Creating users with the rights

The question was asked: 6 years 9 months ago   views: 19

Good evening, what can is there a piece of code. I already have user registration, now I want to differentiate the rights from one Administrator that can add news. just another page view.

Asked: 18-11-2012 в 00:43:27

Answers   4


Managing user privileges based on roles.

This article describes how to implement access based on roles (role based access control - RBAC). RBAC - model system of differentiation of access rights, in which roles are used to perform different tasks and permissions to perform operations are mapped to roles. The user can obtain one or more roles that limit his authority to operate in the system.

Answered: 19-11-2012 в 09:58:15
Pretty much what I did in my bike) - 19-11-2012 в 10:23:05

If only part of your tasks and you are using a relational database, then:

  1. Create table roles (id, role, description).
  2. Insert two rows: (1, 'admin', 'Administrator'), (2, 'user', 'User')
  3. Create table users_roles (user_id, role_id)
  4. In it the following lines, respectively: (id_admin, 1), (id_user, 2)
  5. Then do an SQL query like:

    SELECT role FROM roles WHERE id IN (SELECT role_id FROM users_roles WHERE user_id = '$user_id')

This query will select the list of roles for the current user. That is, one user with such a structure can be many roles. For example, the user may be the role of: news_add, news_delete, weather_show etc.

The result of this query better to record to an array $roles = ['role1', 'role2'], for example, using the function mysql_fetch_array

And finally, to check the role of one of the following methods:

if (in_array('admin', $roles)) { echo 'Im ADMIN!'; } else { echo 'I Have no rights of the administrator :('; }
Answered: 18-11-2012 в 09:00:37

Implementation yet, but here's what is up :

Let's come up with a user group, so from my point of view is more convenient.

Database table :

users_groups / id, name, description

users_groups_rules / id, group_id, rules

The first table is needed purely for the bundles user with the rights of his group.

When entering the specific page we need to know the id of the group, which is the user. Based on the data we will be able to send a request to the database, and get right to the group type SELECT rules FROM users_groups_rules WHERE group_id = 'id of user group' . After obtaining the rights of this group we can dismantle them, rights are a list something like this :

[allow_comment;yes;] // to allow to add comments? - Yes

[allow_add_news;no;] // to allow adding news? - no

Understands that all of the regular season, and returns as an array, you can create constants with names allow_comment, allow_add_news, however, will eat more memory.

This is an exemplary implementation of user groups, write your CMS system, come up with ways to implement it.

Answered: 19-11-2012 в 00:25:15
do You have icq ? - 19-11-2012 в 00:50:55
Not use it apart to help you I will not, because you know what this means, ask here, will reply. - 19-11-2012 в 01:10:04
also before doing so. but when the boss comes in and says, "Listen, buddy, we concluded with the client there is a unique contract, in short, it can only add news, and I can't remove, do the same, OK?" And after this when a single user has a different set of rights, group rights became conditional. - 19-11-2012 в 09:08:47
But thank you for it, you will need to consider when developing) As an option to create special groups for each special user, and maybe his name will work not one, and for example two or three? - 19-11-2012 в 13:40:56

In one of cases of using bitwise operators in JS was due to the rights management system. Read, maybe this will help you.

Answered: 20-11-2012 в 20:45:13