开发者

Ease way for user permission function php

开发者 https://www.devze.com 2023-02-20 02:56 出处:网络
We want to add 4 types(or groups) of users to our website, they should access only associated pages what w开发者_如何学Goe allow while creating those groups. So should we set an array of permission an

We want to add 4 types(or groups) of users to our website, they should access only associated pages what w开发者_如何学Goe allow while creating those groups. So should we set an array of permission and check at top of page if user has permission to view this page or any other way like creating db tables or writing class. Please help.


Normally I'm not a big fan of using Zend outside of a fully Zend application, except with Zend_Lucene, but I would recommend using Zend_Acl in your application, which handles this task transparently to your application. It's quite easy to use, here you have a sample code from the Zend dev:

$acl = new Zend_Acl();

$acl->addRole(new Zend_Acl_Role('guest'))
    ->addRole(new Zend_Acl_Role('member'))
    ->addRole(new Zend_Acl_Role('admin'));

$parents = array('guest', 'member', 'admin');

$acl->addRole(new Zend_Acl_Role('someUser'), $parents);
$acl->add(new Zend_Acl_Resource('someResource'));
$acl->deny('guest', 'someResource');
$acl->allow('member', 'someResource');

echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';

Hope I can help, David


I created 2 tables:

1) Users (ID, Name, Password, GroupID)

2) UserGroups (ID, Name)

Then build a function which checks if the user is in a group. On the top of the page you check this and show the page (or not).

If you want to extend this you can create a table actions and a crosstable, which links an action (access a page or edit something) to a set of usergroups. This way you can have multiple groups on one action. These are those tables:

3) Actions (ID, Name)

4) Group_actions (GroupID, ActionID)


What I have to solve this issue is this:

  1. I have created one table with user levels.
  2. Every time the user logs in, I retrieve this level from the database and save it in session variables.
  3. In every page, I check if the value of the session variable that correspond to the user is allowed to see this page.

EDIT: tO check, I used this function:

function checkPermission($allowedLevel)
{
 if(isset($_SESSION['level']) AND ($_SESSION['level'] == "$allowedLevel")){
  return TRUE;
 }
 else{
  return FALSE;
 }
}

And in the top of every script I have:

if(checkPermission($someLevel)){
 // Run the script
}
else{
 // Manage unauthorized access...
}

EDIT 2: My tables are like this: I have a table for levels: user_type(id_level, level) and in the table where I store the user information I have a foreign key to the id_level for each user.

Every time they log in, I get the user information by making a join between the table user and user_type (Since id_level is a foreign key in my user table)

0

精彩评论

暂无评论...
验证码 换一张
取 消