Liquid Fire Posted August 4, 2006 Share Posted August 4, 2006 I was thinking a littlw more about how to store user permission and here is another why i though of doing it, let me know if you think it is good?here are my databases:user DATABASE:• id>int>auto-increment>primary key• first_name> varchar(20)• last_name> varchar(20)• age>int• etc...user_permissions DATABASE:• id>int>auto-increment>primary key• user_id>int• permission_type>varchar(30)• permission_value>boolnow basically what i am thinking is that let say I want to know if the edit button on the new piece should be visabel this the current user. i would get the user id for the session and the query the table like this:SELECT permission_value FROM user_permissions WHERE user_id = '$_SESSION['user_id']', permission_type = "edit_news"I would then incert the results i get in a var like $permission_value and the rest of the code for display the edit button would be:if( isset($permission_value) ){ if( permission_value == 1 ) { //code to display edit button } else { //skip code for edit button }}else{ skip code for displaying edit button}this way I only have to store the permisssion the the user has and if they don't have the permission, the query will return nothing and i cna skip the code. Also when a user needs to lose a permison instead of setting the permission_value to 0 i can just, which i will also do, i can jsut delete the entry. the main reason to have the permission value is just a back incase something in my code goes wrong of something, if the value is something othe than 1 i know there is a bug somewhere, and if the delete does not work for some reason i will still set it to 0 even befor ei delete the entry so both things would have to go wrong for it not to work. what do you guys think of this plan? Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted August 4, 2006 Author Share Posted August 4, 2006 i am also thinking of doing the same thing for how to store what users are in what usergroup. Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 4, 2006 Share Posted August 4, 2006 what I do for permissions on my websites, is I only normally have 2 or 3 levelsI create an extra field in the table holding the username and passwordsthis is user_levelEnum values of ("u","m","a")U = User (Low Normal Level)M = Moderator (Mid Level)A = Admin (High Level)Make a not on the top of your log in page, or notes page/*Enum values for user levelu = user....*/I was building a personal website, put it to one side to work on a payed job, came back to it 4 month later and forgot what they were.This is another reason why its good to commentI ended up re-starting the whole site, because I did not make commentsand now, I have been pulled away to work on a payed job again. I will never finish my personal websites Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted August 4, 2006 Author Share Posted August 4, 2006 I guess that would work out ok sor a small website but the application i am currently working on is a web-based Project Management System. So i am going to have alot of permissions to handle because each projet will have a set of ther own permissions ranging from Create task, create bug tracking item, edit task, create project, delete project, etc... so i am just thinking this might be the best way to handle the number of permission i am going to have to deal with. Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 4, 2006 Share Posted August 4, 2006 If you have a number of permissions, another table with that would be bestFor exampleYou have a website where you canAdd CommentsEdit CommentsDelete CommentsMove Comments(An example thats all)You can set up a table with "add_comment" "edit_comment".....as the field names, and the username or IDthen simple enum Y or N Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted August 4, 2006 Author Share Posted August 4, 2006 that si basically the idea here just the i am not going to store permission that users don't have, i guess think it would be easily and a little safer to do it this way Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 4, 2006 Share Posted August 4, 2006 then on page load which requires security check, run the queryStoring the levels in a Session or cookie is bad Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted August 4, 2006 Author Share Posted August 4, 2006 well the thing is one user can have complete control and all permission to do anything to one project but to the rest of the projects he might not have any permissions, not even to see it. There will be a scruity check for every page on the site but your method of permission does not seem good for my project, but thank you for the input, it is what i was looking for Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.