Privilege System

fnbcprog

I am in the midst of coding a system which is going to have to utilize a privilege system in some way....

How do you think the system should be done?
MySQL with separate columns for every privilege or to have a long character string that is used for the privileges......

mrhappiness

1 table for groups of permissions
1 table for permissions (with a foreign key column to id of corresponding group)

1 table with relation: id of user, id of permission

fnbcprog

can you explain more in depth...

give me the column names and everything... show the relations....

RossC0

If you are planning a complex privilege system - i.e. multi layered - user rights, page edit rights, page view rights etc..

You might want to look at phpGACL which is based on Sql Trees

mrhappiness

CREATE TABLE groups (
  group_id int(10) NOT NULL auto_increment,
  group_name varchar(30) NOT NULL default '',
  PRIMARY KEY  (group_id),
  UNIQUE KEY group_name (group_name)
) TYPE=MyISAM;

INSERT INTO groups VALUES (1, 'PROFILE'),
(2, 'POSTING');

CREATE TABLE rights (
  right_id int(10) NOT NULL auto_increment,
  group_id int(10) NOT NULL default '0',
  right_name varchar(30) NOT NULL default '',
  PRIMARY KEY  (right_id),
  UNIQUE KEY right_name (right_name),
  KEY group_id (group_id)
) TYPE=MyISAM;

INSERT INTO rights VALUES (1, 1, 'CHANGE_NICKNAME'),
(2, 1, 'CHANGE_MAIL'),
(3, 1, 'CHANGE_PASS'),
(4, 2, 'CREATE'),
(5, 2, 'EDIT'),
(6, 2, 'DELETE'),
(7, 2, 'CLOSE');

CREATE TABLE user_rights (
  user_id int(10) NOT NULL default '0',
  right_id int(10) NOT NULL default '0',
  PRIMARY KEY  (user_id,right_id),
  KEY user_id (user_id)
) TYPE=MyISAM;

INSERT INTO user_rights VALUES (1, 1),
(1, 2),
(1, 3),
(1, 4),
(1, 5),
(1, 6),
(1, 7),
(2, 2),
(2, 3),
(2, 4),
(2, 5);

This means that the user with id #1 has all of the 7 permissions defined wheres the user with id #2 is not allowed to change his nickname, close or delete postings

fnbcprog

Alright...

I am perfectly with you on the tables...
How would I implement the interface with PHP and MySQL so that an administrator could edit these privileges....

Also will this system handle groups and group privileges... that filter down to the users without explicitly stating them in the user table....

mrhappiness

I'ld say have one page for creating, renaming, deleting and managing groups

if you select a group you can create, rename, delete the corresponding permissions (2nd page)

on a 3rd page you can select a user and assign groups or specific permissions to them

on a 4th page you can select a group or permission and add users

i don#t know what you want exactly, please ask more specific