bamse Posted December 17, 2006 Share Posted December 17, 2006 Hi,I’m going to create an advanced user right system for my CMS. First I thought I just could create a table were every field is a user right: example id, title, add_news, edit_news, del_news etc. But I’ve heard this is not that good idea. So I want do this on the best way possible, the quickest, secured and most flexible way! Please link to scripts, tutorials etc or just explain a good method :D.Thanks! :) Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/ Share on other sites More sharing options...
Daniel0 Posted December 17, 2006 Share Posted December 17, 2006 You could have three tables:1. users2. permissions3. user_permissionsThe users table is self-explanatory. The permissions table holds all the different kind of permission flags a user can have and the user_permissions table is the chain between the two other tables. The user_permissions table consists of two fields: uid and pid - user id and permission id, respectively and the two other tables all have an id field as well. Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143162 Share on other sites More sharing options...
trq Posted December 17, 2006 Share Posted December 17, 2006 I base my permissions system on that of Unix. Where every user has a list of groups that they belong to, and every record in my database has an owner, group and permissions.For instance, If a record had the permissions of...[code]owner group permissionsfoo blog_admin -rw-rw-r--[/code]And I [i]thorpe[/i] belonged to the group [i]blog_admin[/i], I would have permissions to read and write (edit) this record. So would user [i]foo[/i] however everyone not in this group could only read the record.I don't actually use the x (execute) permission as yet as I haven't really found a need for it but it is in place anyway.If you want more infomation on how permissions work in Unix (Linux), Id'e suggest you google it. However, unless your used to working with it, the concept might be a little over the top. Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143164 Share on other sites More sharing options...
bamse Posted December 18, 2006 Author Share Posted December 18, 2006 Well, I’m a little unsure. Thorpe, the way you’re doing it, is that fast? Because I feel I have to parse a lot to get the answer, could be just me who’s not thinking straight. The way I wanted to do it in the beginning may be stupid, but isn’t a little faster than the way you’re doing it? I’ve googled a lot after this subject, and I it isn’t much to find. I’m thinking of this syntax when it comes to actually check if the person has access:[CODE]if ($auth->checkAccess('add_news')) { redirect('error_page.html');}[/CODE]PHP will then look for the add_news in the table permissions. That’s something we all agree in? But the way further I’m very curious about.Please come with more suggestions! :)Thank you! Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143304 Share on other sites More sharing options...
utexas_pjm Posted December 18, 2006 Share Posted December 18, 2006 When using a permission system as Thrope suggested you usually represent the permissions internally as a bitstring where 'rw-rw-r--' is represented by '110110100' (base2) or '664'(base8). Anyway, the permissions can be handled efficiently using bitwise operations so no extravagant parsing scheme is necessary. Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143346 Share on other sites More sharing options...
trq Posted December 18, 2006 Share Posted December 18, 2006 As utexas_pjm has stated, internally my permissions class uses bitstrings. Its quick and VERY flexable. Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143375 Share on other sites More sharing options...
Daniel0 Posted December 18, 2006 Share Posted December 18, 2006 Sounds like a good idea thorpe, but I don't think it'll work for everything. Take as an example a forum's "is the group's members an admin?"-permission... how would you define that with the UNIX permission system? Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143421 Share on other sites More sharing options...
utexas_pjm Posted December 18, 2006 Share Posted December 18, 2006 The UNIX-esque permissions exist at a low level. So you are free to bestow these permission on anything, consider the following trivial forum example:[code]ForumPost Abstrct Class - modify() - move() - delete()[/code]...In a db somewhere let ForumPerms be in the form modify|move|delete (keep in mind you can make thse whatever you want, they don't have to be rwx)...[code]Type ForumPermsUser 500Admin 777[/code]Then when you render a forum post you can print the available options like:[code]<?PHP...if (ForumPermsssions::canModify($user)){ // TODO} ... etc?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143548 Share on other sites More sharing options...
Daniel0 Posted December 18, 2006 Share Posted December 18, 2006 Maybe I'm stupid, but what if you wanted >3 privilege flags? Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143569 Share on other sites More sharing options...
utexas_pjm Posted December 18, 2006 Share Posted December 18, 2006 You can use as many flags as you'd like, but it'll make your life easier if you add them in powers of two, i.e., 000 - 111 = 0 - 7 (base 8 / Octal), 0000 - 1111 = 0-F (base 16 / Hex) Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143856 Share on other sites More sharing options...
trq Posted December 18, 2006 Share Posted December 18, 2006 I think it comes down to a way of scalling your permissions. For instance, a forum. Your public forums would all be child records of the [i]publicforum[/i] node. This node would have the perms....root forums -rwxrw-r--Meaning any one belonging to the group [i]forums[/i] could read and write child nodes below this node. When a user creates a node (or thread) its permissions would be....owner forummod -rwxrwxr--Meaning the owner and mods could read and edit this node (thread).Now, if you wanted to setup a mod only forum you would simply make a new perent node (record) [i]modforum[/i] with the permissions of....root forummod -rwxrw----This locks everyone that isn't in the forummod group out of this forum. Any threads within this forum would have the perms....owner forummod -rwxrw----You could just as easily have these threads with the perms....owner forummod -rwxrw-r--and because they are contained within the [i]modforum[/i] tree normal users still couldn't gain read access.This comes in real handy because within the [i]publicforum[/i] mods could also create threads with the perms....owner forummod -rwxrw----amongst normal users threads and normal users can't see them. This way mods could talk about a specific thread within the thread itself without any normal user seeing them.Of course this all comes down to database design.. and in fact the relationship between records. I use nested sets quite extensively. Every record is related to another in a tree like fashion. I don't think this system would be half as scalable without it.The nested sets concepts lets you create allmost a filesystem type hierarchy. some nodes in my tree are just containers (like directorires) created to hold other nodes. Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-143967 Share on other sites More sharing options...
bamse Posted December 19, 2006 Author Share Posted December 19, 2006 Ok. I'm very confused, can someone show me some code? A script, anything? Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-144405 Share on other sites More sharing options...
Daniel0 Posted December 19, 2006 Share Posted December 19, 2006 I think this topic will help out: http://www.phpfreaks.com/forums/index.php/topic,113143.0.html Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-144497 Share on other sites More sharing options...
steelmanronald06 Posted December 19, 2006 Share Posted December 19, 2006 I just used user levels and if their user level matched they could do it Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-144837 Share on other sites More sharing options...
bamse Posted December 20, 2006 Author Share Posted December 20, 2006 Thank you! :) Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-144865 Share on other sites More sharing options...
448191 Posted December 20, 2006 Share Posted December 20, 2006 A simple example that you may find useful:[code]<?phpdefine('READ_RIGHTS',1);define('EDIT_RIGHTS',2);define('MOVE_RIGHTS',4);define('DELETE_RIGHTS',8);//bitvalue 11$perm = READ_RIGHTS | EDIT_RIGHTS | DELETE_RIGHTS;//bitvalue 11 doesn't include bitvalue 4.if($perm & MOVE_RIGHTS){ echo 'Yes, permission to move. ';} else { echo'Permission to move deinied. ';}//bitvalue 11 does include bitvalue 8.if($perm & DELETE_RIGHTS){ echo 'Yes, permission to delete.';} else { echo'Permission to delete deinied. ';}?>[/code]Above $perm could simply be stored in a database as "11", instead of "READ_RIGHTS, EDIT_RIGHTS, DELETE_RIGHTS". See the benefit in that? Quote Link to comment https://forums.phpfreaks.com/topic/31010-create-advanced-user-rights/#findComment-144986 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.