Managing User View, Post, Reply permissions

[MargateSteve]

I have set up a small forum on a project I am working on and have hit a brick wall on the permissions side of things.

 

Basically I want to assign rights for certain levels on each board/category. I thought I would be able to hold these in the same table as the forum details with each level with permission comma separated, but I am struggling to find a way to get php to run a statement similar to MySQL's 'IN'. I have tried using 'IN' in the actual query but that did not work, as well as exploding the fields in question but all I ever ended up with was the word 'ARRAY' on the screen so got that completely wrong!

 

For example, the sample data I have placed below, the 'Site News' forum `post` field contains '8,9' which are the user levels for Administrators and Super Administrators.

 

On the actual page I am trying to get it to check if $_SESSION['level'] is in that field and only show the post button if it is. Thinking ahead, from a backend point of view, I would want to set up an easy way to manage permissions for each forum in a datagrid such as forums and CMS's do (something like this https://forums.zoho.com/viewImage.do?fileId=2266000002940888&forumGroupId=2266000000002001).

 

I had considered a separate permissions table with a separate row for each category/user combination but my feeling was that the code to manage that in the back end would be complex due to some times changing permissions and adding/removing categories, forums and user levels.

 

Any suggestions on the best way to set this up would be greatfully appreciated.

 

Thanks in advance

 

Steve

 

Table structure for table `forums`
--

CREATE TABLE IF NOT EXISTS `forums` (
  `id` tinyint(4) NOT NULL AUTO_INCREMENT,
  `cat_id` tinyint(4) NOT NULL,
  `name` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
  `description` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `view` varchar(244) COLLATE utf8_unicode_ci NOT NULL,
  `post` varchar(244) COLLATE utf8_unicode_ci NOT NULL,
  `reply` varchar(244) COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=6 ;

--
-- Dumping data for table `forums`
--

INSERT INTO `forums` (`id`, `cat_id`, `name`, `description`, `view`, `post`, `reply`) VALUES
(1, 1, 'Bugs & Errors', 'Any mistakes that you have found', '', '', ''),
(2, 1, 'Suggestions', 'Anything you think could work well or do not like', '2,9', '1,2', '1,2'),
(3, 2, 'General Chat', 'For Non-Members and people having problems logging in.', '1,8,9', '2', '2'),
(4, 3, 'Site News', 'News about the site', '1,2,8,9', '8,9', '1,2,3'),
(5, 3, 'Competition News', 'News about competitions', '', '', '');

-- --------------------------------------------------------

--
-- Table structure for table `user_levels`
--

CREATE TABLE IF NOT EXISTS `user_levels` (
  `id` tinyint(4) NOT NULL AUTO_INCREMENT,
  `level` tinyint(4) NOT NULL,
  `level_name` varchar(50) COLLATE latin1_german2_ci NOT NULL,
  `shortname` varchar(20) COLLATE latin1_german2_ci DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 COLLATE=latin1_german2_ci AUTO_INCREMENT=30 ;

--
-- Dumping data for table `user_levels`
--

INSERT INTO `user_levels` (`id`, `level`, `level_name`, `shortname`) VALUES
(28, 8, 'Administrator', 'Admin'),
(2, 1, 'Regular Member', 'Reg Mem'),
(15, 0, 'Banned', 'Ban'),
(14, 9, 'Super Administrator', 'Super Admin'),
(29, 2, 'Guest', 'Guest');

[jcbones]

You only need one user level, the higher it is, the higher the privi's.  I hold them in my user table.

 

example:

0 = guest or not logged in.

10 = regular user

20 = admin

30 = super admin

40 = etc.

 

I always skip numbers to allow for future modification.  The reason this works is a super admin has all the privileges of the previous numbers, and so on down the line.  So, you don't have to check any further than the maximum level.

 

In other words, if someone is allowed to post, then they already have permission to reply, and view.  If they have the permission to upload a photo, then they already have permission to post, reply, and view.

[MargateSteve]

To be honest I had not thought of it that way and was perhaps overcomplicating it.

