Jump to content

Tring to Build Flexible Permission System, Need Input


Liquid Fire

Recommended Posts

I am currently trying to build a very flexible user permission system that i hope i am use as the base of all my future projects and this is the way i am planning on doing it.  There are 4 permission types(create, read, update, delete), i can't think of anything else than those 4.  The core of the permissions system is going to be modules and module could be anything.  For instance i could have a cms module and i can also have a news module that is located within the cms.  So in that example the user would need read access to the cms and news module to view the news section of the cms.  They would need read access to both the cms and news and also create access to the news module(not the cms module).  The permissions would be stored in an array and only loaded on the initial login and if the user flush_permissions field is set to 1(so i don't load permissions very time and there could be a lot).  Then in the code to check permission all you do is(this is want would happen with the create button for the news module that is in the cms:

 

<?php
//note i don't have a check to see if they can read the cms and that would have been done before the page load
if($user->has_permission('news', 'create'))
{
echo '<a href="">Create News Article</a>';
}
?>

 

Does this system seem very flexible?  Do you think there would be to much overhead? any other comments, suggestions, and ideas for me?

Link to comment
Share on other sites

Yes, it is flexible. But you should use roles for better organization.

 

The permissions would be stored in an array and only loaded on the initial login

 

Yes, perfect. I have stored procedure for that purpose:

 

CREATE PROCEDURE `user_login`
        (lUserName VARCHAR(40), lHash VARCHAR(40))
  BEGIN
  DECLARE userID INT DEFAULT 0;
  SELECT id INTO userID FROM users
    WHERE nick=lUserName AND hash=lHash;
  IF (userID) THEN
    SELECT r.component, r.right_name, ar.type_of_access
      FROM rights r INNER JOIN assigned_rights ar
        ON (r.id = ar.id_right)
      WHERE ar.id_group_user IN
        (userID, (SELECT id_group FROM user_groups
           WHERE id_user = userID));
  ELSE
    SELECT id FROM users LIMIT 0;
  END IF;
END

 

And permission check looks like:

 

public function HasPermission($component, $permission) {
  if (isset($this->rights[$component][$permission][‘d’])
    return false;
  else
    return isset($this->rights[$component][$permission][‘a’]);
}

 

This way you can have 'deny' and 'allow' permissions.

Link to comment
Share on other sites

Yes, it is flexible. But you should use roles for better organization.

 

I am not sure what you mean by roles but what i might have that is the same thing is user groups.  So basically user groups can have any number of permissions so for example let say i have 3 user groups, admins, content_managers, members.  The admins user group has all permissions for all modules, the content_managers user group has all the permissions for the cms and the members user group has has all permissions for members only stuff.  So a user signs up and he is added to the members user group which all the members user groups's permission are added to tha tusers permission.  Let say a bit down the road i add that same user to the content_managers user group which now all content_manager user group's permission have been added to the user.  Lets say down the road i remove that user from the content_managers user group which would then in turn remove all those permissions from the user.  Is this what you are talking about whne you say roles?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.