Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

user permissions organization help

Status
Not open for further replies.
phpgramma

phpgramma

Programmer
Dec 24, 2004
35
US
I am about to embark on a new learning project using PHP & MySQL. I need to create users and user groups with permissions for various tasks. i.e. the page will load and display elements (like in a menu) based on whether the user is a member of a group that has certain permissions for the element.

So far, members can only be a part of one group at a time (admins, users, etc.) I think giving users more than one group would be overkill.

My question is: what advice can you give me on organizing these permissions? I want to keep the list easily expandable with the ability to add more functions as necessary. This is the first time I've ever done this, so any input you can give is greatly appreciated.

thanks,
j
 
Sort by date Sort by votes
you make one table for userlevel, called tbl_usrlvl or something.

it need auto_id (unique), which you can call `usrlvl_id
then you need some sort of title
you might also want to have fields like: quota, lifetime, etc.

quota can be used for uploading pictures..
lifetime can be used, for renewal of accounts.. eg if lifetime == 0, it's neverending.. (on admins this can be good). If you want members to pay a yearly fee, you put lifetime to 365 (days).

this is just my suggestion however.

Then, in your user table, you have a field: user_level_id or soemthing (integer). You do (OF COURSE) not let the user see this field, or do anything with it.

you set the default to 1, as 1 is basic member. (set default value in the table design)

then, when accepting members, or maybe modifying (if auto-accepted), you can change userlevel how it suits you.

If you then fetch content from db, you can have a field: required_userlevel

then you do:
if userlevel < required_userlevel
show page
else
show error message
end if

you will of course wrap that inside an:

if logged in
check if required userlevel is ok.
else
show login
end if

ps. this is only psuedocode! you cant use it, it's just for inspiration.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
ok. very cool. should the organization be the same thing per task? say i have a menu with 5 items in it and each item is shown or not shown based on the user's permission. should i just do if statements for each of them? or is there an easier and cleaner way?
 
Upvote 0 Downvote
you do it in the loop which loops and parses the elements..

if required_userlevel <= current_userlevel
parse out menu item
end if

I dont know why you would want to display things they dont have access too..

you can however, check if user is logged in
if not, if the required_userlevel > 0, show a key before the menu element, to illustrate it needs login.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
that's the idea. I don't want to show items they don't have access to. I was just checking to see if there was a better way than If statements.

I got another question for ya' then...

I want to make a heirarchy for user types. It's probably easier to explain with an example:

Types:
1- Admin
2- Power User
3- Low-end user
4- etc...
5- etc...

If I log in as an admin, I give a Power User the ability to edit/create/view users of type 2,3 & 4. And then Low-end users can access maybe types 3 & 5. Currently this mysql field is a Varchar. (note: a Low-end User would be denied the right to edit users other than themselves, but that's off the subject of the question)

What would be the best way to assign these types of permissions? use comma a delimited entry (i.e. "2,3,4" or "3,5") or something else? (I hope I explained it right)

-j
 
Upvote 0 Downvote
you can do like this:
higher id = better

1 = basic
2 = member+
3 = member++
4 = operator
5 = administrator

then you set required_userlevel = 0, if no login is needed.
= 1, if login is needed, but everyone can see the page.

I would not let anyone else than 4 or 5 edit content or users.


Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
I was thinking about that, but the reason I want to try something else is because my scripts identify the usertype by its ID #, and it's the auto_increment index. I want to make the usertypes independent of the order their entered into the database, as well as independent of any specific heirarical order. If as an admin, I can add/change allowed types, without having to reorder anything, it'll make things much easier for me in the long run.

This is going to be a national database where regions will be maintained independently (to the admin's job easier!), so there will have to be different permissions granted to different pieces around the country.

so how might I organize that best?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rmak78
  • Locked
  • Helpful tip
LIMIT USERS ACCESS PER DAY BY IP
Replies
0
Views
235
rmak78
rmak78
virtualtom
  • Locked
  • Question
Can ankyone help me extract the data that passes thru this form?
Replies
1
Views
204
spamjim
spamjim
dball63
  • Locked
  • Question
Noob Needs some help making HTML edits on PHP page
Replies
6
Views
307
spamjim
spamjim
Swi
  • Locked
  • Question
Help on depreciated statement. 2
Replies
6
Views
223
Swi
Swi
notsoevilgenius
  • Locked
  • Question
Help Calculating Time Worked 1
Replies
6
Views
267
notsoevilgenius
notsoevilgenius

Part and Inventory Search

Sponsor

Back
Top