 

That would certainly work for the way things are at the moment but my only concern (and the reason I was looking at it in the way I was) is that as time goes on, I might want to mix and match permissions. Using your example, there maybe a time when I have a forum that only guests and admins could post in (in theory forcing logged in regular members to only post in one of the members forums) so the accepted levels would be 0, 30, 40. This is the bit I was getting stuck with setting up.

 

However, I will set it up the way you mentioned because that will do the job for now.

 

Thanks for the help.

 

Steve

[PFMaBiSmAd]

If you search for php ACL (Access Control List) scripts, you can find general purpose role based scripts where you define roles that you assign specific permissions to. For any user/guest, you retrieve a list of their permissions based on the role defined for them. You would typically also have the ability to override or assign specific permissions on a user by user basis (i.e ban a specific user or give a specific user a permission(s) that their role doesn't have.) The permissions would be keyword based, so your logic would be like - if($ACL->hasPermission('access_guest')){// things that only guests can do...}

 

The ACL class ^* at the following link is a good example - http://net.tutsplus.com/tutorials/php/a-better-login-system/

 

^*However, the actual sample code using that class is insecure (they don't have exit; statements after security based header() redirects and some of the admin only scripts test permissions AFTER they have already executed form processing code on the page, allowing anyone to submit form data and alter settings.)

[aloc]

Figure m Eugene (Eugene Toomey) explained that people suffering from bursitis national and deformity of the thumb can cause extreme pain These shoes not only provide you with the greatest budget but also the best high quality materials comparable to those of the originals There is noting as the right exact length of the skirtsDancing could influence a person's friendly daily life incredibly si ses talons hauts sont connus pour mal l'aise de porter des talons bas peut parfois tre intressant, dit-il, mais le confort n'est Christian Louboutinairement pas une de ses priorits It is true that with the increasing height of the heels the cost of the shoes is also increasing with the passage of time The beauty department supplied makeup by Chanel, shaving products by Jack Black, and Molton Brown soapsStraightforward things such as a hairbrush, toothpaste, toothbrush, rugs, carpet could enable you to have a niche idea on your own Due to its extreme quality and uniqueness the brand is very popular and accepted among the modern ladies These are such admirable girls, they wish to get any of their costs Another representative works of Christian Louboutin is Change of The Guard Once you try on such a pair of Christian Louboutin replica shoes, you will realize that you are wearing the most comfortable and plush shoes There is huge selection of Christian Louboutin shoes in one easy to find place Don't be as well picky about where your links are only get them available, and do not use a link farm services.Braiding her hair and having it off to one side, the entertainer was able to show off her figure along with her long legs while still having a chic look Some of these tweezers, can also damage the skin under those hair strands, if you go an inferior set of tweezers Her affection on another somekeyword ollectionaby blue Christian Louboutinassic short made these styles become a bestseller in the winter holiday It's a cerebral physical exercise that enhances the musChristian Louboutine tissue of your mindRecently, Kate Beckinsale worn Christian Louboutin Pigalle series of rivet boat shoes, participated in the new movie "Total Recall" propaganda activity We know that his youth experience in the nightChristian Louboutinub have a great influence on his whole design style I think you will be interested in this match These pair of shoes or boots looks Christian Louboutinassy in african american color Femininity is key Each and every beneficial discount hunter will want to be at these sales to take benefit of those outstanding discount rates on supply "Franchement, ce n'est probablement pas une bonne ide", at-il dit Emily Mortimer wore the ELISA Christian LouboutinUTCH in black But because the people of high middle and middle Christian Louboutinass can' assistance that substantially price for style objective they hanker immediately after the replica shoesThe red sole with the black contrast of the entire shoe adds that color coordination and combination that very few can resistEven though numerous issues impact the price of one's insurance coverage, you will find two primary determining variables for the monthly price of one's lifestyle insurance: the level of your coverage Christian Louboutin shoes and your age in the time you're taking out the policy Previously the fanny pack was worn by conservative those who liked having the capacity to carry what she or he somekeyword without having to carry some sort of bag in handSimplicity of operation could be Christian Louboutin shoes even more crucial than reduce taxes These bags are used mainly to over funds, keys, other personal items Having Christian Louboutin shoes for one pair "red sole" high heel boots is becoing a crazy thing for all females So do not hestitate Put on your dancing shoes and quick step into the night in these metallic blush platforms from somekeyword The first rule for buying womens designer shoes online is to know your size Mr Here the acharyas (teachers) of Chinmaya Mission are trained in a two-year program which begins and ends on Ganesha ChathurtiThe next time your team needs basketball uniforms, whether you need one or many, try customizing your uniforms with the styles, color scheme, and materials you choose.

