redbullmarky Posted February 24, 2007 Share Posted February 24, 2007 Hi All I'm tying up the lose ends of a pretty ambitious project, however I'm getting a little bit stuck dealing with permissions. The framework i'm building the site on is very similar to Cake in terms of its MVC structure, if that helps with the answer. Now - in terms of content, I'll just use Articles and Blogs for the example. Both are two totally seperate items, yet what they have in common is a 'created_by' (corresponding to the user id of the author) and a 'publish' flag, to determine whether it's live on the site. I have a simple list of permissions: define('GP_VIEW', 1); // can view content define('GP_ADD', 2); // can add new content define('GP_EDIT_OWN', 4); // can edit, but only if $_SESSION equates to created_by define('GP_DELETE_OWN', ; // can delete own, as above define('GP_EDIT', 16); // can edit any define('GP_DELETE', 32); // can delete any define('GP_ALL', 2047); i have 4 main methods for Articles and Blogs - list, view, edit and delete. at the moment, each of these methods checks permissions individually - e.g, in my edit methods, something similar to: <?php if (!$this->checkPerm(GP_EDIT) && !($this->checkPerm(GP_EDIT_OWN) && $_SESSION['user']['id'] == $article['created_by'])) { echo 'you cant do this' } ?> in my list methods, an article/blog is ONLY listed if a) it's published OR b) it belongs to the current user. My question - this seems a bit of a long winded approach and alot of duplicate code, lots of if's and else's, etc. Does anyone have any other methods they use when dealing with content in a multi-user environment? Would you recommend any ways of embedding a permission system INTO the actual CRUD methods, rather than doing the permission system before calling them? ie, like filters? Cheers Quote Link to comment https://forums.phpfreaks.com/topic/39917-editing-content-and-permissions/ Share on other sites More sharing options...
Nameless12 Posted March 14, 2007 Share Posted March 14, 2007 <?php if (!$this->checkPerm(GP_EDIT) && !($this->checkPerm(GP_EDIT_OWN) && $_SESSION['user']['id'] == $article['created_by'])) { echo 'you cant do this' } ?> so the question is how you can do this in a way that is more programmer friendly??? I recommend making a series of functions so you can do <?php if (!is_admin()) { echo 'you are not an admin'; } ?> or a front controller with the permission system built in, I think a combination of the two works best Ages ago when I was designing a little system I had a permission system where each page had a rank\type\group\owner and groups had admins and moderators the same with types the types were to be used with as well say you have a blog that is one type and a forum is a different type so I could limit administrators to administrate different parts of the site as each ADMIN had a TYPE or a GROUP. The idea was users could have multiple groups and users also had ranks and pages could also have owners. because each page had groups\types\ etc I was able to use a generic set of functions such as is_admin() is_moderator() is_user() is_rank() is_group() is_type() and so on, I don't remember everything off the top of my head I am not sure if this is the kind of thing you are asking about but hopefully it will give you an idea or two. Quote Link to comment https://forums.phpfreaks.com/topic/39917-editing-content-and-permissions/#findComment-207319 Share on other sites More sharing options...
ShogunWarrior Posted March 17, 2007 Share Posted March 17, 2007 I've often used an "authenticated" function that checks authentication. Like if( is_auth( $user, GP_EDIT | GP_DELETE ) ) Then, your function could check the flags passed to see if the user is authenticated. The above can produce a very pluggable system. For instance, inside the is_auth function you could have it call auth_hook which would be an optional function would could override the authentication. This would be useful for instance if you were plugging in to an external product's user database or if you wanted to set up a demo version. Alternatively, Nameless's method is very nice because it is the most simplified and it uses memorable function names. Quote Link to comment https://forums.phpfreaks.com/topic/39917-editing-content-and-permissions/#findComment-209656 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.