[SOLVED] Admin Area User Control Help

[Dashe]

Hi Guys

 

This is my first post here so be nice Wink

 

I am trying to develop an admin area for a site that I am running. there will be about 50 pages in the admin broke into different sections for example:

 

users -> view, add ,edit, delete, add, search

news -> view, add, edit, delete

 

I will have about 30 people needing access to certin pages like one person might only be allowed to view users while another can edit and another can edit delete and add etc...

 

What would be the most efficient way of controlling who is allowed to see what and so on. Preferable am thinking of groups so i can add someone to a group thats on the news team so they can all have most of the functions but the news team leader would be the only one to be able to delete etc...

 

Really confused on this as there are lots of ways of doing this, any advice or help would be really appreciated.

[revraz]

You can use Group Names and check them via your database and store in a session.  Or you can use Group Numbers.  Depending on how complex it is, it might be easier to say

 

if groupnumber >= 1 then you can do that, instead of

if groupname == "user" && groupname == "superuser"

[Dashe]

Hi revraz

 

Thanks for the reply

 

Unfotunily I am thinking that this is too complicated to put in groups, it may work, but was just wondering if others had different approach becasue this could have users have access to obscure pages and not connected with the rest of the people that would be normally in there group.

 

 

[Dashe]

So if I was to store ID's of users in groups and then say that only that group can access that page.

 

Would would your opinions be on this structure

 

User Groups:

idnameusers

1admins1,2,5

2mods3

3user admins6

---

Pages

idnamegroup_id

1edit_users.html1,3

2delete_users.html1

---

Then on the page you could check_allowed() that checks the users groups against the ones allowed on that page or am I doing this in an arse about way

 

 

[revraz]

Groups

1 | admins

2 | mods

3 | user admins

 

 

Users

id | Name | Group

1  | Joe  | 2

2  | Fred  | 3

 

Is how I'd do it.

[Sesquipedalian]

Have it set a userlevel based on who they are when you add them (I'm assuming your adding manually to the database?).

 

You can have it so that their level (1, 2, 3, 4, etc.) are stored in the MYSQL Database, and then when you log them in it finds their level and sets it as $_SESSION['lvl'], and then you have it display things accordingly. Let's say level 1 is admin, 2 is less, etc.

 

<?php
if ($_SESSION['lvl'] == 1) {
echo 'Extra Navigation for Adminstrators';
} else if ($_SESSION['lvl'] < 3) {
echo 'Navigation for level 2 and administrators.';
} else if ($_SESSION['lvl'] < 4) {
echo 'Navigation for level 3, 2, and administrators.';
}

 

So you see, the first if statement, when level == 1, it dispalys a certain navigation only administrators will see. The second one displays navigation that only Administrators and level 2 users should see -- the administrators still see it, because 1<3 (along with 2<3). Then the third one displays navigation that level 3, 2, and administrators will see. The differences are, if someone is logged in as level 3, they won't be able to see any of the other navigation but their own, because 3<3 isn't true, and neither is 3<2. Whereas the Administrator sees everything, because 1 == 1, 1<3, and 1<4.

 

Hope that helps.

[Dashe]

Thats very similar to the way i am running it now, i just show the appropriate menu but the reason i am thinking of overhauling it is in case people guess the name of the pages, they are in the admin area and authenticated but could guess the delete page.

 

So want to make the page show up "You are not Authorised to use this page"

 

Another problem is that using the esscilating method of 1 to 2 to 3 etc... not everyone on level 3 would have access to everything on level 2 so need a specific system for specific pages.

 

Its a pain in the ass but with 60+ teams using this need to make sure no one has access to anything they shouldnt while being flexiable enought to give someone access to one specific page from another teams stuff.

 

[revraz]

Then yes, you need to set levels for each page, which you should be doing anyways.

[Dashe]

Thanks a lot guys