Crazy access idea

MFKR

Okay so I'm trying to figure out the best way to make this access/permissions ability on a website I'm working on to work. The access section would hold the people such as admin, moderators, users, etc. These are generalized groups that can give or stop access to certain people. This part is done.

The problem I'm having is how to best implement a permissions part. I want certain users to have access to maybe 1 page or 2 pages. Example would be me having a list of clubs and whoever is the president of the club can make changes to their club but none of the others. I thought that a permission section in a mysql database would work by using CSV between each user who has access. So maybe the VP or Treasurer can have access also to the page. So the problem i'm running into is how would you remove the commas from the mysql value so that it can be seperated into a user. yeah... so mysql->php and csv->array or something of that sort.

I hope this makes sense...

Kudose

If there are "groups", then I would implement it by a clearance integer.

i.e.

root = 1
admin = 2
moderator = 3
user = 4
guest = 5

//mod access or better
if($clearance <= 3) //access
else //deny

MFKR

I got that part done. It was easy. What I'm having difficulty trying to best implement is for certain users. They aren't goign to be admins or moderators or anything upper level, but they are goign to have the ability to edit a single page. This isn't every user, just 1 or 2. I was thinking of putting their names in a database set up with csv and then php would remove the commas and check to see if the user trying to access the page was one of those users or had the proper access level. Hope that makes sense.

Kudose

It does. I would use thier ID number though, it would save space in the DB.

$ID = $_SESSION['adminID']; //lets say it is 4
$FETCH= ;//fetch query here
$ALLOWED = explode(",", $FETCH);
if(in_array($ID, $ALLOWED)) //access
else //deny

Shrike

The waterfall style of access control falls over when you have more than one type of access being granted. For example two users create database records. You want to allow them access to their own records. Similarly if you need to grant access in a non-linear fashion, for example a user should have access level 1 and 3 but not 2. Access control lists were thought up for this scenario, there is a PHP implementation too.

MFKR

thanks I'll have to try it.

bradgrafelman

Well, you can combine the two methods... have the access levels, and then a "special" list of names... for example, say you wanted to give either "level 3" users OR johndoe/janedoe access to page ID 5 (or however you identify certain areas), you could do this:

$query = 'SELECT userIDs FROM special_table WHERE pageID = 5';
$exec = mysql_query($query);
$userIDs = explode(',', mysql_result($exec, 0)); // assuming you have a comma-separated of userid's allowed

if($clearance <= 3 || in_array($_SESSION['userID'], $userIDs)) {
    // allowed
} else {
    // denied
}