Admin / User

[Kemik]

Hello all,

 

My current admin and user system works off of numbers. E.g. Guests = 0, Logged in users = 1, Admin = 9.

 

I'm currently designing a league script and need to think of another way to "rank people". Each team in the league has at least one "leader". The leaders get more access compared to the normal team players, think of it like admins have more access than users.

 

However, both team players and team leaders are not site admins and a leader for one team should not be able to edit someone elses team.

 

How do you think I could possibly do this, keeping the system secure and database queries to a minimum.

 

Thanks.

[Buyocat]

So it sounds like what you want to implement is a group system on top of your current user rights system.  The base element would be a group.  By default all users might belong to some group, say "Normal".  However within a group users could be assigned rights.  For instance, Joe could be given full write access within the Normal group while Alex only has read access.  You could then create more groups, such as "League 1", and assign users to that group.  Let's run through a full scenario.

 

Joe is the site administrator and has super user rights.  This means he belongs to every group as a group owner and has the ability to assign other members to groups and assign their rights within a group.

 

Joe creates a group "League 1" to which he is automatically added as an owner.  He then adds Alex to the league as an owner.

 

As an owner Alex and adjust the rights levels of members within his group Alex can post various things, edit things, and add new members to the group.  Each member he adds will have read access by default.  There may be some mechanism in place to promote their access level.

 

Alex adds Roselin to the group.  She is now a member of the Default and League 1 groups.  This means that she can read both groups' material (since she has read access).

 

I can talk more about databases and how to implement this sort of thing if you'd like. I think at the most basic level it would involve adding a new table to the database, and some object to act as a mediator between a domain model and an access model.

[Kemik]

Well I already have "teams" and "team_members" tables.

 

It's simply trying to come up with a structure for permissions. I can create a boolean or tiny int and have the same admin system with the team as with the site, however the bit I'm stuck on is making only members of the team be able to visit their team pages and only the team leader to have the extra permissions.

[steelmanronald06]

I think that ACL would be wonderful here:  http://lampgeekz.netgeekz.net/tutorials/index.php?cmd=tutorial&id=13&page=0  It has exactly what your looking for. It goes beyond just having an admin, mod, user.  Hope it helps.

[Kemik]

Ah, thanks for the link!

 

I've been reading up on MVC all day actually. I've been looking if using a framework (specifically CodeIgniter) would make the development and management of my code easier. It looks like a step along a different path compared to OOP and even though it looks easy enough for me to handle it would mean I'd need to learn a few more process' and syntax.

 

I'll take look at the link you gave and make my decision.

 

Thanks again.

[steelmanronald06]

CakePHP has one of the most versatile ACL systems in it.