开发者

Ease way for user permission function php

问答 作者:

We want to add 4 types(or groups) of users to our website, they should access only associated pages what w开发者_如何学Goe allow while creating those groups. So should we set an array of permission and check at top of page if user has permission to view this page or any other way like creating db tables or writing class. Please help.

Normally I'm not a big fan of using Zend outside of a fully Zend application, except with Zend_Lucene, but I would recommend using Zend_Acl in your application, which handles this task transparently to your application. It's quite easy to use, here you have a sample code from the Zend dev:

$acl = new Zend_Acl();

$acl->addRole(new Zend_Acl_Role('guest'))
    ->addRole(new Zend_Acl_Role('member'))
    ->addRole(new Zend_Acl_Role('admin'));

$parents = array('guest', 'member', 'admin');

$acl->addRole(new Zend_Acl_Role('someUser'), $parents);
$acl->add(new Zend_Acl_Resource('someResource'));
$acl->deny('guest', 'someResource');
$acl->allow('member', 'someResource');

echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';

Hope I can help, David

I created 2 tables:

1) Users (ID, Name, Password, GroupID)

2) UserGroups (ID, Name)

Then build a function which checks if the user is in a group. On the top of the page you check this and show the page (or not).

If you want to extend this you can create a table actions and a crosstable, which links an action (access a page or edit something) to a set of usergroups. This way you can have multiple groups on one action. These are those tables:

3) Actions (ID, Name)

4) Group_actions (GroupID, ActionID)

What I have to solve this issue is this:

  1. I have created one table with user levels.
  2. Every time the user logs in, I retrieve this level from the database and save it in session variables.
  3. In every page, I check if the value of the session variable that correspond to the user is allowed to see this page.

EDIT: tO check, I used this function:

function checkPermission($allowedLevel)
{
 if(isset($_SESSION['level']) AND ($_SESSION['level'] == "$allowedLevel")){
  return TRUE;
 }
 else{
  return FALSE;
 }
}

And in the top of every script I have:

if(checkPermission($someLevel)){
 // Run the script
}
else{
 // Manage unauthorized access...
}

EDIT 2: My tables are like this: I have a table for levels: user_type(id_level, level) and in the table where I store the user information I have a foreign key to the id_level for each user.

Every time they log in, I get the user information by making a join between the table user and user_type (Since id_level is a foreign key in my user table)

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9