We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

PHP/MySQL Permission Schema advice

t3chguy
t3chguy asked
on
Medium Priority
197 Views
Last Modified: 2012-05-11
I have a table that contains is laid out as so:

employee id   superman    admin    management    etc etc

Where each column is a permission set.  The values are either 0 or 1.

What I've been doing is in each program is the following:

if ($Superman == 1 || $Admin == 1)
  {
 //Run the program
  }

else
  {
  die ("Not allowed);
  }

What I'm wondering is how can I implement this better so I can handle all permissions and programs in the database table rather than hardcoding it in the database.

The only piece that is confusing to me is that one user may belong to three or four different groups.
Comment
Watch Question

Mohamed AbowardaSenior Software Engineer
CERTIFIED EXPERT

Commented:
Create functions that query about member permission and return bool true or false, something like:

isAdmin($id);
isSuperman($id);

Commented:
You need more complicated DB.

Eg: tbl_users, tbl_groups, tbl_user_group

relation between users and groups defined by tbl_user_group

This way, you can manage your user permission on the fly.
I think you need a little less complicated database. You can setup only one column with a single value which is related to a permissions
1 - normal user
2 - admin
3 - superadmin
etc.

Hardcoding it in the database is not entirely possible. Depending on the position on the page, you can check for only one value from the database.
Most Valuable Expert 2011
Author of the Year 2014

Commented:
Have a look at this article and the examples.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

It implements a one-line protection scheme.  All you need to say is

access_control();  // PASSWORD-PROTECT THIS PAGE

Or in the alternative:

if (access_control(TRUE)) { /* CLIENT IS ALREADY LOGGED IN */ }

With a little creativity you might modify that design pattern to use some define() constants that are coordinated with columns in your user table. Then you could have a statement like this:

access_control(USER_ADMIN);

The idea would be that the access_control function would do more than simply test the session "uid" field - it would test the permissions, as well, depending on the parameters passed to access_control().

Does that make sense to you? ~Ray

Author

Commented:
Thank you for the suggestions so far.  I have about 1000 programs for an international company, so I'm a little nervous to hardcode anything in the programs dealing with permissions and whatnot in case they decide to add access to another group.  

What i had in mind was something like dsmile suggeted above:

Eg: tbl_users, tbl_groups, tbl_user_group

relation between users and groups defined by tbl_user_group

This way, you can manage your user permission on the fly.

The only piece that I'm missing is what happens if one user belongs to two or three different groups?

Can I just add them into the tbl_user_group more than once, one instance for each group?

Also the hidden agenda behind this is building a dynamic navigation menu as well -- > that shows only the links that each user group has access to.
Most Valuable Expert 2011
Author of the Year 2014
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.