Page 1 of 1

Administration user permissions

Posted: Sat May 19, 2007 7:59 pm
by deleet
Hey everyone.

I'm building an administration panel for a website which has a lot of functionality and is going to be managed by quite a few people.

I ran into a bit of a problem as the best way to make user permissions (which are editable) work.

Not everyone will have access to the entire admin panel and I'll need a way to define who has access to what.

First off, this has to be stored inside of the user's table, on a field. This is sort of a requirement. Also, I don't want to use serialized arrays.

The administration panel is divided by general categories, which in turn have pages, which have categories as well. Something like:

Article -> Add Article -> Article Category = Means a user can only add an article to that category.

Forums -> Moderator -> Forum Category = Means a user is a moderator for this forum category.

I've thought about a variety of things, having values comma separated, dashes in between (I'd be using explode of course), etc but I can't really figure out a good and / or proper way to do this.

Later on, super admins can edit each individual user's permissions via a bunch of presets / tons of checkboxes (this isn't really a problem to do) so I'd have to have the option to edit / update any part of the 'string'.

If you have any questions / suggestions I'd be glad to hear them.

Thanks for your help.

André Ferreira.

Re: Administration user permissions

Posted: Sun May 20, 2007 4:22 am
by Kieran Huggins
deleet wrote:...I don't want to use serialized arrays....
Why not? Sounds like an ideal solution to me...

You could have a default permissions array like:

Code: Select all

$default_perms['is moderator'] = false;
$default_perms['can moderate']=array('forum one','forum two');
And user permissions:

Code: Select all

$user_perms['is moderator'] = true;
$user_perms['can moderate']=array('forum two','forum three');
and then get the combined result with array_merge_recursive():

Code: Select all

$total_perms = array_merge_recursive($default_perms,$user_perms);

// now check:
if($total_perms['is moderator']){/*...*/}
// or
if(in_array('forum three',$total_perms['can moderate'])){/*...*/}
You could abstract this concept further into a class with a perm() getter/setter if the mood strikes you, but arrays work fine for the most part, and they merge nicely.

Posted: Sun May 20, 2007 4:55 am
by deleet
Well the reason was that I'm guessing serialize() isn't really compatible with any other languagues (say C#, ASP.NET, etc...).

If this is true, the data will be available for PHP and PHP only, which isn't really intended (later on I'm probably going to need to get these permissions from a C# application) so I'll have to find some other way.

I could eventually get / build some sort of a parser to actually use the information on a serialized form but that would be a bit of trouble imo.

I was hoping I could use a simple string with all of the info and then explode it (I believe explode or something very similar should exist in other languages) and handle the data that way. The problem is, it's going to be damn complex / hard with no serialize lol.

Is there any other alternative or does serialize() have a sibling in C# ? If not, how the hell am I going to get out of this one lol.

Also, a class is probably what I'm going to do since this seems useful for future uses.

Thanks again.

André Ferreira.

Posted: Sun May 20, 2007 5:54 am
by Ollie Saunders
XML, XPath and XQuery is probably your best bet for platform independent complex relational data interchange.

Posted: Sun May 20, 2007 12:33 pm
by Kieran Huggins
Maybe JSON would be a good alternative to serialize? the syntax is fairly simple and you could probably modify it to evaluate in any C type language fairly easily.

Posted: Mon May 21, 2007 9:48 am
by deleet
Looking into JSON seems like a good idea, I can use it in a wide variety of other languages (apparently there already is software to complement most languages to use JSON).

XML also seems quite useful for this so I haven't really decided yet.

Thanks for all your help.