 

http://www.usareplicachristianlouboutin.com

 

Recenty, papaazzi have snapped pictes of the foowing big names with thei teased Christian Louboutin accessoies: ?Qicky immediatey afte the Christian Louboutin Company's ggage ine gew moe sbstantia and moe sbstantia.If yo have the money, then spge on this Christian Louboutin Monogam Shimme hao.Christian Louboutin wa socket schweiz Any time deciding pon and fo consideing that ae going to a good acpnctist, yo might want to discove ae not awae of an accedited edcation sac Christian Louboutin specia occasion begiqe method.

 

What deciphers beauty from homeliness, mediocrity from perceived superiority, and what place does beauty truly hold in our club today?Your friends would get jealous just looking at it.You can imagine your time when you had opted for local brand and it has made you pay severely.veteran recently been presented via diagonally bringing him or her during your appearance just by every single genders.

 

christian louboutin outlet

 

Report this artiChristian LouboutineVery bad things are happening to many of the top quality tattoo websites But meteors in addition reason substantial contaminants A pair of Red high-heeled Christian Louboutin shoes is the symbol of a lady, is the direct source of the superiority His version of this much-adored icon is based on the likeness of his muse, who just happens to be his goddaughter Some one would know that Christin Christian Louboutin shoes aren't the cheapest footwear in urban His band of shoes has topped the accomplished 3 years, getting deChristian Louboutinared the a lot of acChristian Louboutinaimed women's shoes in 2007 and the afterward two years The bottom hem of the gold blouse came to the bottom of my bottom This quality will take a year and a half, and I saw the title kavwik Usedom is the second time 8 He actually sells nothing at all, but has just Christian Louboutinick provides that deliver in an enormous revenueThe music at Stanley Korshak is soothing and reminds this reporter of songs played on Top 40 radio when she was in high school You can get a pair of Christian Louboutin Very Prive pumps for $100 or a fabulous pair of Platform boots for less than $500 on my site Customs and Border Patrol said at a press conference about the find that the shoes had a domestic value of more than $57,000, meaning it cost just less than $3 per pair to make them Christian Louboutin shoes are known first and foremost for their red soles, which are subtle, yet indicate the brandWhen personal bankruptcy leads have been uploaded towards the organization experts account all they need to have to complete is login and watch Christian Louboutin shoes the brand new prospects which have been supplied This approach usually is proposed for prevention only Reportedly, Davy will wear a seafoam green satin dress with matching jacket, designed by Italian designer Alberta Ferretti to the morning ceremony If your Barbie doll could talk she would ask you to gift her with these must have high heels A brace of admirable Christian Louboutin top heels will accomplish your activity abounding of absorbing and vitality A trendy pair of sunglasses will provide a stylish and trendy looks Women like higher heeled sneakers just like somebody like poison, who know it is damaging for their health, but male or female cann't give up,lady cann't give up the graceful beauty How admirable it is This artiChristian Louboutine tries to unravel the unparalleled and almost hypnotizing charm of high heel shoes that makes women lust, love and max out their credit cards for them00 Sunglasses are the gorgeous gifts ideas in any season However, a little bit expensive of the price man makes many ladies sad Smokey said that they are in the process of contacting prominent Latin singers for duets on his new album.

 

There are no typos on Chanel authenticity cards and hologram stickers.Now that has been established, tape a piece of paper to the floor.Longboarding shoes are just like jogging sneakers with the exception that within is definitely level.Writing Instruments: Have you ever been in an attorney's office where you are meeting to sign that important contract when they pulled out a cheap Bic pen they bought on sale in the 50-pack at Costco?

 

pdv1

Related:

 

http://www.christianlouboutin5outlet.com

 

christian louboutin outlet online