Liquid Fire Posted October 30, 2008 Share Posted October 30, 2008 I am currently trying to build a very flexible user permission system that i hope i am use as the base of all my future projects and this is the way i am planning on doing it. There are 4 permission types(create, read, update, delete), i can't think of anything else than those 4. The core of the permissions system is going to be modules and module could be anything. For instance i could have a cms module and i can also have a news module that is located within the cms. So in that example the user would need read access to the cms and news module to view the news section of the cms. They would need read access to both the cms and news and also create access to the news module(not the cms module). The permissions would be stored in an array and only loaded on the initial login and if the user flush_permissions field is set to 1(so i don't load permissions very time and there could be a lot). Then in the code to check permission all you do is(this is want would happen with the create button for the news module that is in the cms: <?php //note i don't have a check to see if they can read the cms and that would have been done before the page load if($user->has_permission('news', 'create')) { echo '<a href="">Create News Article</a>'; } ?> Does this system seem very flexible? Do you think there would be to much overhead? any other comments, suggestions, and ideas for me? Quote Link to comment Share on other sites More sharing options...
Mastodont Posted October 30, 2008 Share Posted October 30, 2008 Yes, it is flexible. But you should use roles for better organization. The permissions would be stored in an array and only loaded on the initial login Yes, perfect. I have stored procedure for that purpose: CREATE PROCEDURE `user_login` (lUserName VARCHAR(40), lHash VARCHAR(40)) BEGIN DECLARE userID INT DEFAULT 0; SELECT id INTO userID FROM users WHERE nick=lUserName AND hash=lHash; IF (userID) THEN SELECT r.component, r.right_name, ar.type_of_access FROM rights r INNER JOIN assigned_rights ar ON (r.id = ar.id_right) WHERE ar.id_group_user IN (userID, (SELECT id_group FROM user_groups WHERE id_user = userID)); ELSE SELECT id FROM users LIMIT 0; END IF; END And permission check looks like: public function HasPermission($component, $permission) { if (isset($this->rights[$component][$permission][‘d’]) return false; else return isset($this->rights[$component][$permission][‘a’]); } This way you can have 'deny' and 'allow' permissions. Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted October 30, 2008 Author Share Posted October 30, 2008 Yes, it is flexible. But you should use roles for better organization. I am not sure what you mean by roles but what i might have that is the same thing is user groups. So basically user groups can have any number of permissions so for example let say i have 3 user groups, admins, content_managers, members. The admins user group has all permissions for all modules, the content_managers user group has all the permissions for the cms and the members user group has has all permissions for members only stuff. So a user signs up and he is added to the members user group which all the members user groups's permission are added to tha tusers permission. Let say a bit down the road i add that same user to the content_managers user group which now all content_manager user group's permission have been added to the user. Lets say down the road i remove that user from the content_managers user group which would then in turn remove all those permissions from the user. Is this what you are talking about whne you say roles? Quote Link to comment Share on other sites More sharing options...
Mastodont Posted October 30, 2008 Share Posted October 30, 2008 Yes, sorry for confusion. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.