Permissions system

Asked

Viewed 186 times

0

I have a user register and a user table field where the permissions to edit files will be stored (e.g. 1-edit, 2-delete) and will be stored in Mysql.

Someone could help because I don’t know how I could do this control with PHP.

php

1 answer

2


I suggest a simpler and faster model to pursue the goal. We assume we have a table like this:

CREATE TABLE usuarios (
   id int unsigned not null AUTO_INCREMENT, /* numero de usuário */
   username varchar(30), /* nome de usuário */
   ...
   perm tinyint, /* as permissões */
   PRIMARY KEY (id));

The code to use this template will be more or less this (it does not have the authorization and login process):

<?php

// podemos definir as permissoes como constantes
define('READ', 0);
define('WRITE', 1);
define('DELETE', 2);

// usando comandos preparados, a inserção de dados será mais segura
$db = new mysqli("host","login","password","database");
$s = $db->prepare("SELECT * FROM usuarios where username=?");
$s->bind_param('s', $_POST['usuario']);
$s->execute();
$s->bind_result($id,$usuario,$perm);
$s->fetch();

// assim podemos verificar simplesmente se o usuario tem a permissão para preceder com a operação
if(pode_editar($perm))
        echo "USUARIO $usuario PODE EDITAR";

// as funções para verificação de permissões
// cada função vai retornar true ou false dependente da variável dada
function pode_ler($perm) {
return ($perm >= READ ? true : false);
}
function pode_editar($perm) {
return ($perm <= WRITE ? true : false);
}
function pode_eliminar($perm) {
return ($perm == DELETE && $perm <= DELETE ? true : false);
}

  • Good answer, but I don’t think the conditions are right. It wouldn’t be $perm >= WRITE in pode_editar and only $perm == DELETE in pode_eliminar?

  • It could be $perm == DELETE in case the user is limited ONLY to delete, but in case he can also read and edit what I did is necessary. If write is >= 1 this will mean "more or equal", so the user will be able to delete as well, but without reading permission.

  • Tim I don’t understand your reasoning, if you have a function that checks if it can’t delete it shouldn’t just check if it can eliminate?

  • 1

    Usually in the case of editing articles in the CMS the permission is assigned in this way, when the user will be able to read if he has the permission to edit or delete. But it could be like you said too, in this case it will be necessary to check multiple functions, such as if(pode_ler($perm) && pode_editar($perm)). My reasoning presupposes the use of a single function.

  • Ok, in this example the user can for example Read and Write with permission 1, and with permission 2 can Read, Write and Delete ? That would be the purpose, and in the bank would store only 0,1 or 2.

  • Yes, it’s exactly that logic.

  • Obviously you can choose another logic having each function check only the given one, as Jorge suggested earlier. In this case you will have to put 3 columns in the table as 3 separate permissions and change the function comparison operations to $perm == DELETE, $perm == WRITE and $perm == READ.

  • Could you take a look at this link and see if it would be +/- like this? https://github.com/tiagobuchanelli/PHP-e-MySQL/blob/master/PERMISS%C3%95ES%20PHP.php

Show 3 more comments

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.