Jump to content

user permissions question/idea


Liquid Fire

Recommended Posts

I was thinking a littlw more about how to store user permission and here is another why i though of doing it, let me know if you think it is good?

here are my databases:
user DATABASE:
• id>int>auto-increment>primary key
• first_name> varchar(20)
• last_name> varchar(20)
• age>int
• etc...

user_permissions DATABASE:
• id>int>auto-increment>primary key
• user_id>int
• permission_type>varchar(30)
• permission_value>bool

now basically what i am thinking is that let say I want to know if the edit button on the new piece should be visabel this the current user.  i would get the user id for the session and the query the table like this:

SELECT permission_value FROM user_permissions WHERE user_id = '$_SESSION['user_id']', permission_type = "edit_news"

I would then incert the results i get in a var like $permission_value and the rest of the code for display the edit button would be:

if( isset($permission_value) )
{
    if( permission_value == 1 )
    {
          //code to display edit button
    }
    else
    {
          //skip code for edit button
    }
}
else
{
    skip code for displaying edit button
}

this way I only have to store the permisssion the the user has and if they don't have the permission, the query will return nothing and i cna skip the code.  Also when a user needs to lose a permison instead of setting the permission_value to 0 i can just, which i will also do, i can jsut delete the entry.  the main reason to have the permission value is just a back incase something in my code goes wrong of something, if the value is something othe than 1 i know there is a bug somewhere, and if the delete does not work for some reason i will still set it to 0 even befor ei delete the entry so both things would have to go wrong for it not to work.  what do you guys think of this plan?
Link to comment
Share on other sites

what I do for permissions on my websites, is I only normally have 2 or 3 levels
I create an extra field in the table holding the username and passwords
this is user_level
Enum values of ("u","m","a")
U = User (Low Normal Level)
M = Moderator (Mid Level)
A = Admin (High Level)

Make a not on the top of your log in page, or notes page
/*
Enum values for user level
u = user....
*/

I was building a personal website, put it to one side to work on a payed job, came back to it 4 month later and forgot what they were.
This is another reason why its good to comment
I ended up re-starting the whole site, because I did not make comments
and now, I have been pulled away to work on a payed job again. I will never finish my personal websites
Link to comment
Share on other sites

I guess that would work out ok sor a small website but the application i am currently working on is a web-based Project Management System.  So i am going to have alot of permissions to handle because each projet will have a set of ther own permissions ranging from Create task, create bug tracking item, edit task, create project, delete project, etc... so i am just thinking this might be the best way to handle the number of permission i am going to have to deal with.
Link to comment
Share on other sites

If you have a number of permissions, another table with that would be best
For example
You have a website where you can
Add Comments
Edit Comments
Delete Comments
Move Comments
(An example thats all)
You can set up a table with "add_comment" "edit_comment".....
as the field names, and the username or ID
then simple enum Y or N
Link to comment
Share on other sites

well the thing is one user can have complete control and all permission to do anything to one project but to the rest of the projects he might not have any permissions, not even to see it.  There will be a scruity check for every page on the site but your method of permission does not seem good for my project, but thank you for the input, it is what i was looking for
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.