If I interpret your question correctly then I think something along the lines of what I use for my user management system might be what you’re looking for.
I assign each right (login, add content, edit content, etc.) a value that corresponds with one bit of an 2n integer (1=login, 2=add, 4=edit, 8, 16, 32, etc.). I then total the value of all the individual rights that a given user possesses; a user who can login and edit content has a rights value of 3 (1 + 2), a user who can login and edit content would have a rights value of 5 (1 + 4). This value is then stored in the user table along with the rest of the user’s login info.
Determining whether or not a user can access a given resource is achieved by performing a bitwise AND of the user’s rights value and the value of the right required to access the resource in question. For example to check if a particular user can login in to a restricted portion of your site do something like the following:
//query database with the info provided by your login script/form – as part of result set return user’s rights value
//check that the desired login criteria has been met (username/password match, etc.)
//assign the user’s rights value to $user_rights (or whatever fits in with your naming convention scheme)
if ($user_rights and 1) //based on login value from above
{
//display restricted content or redirect to desired location
}
else
{
//display error detailing login failure and prompt for login info again
}
Hope this helps in some small way...
