Hugo Santos bio photo

Hugo Santos

Twitter Google+ LinkedIn Github

Bitwise and CONSTANT values

Recently I read an article explaining how to use bitwise operations to grant or deny access to something. I liked the article so much that I’ll try to add it to my personal stack (my blog).

There are 4 types of bitwise operators: NOT, AND, OR and XOR. In Python these operators are ~, &, |, ^ respectively.

Truth tables

  NOT              AND            OR            XOR

ANOT A
10
01
    
A B A AND B
0 0 0
0 1 0
1 0 0
1 1 1
    
A B A OR B
0 0 0
0 1 1
1 0 1
1 1 1
    
A B A XOR B
0 0 0
0 1 1
1 0 1
1 1 0

Left Shift, Right Shift

If we have a byte representing an unsigned integer 1 (0 0 0 0 0 0 0 1) and make a left shift, we get 2 (0 0 0 0 0 0 1 0). If we make another shift to the left we get 4 (0 0 0 0 0 1 0 0) and so on.

On the other hand if we have a byte with the unsigned integer 4 (0 0 0 0 0 1 0 0) and shift it to the right, we get 2 (0 0 0 0 0 0 1 0).

In Python « represents left shift and » represents right shift.

Assigning CONSTANT values

Imagine we need to set some permissions to protect some sort of CRUD (Create Read Update Delete) system. Different users have different permissions. One user may have more than one permission. If he’s root (or superman) he may do all 4, but if he’s a guest he may only read.

To set all this stuff easily we can start by assigning PERM_CREATE = 1. Next is PERM_READ. But which value this constant will hold? Easy!! We can left shift PERM_CREATE and assigning it to PERM_READ. Therefore, PERM_READ = 2. And we do the same thing for the remaining permission items.

In the end we get:
PERM_CREATE = 1 (0 0 0 0 0 0 0 1)
PERM_READ = 2 (0 0 0 0 0 0 1 0)
PERM_UPDATE = 4 (0 0 0 0 0 1 0 0)
PERM_DELETE = 8 (0 0 0 0 1 0 0 0)

Did you follow the binary pattern represented above? Noticed all the left shifts?

Making sense of these constants

To give all permissions to the user A we can do:

PERM_A = PERM_CREATE | PERM_READ | PERM_UPDATE | PERM_DELETE

If we check the value of PERM_A, we get 15.

0 0 0 0 0 0 0 1 PERM_CREATE
0 0 0 0 0 0 1 0 PERM_READ
0 0 0 0 0 1 0 0 PERM_UPDATE
0 0 0 0 1 0 0 0 PERM_DELETE
=-=-=-=-=-=-=-=
0 0 0 0 1 1 1 1 => 15 (base 10)

Having PERM_A all permissions, if we want to remove the permission to delete we just ‘XOR it’. 

PERM_A = PERM_A ^ PERM_DELETE

And finally, to check if the user has permission to delete we just ‘AND it’.

if PERM_A & PERM_DELETE > 0:
    print 'Yes I can!'

This concludes the bitwise perm system.