Jump to content


Photo

user permissions question/idea


  • Please log in to reply
7 replies to this topic

#1 Liquid Fire

Liquid Fire
  • Members
  • PipPipPip
  • Advanced Member
  • 806 posts

Posted 04 August 2006 - 11:45 AM

I was thinking a littlw more about how to store user permission and here is another why i though of doing it, let me know if you think it is good?

here are my databases:
user DATABASE:
• id>int>auto-increment>primary key
• first_name> varchar(20)
• last_name> varchar(20)
• age>int
• etc...

user_permissions DATABASE:
• id>int>auto-increment>primary key
• user_id>int
• permission_type>varchar(30)
• permission_value>bool

now basically what i am thinking is that let say I want to know if the edit button on the new piece should be visabel this the current user.  i would get the user id for the session and the query the table like this:

SELECT permission_value FROM user_permissions WHERE user_id = '$_SESSION['user_id']', permission_type = "edit_news"

I would then incert the results i get in a var like $permission_value and the rest of the code for display the edit button would be:

if( isset($permission_value) )
{
    if( permission_value == 1 )
    {
          //code to display edit button
    }
    else
    {
          //skip code for edit button
    }
}
else
{
    skip code for displaying edit button
}

this way I only have to store the permisssion the the user has and if they don't have the permission, the query will return nothing and i cna skip the code.  Also when a user needs to lose a permison instead of setting the permission_value to 0 i can just, which i will also do, i can jsut delete the entry.  the main reason to have the permission value is just a back incase something in my code goes wrong of something, if the value is something othe than 1 i know there is a bug somewhere, and if the delete does not work for some reason i will still set it to 0 even befor ei delete the entry so both things would have to go wrong for it not to work.  what do you guys think of this plan?

#2 Liquid Fire

Liquid Fire
  • Members
  • PipPipPip
  • Advanced Member
  • 806 posts

Posted 04 August 2006 - 11:48 AM

i am also thinking of doing the same thing for how to store what users are in what usergroup.

#3 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 04 August 2006 - 11:57 AM

what I do for permissions on my websites, is I only normally have 2 or 3 levels
I create an extra field in the table holding the username and passwords
this is user_level
Enum values of ("u","m","a")
U = User (Low Normal Level)
M = Moderator (Mid Level)
A = Admin (High Level)

Make a not on the top of your log in page, or notes page
/*
Enum values for user level
u = user....
*/

I was building a personal website, put it to one side to work on a payed job, came back to it 4 month later and forgot what they were.
This is another reason why its good to comment
I ended up re-starting the whole site, because I did not make comments
and now, I have been pulled away to work on a payed job again. I will never finish my personal websites
Tell me the problem, I will try tell you the solution

#4 Liquid Fire

Liquid Fire
  • Members
  • PipPipPip
  • Advanced Member
  • 806 posts

Posted 04 August 2006 - 12:09 PM

I guess that would work out ok sor a small website but the application i am currently working on is a web-based Project Management System.  So i am going to have alot of permissions to handle because each projet will have a set of ther own permissions ranging from Create task, create bug tracking item, edit task, create project, delete project, etc... so i am just thinking this might be the best way to handle the number of permission i am going to have to deal with.

#5 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 04 August 2006 - 12:16 PM

If you have a number of permissions, another table with that would be best
For example
You have a website where you can
Add Comments
Edit Comments
Delete Comments
Move Comments
(An example thats all)
You can set up a table with "add_comment" "edit_comment".....
as the field names, and the username or ID
then simple enum Y or N
Tell me the problem, I will try tell you the solution

#6 Liquid Fire

Liquid Fire
  • Members
  • PipPipPip
  • Advanced Member
  • 806 posts

Posted 04 August 2006 - 12:22 PM

that si basically the idea here just the i am not going to store permission that users don't have, i guess think it would be easily and a little safer to do it this way

#7 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 04 August 2006 - 12:50 PM

then on page load which requires security check, run the query
Storing the levels in a Session or cookie is bad
Tell me the problem, I will try tell you the solution

#8 Liquid Fire

Liquid Fire
  • Members
  • PipPipPip
  • Advanced Member
  • 806 posts

Posted 04 August 2006 - 01:19 PM

well the thing is one user can have complete control and all permission to do anything to one project but to the rest of the projects he might not have any permissions, not even to see it.  There will be a scruity check for every page on the site but your method of permission does not seem good for my project, but thank you for the input, it is what i was looking for




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users