User Roles

[mikebrowntsbod]

I want to only show links based on user rule

 

i have a user table and a group table and then a usergroup table. The usergroup table has the userid and the group id. What is the best to do this to show only certain links based on role.  I was thinking of getting the results and putting them in an array and see if the necessary value is in the array. 

 

Thoughts?

[requinix]

That's a fairly standard way of doing it.

$this->groups = $this->db->selectColumn("
	SELECT group.name FROM group
	JOIN usergroup ON group.id = usergroup.group_id
	WHERE usergroup.user_id = $userID
");

public function isInGroup($name) {
	return in_array($name, $this->groups);
}

if ($user->isInGroup("admin")) {

More sophisticated is checking privileges: not what group the user is in but what permissions their group membership(s) grant them.

[mikebrowntsbod]

That's a fairly standard way of doing it.

$this->groups = $this->db->selectColumn("
	SELECT group.name FROM group
	JOIN usergroup ON group.id = usergroup.group_id
	WHERE usergroup.user_id = $userID
");

public function isInGroup($name) {
	return in_array($name, $this->groups);
}

if ($user->isInGroup("admin")) {

More sophisticated is checking privileges: not what group the user is in but what permissions their group membership(s) grant them.

 

 

Thank you. I am just starting that and only need to restrict based on group not in more detail of permissions. I will get some code together and send it to you guys to see what you think.

[mikebrowntsbod]

Here is my code

<?php

try {
    include_once('./includes/dbconnect.php');
    $userRoleSearch = $db_con->prepare("SELECT ug.userGroupName FROM members m 
INNER JOIN userRoleGroups urg ON urg.userid = m.userid 
INNER JOIN userGroups ug ON ug.userGroupID = urg.userGroup_id WHERE m.username=:username");
    $userRoleSearch->bindParam(':username', $_SESSION['username']);
    $userRoleSearch->execute();
}

catch (PDOException $ex) {
    // Note: On a production website, you should not output $ex->getMessage().
    // It may provide an attacker with helpful information about your code. 
    die("Failed to run query: " . $ex->getMessage());
}

$row = $userRoleSearch->fetch();
if ($row['userGroupName'] == 'ADMIN') {
    echo "In Admin Group <br />";
} elseif ($row['userGroupName'] == 'ARCH') {
    echo "In Architecture Group <br />";
} else {
    echo "You are not in any groups";
}
?>

[benanamen]

Dont litter your code with Try/Catch blocks. Php is perfectly capable of handling errors on its own. Learn about set_exemption_handler.

 

You can search this forum for detailed info on Try/Catch and set_exemption_handler. Several good posts by @Jaques1 about it.

 

You should really be using the ID's of the userGroupName and not the description text. If you change the names in the DB you will have to go through all your code and make additional changes. Using the ID's you would only have the change the DB text.

[mikebrowntsbod]

Dont litter your code with Try/Catch blocks. Php is perfectly capable of handling errors on its own. Learn about set_exemption_handler.

 

You can search this forum for detailed info on Try/Catch and set_exemption_handler. Several good posts by @Jaques1 about it.

 

You should really be using the ID's of the userGroupName and not the description text. If you change the names in the DB you will have to go through all your code and make additional changes. Using the ID's you would only have the change the DB text.

 

Thanks. I will make that change this evening. My current issue is that this user is in ADMIN and ARCH but when the code runs it only says he is in ADMIN. What am I missing, I know it has to be something simple

[requinix]

That would mean the query returns multiple rows, right? You're only fetching one.

[mikebrowntsbod]

 

 <?php
		include_once ('./includes/dbconnect.php');
		$userRoleSearch=$db_con->prepare("SELECT * FROM members m 
			INNER JOIN userRoleGroups urg ON urg.userid = m.userid 
			INNER JOIN userGroups ug ON ug.userGroupID = urg.userGroup_id WHERE m.username=:username");
        		
        	$userRoleSearch->bindParam(':username', $_SESSION['username']);
        	$userRoleSearch->execute();
	  
	  	$row = $userRoleSearch->fetch();
	  	if ( $row['userGroupID'] == '1' )
		{
			echo "In Admin Group <br />";	
		}
	  	elseif ( $row['userGroupID'] == '2' )
		{
			echo "In Architecture Group <br />";
		}
	  	else
		{
			echo "You are not in any groups";
		}
?>

 

It is still only stating that he is in ADMIN and not in ARCH.

[mikebrowntsbod]

That would mean the query returns multiple rows, right? You're only fetching one.

 

requinix then i would have to do a for or a while loop. Which one would you recommend?

[Barand]

... or a foreach()

 

EG

 

$results = $db->execute();
foreach ($results as $row) {
    // process row
}

[mikebrowntsbod]

Here is my new code. Nothing is printing out. What am I missing.

 

 

      <?php
        include_once ('./includes/dbconnect.php');
        $userRoleSearch=$db_con->prepare("SELECT * FROM members m
            INNER JOIN userRoleGroups urg ON urg.userid = m.userid
            INNER JOIN userGroups ug ON ug.userGroupID = urg.userGroup_id WHERE m.username=:username");
                
            $userRoleSearch->bindParam(':username', $_SESSION['username']);
            $userRoleSearch->execute();
        foreach ($$userRoleSearch as $row)
        {
            print $row["userGroupID"] . "-" . $row["userGroupName"] . "<br />";    
        }    
?>

[Barand]

You should be using foreach() on a result from the execute. Disregard

[mikebrowntsbod]

I found the issue. I had a double & but I had to wait for the git pull to run.