User Privileges

General PHP Help
#1

I have a users table in my database and I want to give various users a range of different permissions.

I don’t want to have another table for each ‘function’ then a sperate table linking each privilege and each function to each user (which seems the most straightforward approach but also means having 3 tables at a minimum to allow users access).

Also, there aren’t set levels, so, for example, I can’t just range a user ‘Moderator’, ‘Supervisor’, ‘Admin’ and ‘Super Admin’ level access via a single integer in the users table.

To explain that further, let’s say I have Function A through G. User 1, might have access to functions A, B and G while user 2 has B, D and E, user 3 has A, E and G and so forth.

At some point, I may also get Function H, I and J.

Is there another way to approach this?

#2

What do you mean by “functions”?

You can assign an array of items such as “A, D, G” and just save them in the user’s access level field in the database and then check for them as needed. You can split the values into an array. Then, just check if the function letter is IN the array. There are PHP functions for these.

Depends what you need to control by these. How do you set them? Who sets them? More info would help. But, just create an access-level field and load it up and you should be able to get it sorted out.

#3

Functions are just different sections of the administration portal. A could be, users, B could be email lists.

So if I coded it so
A: Users
B: Emails
C: News
D: Alers

and I wanted to save user 34 to have B and D how would i save this into their database?

Remembering I would run a script to say if user permission B exists show the page else show an error.

#4

Well, I would just create a list of checkboxes. Each one would be assigned a letter or the actual value. Either works. Why keep thinking if it is a A, convert that to Users and if a B convert that to Emails, etc. Just use the live values. Each check box could have a value of Users, Emails, News, Alers, etc…

Then, you just click the ones you want. The NAME of the check boxes would be something like an array name so you can put them all in one name. Like “portals[]” which would be an array. Then, when posted all the ones with a checkmark would show up with the values in them, like Users/Emails/Etc… to read it in, just use $portals=$_POST(“portals”) and it would create an array for you with all the valid ones in place. Then, you can use that array and check if the one you need to display is checked using the in_array() function.

Not sure if that is what you are asking for, but, I think it will work for you that way.

#5

and how would you recommend I store this in my database?

#6

Well, I would guess you just need one field in your user’s table. Call it something like user_access_level or user_portals. Something that clearly indicates what the field is used for. Then, when you store the options from the check-boxes, just store them as-is. They would already be in an array format. Simple that way.

For instance, if you have two check-boxes, you would name them this way:

<input type='checkbox' name='portals[]' value='users'>
<input type='checkbox' name='portals[]' value='emails'>
<input etc...>

When you post your page, the php code that reads these would be something like:

$portals = filter_input(INPUT_POST, ‘portals’);

This would capture ALL of the check-boxes that were checked. Any not check will not be inside this array.
Just save that variable in your database table’s field. Simple enough. You would need to add some code to display the checked and non-checked ones when you start so that the previously checked boxes show as checked. Perhaps you should create the field in your database to start with and create a simple test page that loads the previously saved data for one test person so you can get it all working correctly. Then, post that test page here if it does not work for you. Just start with two or three check-boxes to make the page simple to debug. I think that would be a good starting point for you. Help this helps…

#7

Why are you against the standard practice of role based or group based permissions? It is easier to maintain in the long run.

#8

I’m not against anything! He is a beginner and was just giving him an idea where to start. I don’t see you giving him any examples of more complicated role based group permissions… Jump in and give him an alternative idea and he can pick which he wants to use. I am sure yours will be more advanced than mine, but, you did not show any code for him to work with…

#9

It wasn’t in reference to you @ErnieAlex, but a question to the OP on their initial request.

#10

http://phprbac.net/

Are a few examples of how to do it, but I was wondering why the NOT wanting to do the long term solution over a short term hack?

#11

Well, he wanted it simple, so I assumed it meant he wanted low overhead. Adding just one field to the user’s table seemed simple. The SitePoint tutorial is good if you need to control a lot of users. The poster did not really explain what his site was for or about.

#12

The only troubling thing with storing an array in a single column, is you end up with a delimited list which breaks normalization and complicates matters later on. Adding 2 additional tables has very little overhead and is scalable long term; and it is on the user level. Adding a third column is better to allow group policy (depending on what exactly you are trying to limit), but does add additional complexity. It also makes things easier as well. When you add a new process, it is far easier to assign that to a group, rather than all users that need it, because those have already been defined.

Sponsor our Newsletter | Privacy Policy | Terms of Service