user permissions scheme

chucklarge

Hi,
I need to develop a site that will handle users that have multiple permissions for different areas of the site.

for example
joe might have admin access to the sales team area, no access to the product returns area, normal user access to internal announcements, etc.

Does any one have any suggestions ? or a cms that can permissions like that and can be easily modifiable to add new areas to the existing site?

thanks,
chuck

bretticus

I like to create users, role, and user_roles tables.

CREATE TABLE Users (
PersonID int(10) unsigned NOT NULL default '0',
Username varchar(20) NOT NULL default '',
Password varchar(20) NOT NULL default '',
KEY PersonID (PersonID)
)

CREATE TABLE Roles (
RoleID int(10) unsigned NOT NULL auto_increment,
Role varchar(50) NOT NULL default '',
PRIMARY KEY (RoleID)
)

CREATE TABLE UserRoles (
PersonID int(10) unsigned NOT NULL default '0',
RoleID int(10) unsigned NOT NULL default '0',
UNIQUE KEY PersonID (PersonID,RoleID)
)

This makes for a extensible way to associate many users with many roles.

Next I lookup a users roles when they login and store them in a session array. I then use a function like is_user_in_role("admin") which simply just searches the session array for the role. The function might look like...

is_user_in_role($role) {
return in_array($role, $_SESSION['roles']);
}