How do I implement group users with differnet permissions using mysql and php

Hi I am current working on a project as part of my study and I have to design a mySQL database for a high school P.E department, where there will be three user groups the students teachers and the administrator. The administrator needs to be able to grant the students of a certain form class permission for about an hour when they need to enter fitness results.

I am not really sure how I would go about implementing this so any help would be very much appreciated.
stumpbossAsked:
Who is Participating?
 
Roger BaklundConnect With a Mentor Commented:
Not sure if I understand the question, but will describe some options for application privilege systems.

From your description, it seems you could hardcode the security in your application, which is a lot easier than creating a dynamic privilege system. It would be something like this:

You need a user table with username/password etc and a role: student, teacher or admin. This could be an ENUM field in the table:

create user (
  ...
  role enum('student','teacher','admin') not null default 'student',
  ...
  );

Open in new window


You need a login mechanism, and when a user is logged in, you know what role that user have by reading the user record. Something like this:

if(!isset($_SESSION['userid'])) RedirectToLogin();
$user = GetUser($_SESSION['userid']);
if(!$user) {
  AdminEmail('Invalid userid in session: '.$_SESSION['userid']);
  RedirectToLogin();
}
if($user->role == 'admin') {
   # admin functionallity goes here
}
if($user->role == 'teacher') {
   # teacher functionallity goes here
}
if($user->role == 'student') {
   # student functionallity goes here
}

Open in new window


This should solve what you describe, but it would be problematic to add other roles later, like "janitor" or "secretary" or "moderator" or whatever, you would need to review all existing code to implement the new roles.

An alternative that would give you a bit more flexibillity, would be to use a numeric code for the role:

create user (
  ...
  role tinyint not null default 10,
  ...
  );

Open in new window


Then you would define the roles in your application, for instance:

define('AdminLevel',1);
define('TeacherLevel',5);
define('StudentLevel',10);

Open in new window


...and you could "group" roles:

if($user->role <= TeacherLevel) {  # admins & teachers
}

if($user->role >= TeacherLevel) {  # teachers & students
}

Open in new window


...and you can add new roles "between" existing roles, so that they are automatically included in old code with tests like above (i.e. using >= and <=, not ==).

For a full blown application privilege system, you would need DB tables for users, groups and privileges, plus some tables to bind those entities to each other: user_groups, user_privs and group_privs is typical. You would also need an allow/deny mechanism with very clear rules, and possibly a "importance" property to weight different rules. A typical issue is when a user is a member of two groups, one group has a privilege and the other group is denied the same privilege... is the user allowed or denied?

I won't go into more detail about this until I know more about what you need.
0
 
djsharmaTechnical ConsultantCommented:
0
 
stumpbossAuthor Commented:
Hey sorry about the slow response I've been away on business.

Thanks for your solution it has given me excellent insight into how to go about it
0
All Courses

From novice to tech pro — start learning today.