software:dailydata:libraries:php_user_permissions
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | software:dailydata:libraries:php_user_permissions [2021/09/22 01:19] (current) – created rodolico | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== PHP Users Permissions Class ====== | ||
+ | |||
+ | The Users Permissions Class (UsersPermissions.class.php containing the class UsersPermissions) is an extension to the [[software: | ||
+ | |||
+ | As with the Users class, there is a separate data access class that is used (usersPermissionsDataSourceMySQLi.php containing the class usersPermissionsDataSourceMySQLi for MySQL). | ||
+ | |||
+ | NOTE: a user with admin rights (Users:: | ||
+ | |||
+ | You can get a copy of this from our subversion repository | ||
+ | <code bash> | ||
+ | svn co http:// | ||
+ | </ | ||
+ | My working copy is at | ||
+ | http:// | ||
+ | but I recommend NOT using that as we use trunk as our personal playground and will commit broken code to it regularly | ||
+ | |||
+ | |||
+ | ==== Basic System ==== | ||
+ | |||
+ | When administrators edit a user, a list of permissions with their values shows up below the other fields. The admin can turn on/off a permission at this point. | ||
+ | |||
+ | The main function needed is isAuthorized( $permission ) which returns a true or false depending on the value and whether the user in question is an administrator (admins have full access). | ||
+ | |||
+ | Permissions are a member of a Permission Category, though the category is only used for display purposes. In the Edit screen if permissions are displayed, they are grouped by the Permission Category. | ||
+ | |||
+ | Permissions have a short name (name), display name (description), | ||
+ | |||
+ | The short name is designed to be used by the calling program, and recommended to be something meaningful programmatically. The short name must be unique across all categories. | ||
+ | |||
+ | Display name is used to label the permissions in the edit screen. | ||
+ | |||
+ | Users and Permissions are joined through the UsersPermissions table in the MySQLi access class along with the current value. | ||
+ | |||
+ | The default structure in the MySQLi access class is: | ||
+ | |||
+ | <code sql> | ||
+ | create table _permissions_categories ( | ||
+ | | ||
+ | name varchar(16), | ||
+ | | ||
+ | ); | ||
+ | |||
+ | create table _permissions ( | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | ); | ||
+ | |||
+ | create table _users_permissions ( | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | ); | ||
+ | </ | ||
+ | |||
+ | Note that all of the above table and column names can be overridden by the calling program by passing a correctly formed $customFields, | ||
+ | |||
+ | There is also a view, based on _users, _permissions, | ||
+ | |||
+ | <code sql> | ||
+ | create or replace view _view_users_permissions as | ||
+ | | ||
+ | _users._users_id users_id, | ||
+ | _users.login user, /* users login */ | ||
+ | _permissions._permissions_id permission_id, | ||
+ | _permissions.name permission, | ||
+ | _permissions.description description, | ||
+ | _permissions_categories.name category, | ||
+ | ifnull(_users_permissions.value, | ||
+ | | ||
+ | _users /* users */ | ||
+ | join _permissions | ||
+ | left join _users_permissions using (_user_id, | ||
+ | join _permissions_categories using (_permissions_categories_id) | ||
+ | </ | ||
+ | |||
+ | By using a left join into _users_permissions, | ||
+ | |||
+ | NOTE: the usersDataSource class has a public function, buildTable, which will build the table, so installation involves simply calling that function. This correctly adds the new tables. | ||
+ | |||
+ | Basic use in a script involves instantiating a data access class object, then instantiating a Users class object. | ||
+ | |||
+ | Example, assuming your Users instance is stored in $_SESSION[' | ||
+ | |||
+ | <code php> | ||
+ | <div class=' | ||
+ | <? | ||
+ | print '< | ||
+ | foreach ( $menu as $display => $permissionName ) { | ||
+ | if ( $_SESSION[' | ||
+ | print "< | ||
+ | } // if | ||
+ | } // foreach | ||
+ | print '</ | ||
+ | ?> | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== Full Functionality ==== | ||
+ | |||
+ | Your software project can dynamically add/remove permissions. An example would be a base system which adds/ | ||
+ | |||
+ | <code php> | ||
+ | // allow access to the menu by default | ||
+ | | ||
+ | // allow users to edit an existing entry by default | ||
+ | | ||
+ | // do not allow users to create a new entry unless they are an admin | ||
+ | | ||
+ | // do not allow users to delete an entry unless they are an admin | ||
+ | | ||
+ | </ | ||
+ | |||
+ | This would create four permissions in the category 'New Module 1' and set all existing users to the default permission. It will create the category 'New Module 1' on the first call if it doesn' | ||
+ | |||
+ | NOTE: In some cases, you might want the first permission (Show Menu) to actually be in an existing category, maybe ' | ||
+ | |||
+ | ==== CSS ==== | ||
+ | |||
+ | Again, we are using CSS for all formatting. In this case, each category of permissions will be in a div of class ' | ||
+ | |||
software/dailydata/libraries/php_user_permissions.txt · Last modified: 2021/09/22 01:19 by rodolico