开发者

how to set user level

I am doing a system that require a login page. The problem is I dont know how to set the user level. For an example : if admin, can access all the page and if user can access only certain page. How开发者_C百科 to do that?


That's a very broad question. Access control can be handled in a variety of ways. Ultimately, for every "action" on your site — each thing that a logged-in user might be able to do (or see) — you need to determine if the current user is authorized to do that thing.

The most basic approach is to designate a particular group of users who can do everything ("admins" generally):

if ($user->is_admin) {
    // Do stuff...
}

The most sophisticated approach is (arguably) to keep a separate privilege for each thing people might be able to do:

if ($user->can_edit_things) {
    // Edit things
}
if ($user->can_add_things) {
    // Add things
}
if ($user->can_delete_things) {
    // Delete things
}

Somewhere in the middle falls a common, "role-based" approach. There you'll assign each user a role, and each action a set of roles that are allowed to perform it.

if ($user->role == 'Admin' || $user->role == 'Adder of Things' || $user->role == 'Cool Guy') {
    // Add things
}
if ($user->role == 'Admin' || $user->role == 'Deleter of Stuff' || $user->role == 'Evil') {
    // Delete things
}

Ultimately you'll have to decide what approach works best for your site, keeping in mind that you can combine these basic approaches (along with a million subtle and not-so-subtle variations) to get the best balance between "easy to develop" and "able to express the permissions you care about."

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