PHP/MySQL Permission Schema advice
I have a table that contains is laid out as so:
employee id superman admin management etc etc
Where each column is a permission set. The values are either 0 or 1.
What I've been doing is in each program is the following:
if ($Superman == 1 || $Admin == 1)
{
//Run the program
}
else
{
die ("Not allowed);
}
What I'm wondering is how can I implement this better so I can handle all permissions and programs in the database table rather than hardcoding it in the database.
The only piece that is confusing to me is that one user may belong to three or four different groups.
employee id superman admin management etc etc
Where each column is a permission set. The values are either 0 or 1.
What I've been doing is in each program is the following:
if ($Superman == 1 || $Admin == 1)
{
//Run the program
}
else
{
die ("Not allowed);
}
What I'm wondering is how can I implement this better so I can handle all permissions and programs in the database table rather than hardcoding it in the database.
The only piece that is confusing to me is that one user may belong to three or four different groups.
You need more complicated DB.
Eg: tbl_users, tbl_groups, tbl_user_group
relation between users and groups defined by tbl_user_group
This way, you can manage your user permission on the fly.
Eg: tbl_users, tbl_groups, tbl_user_group
relation between users and groups defined by tbl_user_group
This way, you can manage your user permission on the fly.
I think you need a little less complicated database. You can setup only one column with a single value which is related to a permissions
1 - normal user
2 - admin
3 - superadmin
etc.
Hardcoding it in the database is not entirely possible. Depending on the position on the page, you can check for only one value from the database.
1 - normal user
2 - admin
3 - superadmin
etc.
Hardcoding it in the database is not entirely possible. Depending on the position on the page, you can check for only one value from the database.
Have a look at this article and the examples.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
It implements a one-line protection scheme. All you need to say is
access_control(); // PASSWORD-PROTECT THIS PAGE
Or in the alternative:
if (access_control(TRUE)) { /* CLIENT IS ALREADY LOGGED IN */ }
With a little creativity you might modify that design pattern to use some define() constants that are coordinated with columns in your user table. Then you could have a statement like this:
access_control(USER_ADMIN)
The idea would be that the access_control function would do more than simply test the session "uid" field - it would test the permissions, as well, depending on the parameters passed to access_control().
Does that make sense to you? ~Ray
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
It implements a one-line protection scheme. All you need to say is
access_control(); // PASSWORD-PROTECT THIS PAGE
Or in the alternative:
if (access_control(TRUE)) { /* CLIENT IS ALREADY LOGGED IN */ }
With a little creativity you might modify that design pattern to use some define() constants that are coordinated with columns in your user table. Then you could have a statement like this:
access_control(USER_ADMIN)
The idea would be that the access_control function would do more than simply test the session "uid" field - it would test the permissions, as well, depending on the parameters passed to access_control().
Does that make sense to you? ~Ray
ASKER
Thank you for the suggestions so far. I have about 1000 programs for an international company, so I'm a little nervous to hardcode anything in the programs dealing with permissions and whatnot in case they decide to add access to another group.
What i had in mind was something like dsmile suggeted above:
Eg: tbl_users, tbl_groups, tbl_user_group
relation between users and groups defined by tbl_user_group
This way, you can manage your user permission on the fly.
The only piece that I'm missing is what happens if one user belongs to two or three different groups?
Can I just add them into the tbl_user_group more than once, one instance for each group?
Also the hidden agenda behind this is building a dynamic navigation menu as well -- > that shows only the links that each user group has access to.
What i had in mind was something like dsmile suggeted above:
Eg: tbl_users, tbl_groups, tbl_user_group
relation between users and groups defined by tbl_user_group
This way, you can manage your user permission on the fly.
The only piece that I'm missing is what happens if one user belongs to two or three different groups?
Can I just add them into the tbl_user_group more than once, one instance for each group?
Also the hidden agenda behind this is building a dynamic navigation menu as well -- > that shows only the links that each user group has access to.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
isAdmin($id);
isSuperman($id);