how to set user level
I am doing a system that require a login page. The problem is I dont know how to set the user level. For an example : if admin, can access all the page and if user can access only certain page. How开发者_C百科 to do that?
That's a very broad question. Access control can be handled in a variety of ways. Ultimately, for every "action" on your site — each thing that a logged-in user might be able to do (or see) — you need to determine if the current user is authorized to do that thing.
The most basic approach is to designate a particular group of users who can do everything ("admins" generally):
if ($user->is_admin) {
// Do stuff...
}
The most sophisticated approach is (arguably) to keep a separate privilege for each thing people might be able to do:
if ($user->can_edit_things) {
// Edit things
}
if ($user->can_add_things) {
// Add things
}
if ($user->can_delete_things) {
// Delete things
}
Somewhere in the middle falls a common, "role-based" approach. There you'll assign each user a role, and each action a set of roles that are allowed to perform it.
if ($user->role == 'Admin' || $user->role == 'Adder of Things' || $user->role == 'Cool Guy') {
// Add things
}
if ($user->role == 'Admin' || $user->role == 'Deleter of Stuff' || $user->role == 'Evil') {
// Delete things
}
Ultimately you'll have to decide what approach works best for your site, keeping in mind that you can combine these basic approaches (along with a million subtle and not-so-subtle variations) to get the best balance between "easy to develop" and "able to express the permissions you care about."
精彩评论