0

Hello guys I've built an admin panel which now I have to protect based on which user try to access it. I need something in php and mySQL so that I can check in the middle of my code if the user (with $_SESSION['thisUser']) has permission to modify or only view something. I'd need it easy cos I'm not good at building php classes.. don't know something that I can call like 

if( $user->hasPermission('write-news') ) 
   // write news

Any help? thanks in advance!

JohnnyCau
  • 35
  • 1
  • 7
  • 1
    What's your question? Fetch the relevant data from the database in the method. –  Jun 22 '13 at 15:26
  • I'm not sure what you mean by method, but I'm looking for something (maybe a few classes, don't know) that tells me quickly if the logged user has a specific permission to do/view something or not. – JohnnyCau Jun 22 '13 at 16:35

2 Answers2

0

Well, if you are attempting to go with an object oriented approach then certainly you can, but you need to make sure you will be having a class file where your hasPermission() for $user member variable(most probably of user class) is defined which fetches the values from database by hitting a query specifically on $user.

PS: This will make sense if you are aware frameworked PHP approach.

A J
  • 3,970
  • 14
  • 38
  • 53
ILLUSION
  • 31
  • 6
  • I'm not good with php frameworks. My admin panel is some quite simple php code. That's why I'd need something ready to use. I searched the web and found an ACL class but seems to require a user class to work, which I do not have. Maybe I'd need something like both user and acl class? – JohnnyCau Jun 22 '13 at 16:27
0

Ok I think I found an easier way to perform it.

I just made few tables (users, roles, permissions and role_perm that connects the two). Then I made a php file (included right after the db-settings.php file) that retrieves all permissions of the logged users and saves them inside an array (taking userId from $_SESSION[]) and with a function hasPermission($Permission) { that checks the given permission in the array and returns true or false. This way each time I need to check for a specific permission I call it like 

if(hasPermission("write-news")) {
    // let him write it
} else {
    // "you do not have permission, bye bye"
}

Maybe this isn't the proper way to set up a role based permission system or w/e it is, but It's simple and works for what I need it to. Unfortunately I really don't have time to spend learning how better systems works. If you have some suggestions about it, I'd be interested to read it.

JohnnyCau
  • 35
  • 1
  • 7