization gems.

you can add a column name permission with all fields like

phone_number and phone_number_permission, photo and photo_permission and use value 0,1,2,3 in permission column

permission rights
0. Not show to anyone
1. Show to friends
2. Show friends of friends
3. Show to groups and who are your friends

you have to manage this permission on view data on profile page.

if user == friend and permission == 1 show data