Howdy All-
I've poked around the net for some snippets, and have done my own in the past,
but wanted to get some more ideas on how you do a permissions "system". This
means, in your application, how do you control and enforce different
permissions for different users?
Simple example: An image repository. You have users who can download images
and/or upload images. And certain users can only search for images within a
certain criteria.
What I've done in the past is created a permission_flag column for each user.
Zero or One determines whether or not the user can do that function, and the
various functions are indicated by position (or index). So if you had upload
and download functions, you can have:
01 = can download, but can't upload
11 = can download and upload.
If I add a new function, I have to add another digit (and potentially increase
the column size if things grow faster than planned).
To enforce this, as a user attempts each function, I simply check the function
"index" and see if it's one or zero.
With me so far?
Now, for restricting database access:
What I've done is created a user_where column for each user. In this column I
add a where clause that's appended to each and every search the user attempts
(with the usual input safety checks for common db exploits).
For example, if a user can only see Approved images (in my pretend application
example here), the user_where value might be "category = 'Approved'". For
multiple values, it could be "category IN ('Approved', 'Pending')".
Does this make sense? How are other people doing things? I've given a little
bit of thought to it, but not enough. With all the applications out there
everyone at some point has to come up with their own system.
Ideas?
Thanks,
Jason
=====
Just Another Fu@#in' Adventure
http://markantes.com/jason
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
