Posted by J.O. Aho on 11/18/06 23:46

linda wrote:
> "J.O. Aho" <user@example.net> wrote in message

>> If we assume you would store page data, then you can have
>>
>> Permissions
>> user_id
>> page_id (string to identify page)
>> perm (bool value)
>
> but would you mind explaining how the above would work, I'd be very
> greateful!

Okey, I will make a try

We assume that you have a number of pages like index.php (first page),
news.php, admin.php, userinfo.php and so on. We continue to assume that
index.php is accesseble for everyone, so that page don't include any
permission check.

For pages that needs permissions we have news.php, admin.php and userinfo.php,
we assume we have three users, user_id 1, 2 and 3. All 3 users are allowed to
access the news.php, user 1 can access admin.php and userinfo.php while user 3
has access to userinfo.php.

Then we have a table that could look like

1 news.php true
1 admin.php true
1 userinfo.php true
2 news.php true
3 news.php true
3 userinfo.php true

The pages news.php, admin.php and userinfo.php has a simple permission check
where they look up if the user is allowed to access the page

query="SELECT perm FROM Permissions WHERE user_id=$user_id AND
page_id='".$_SERVER['SCRIPT_NAME']."'";

So if user 2 tries to access admin.php or userinfo.php, then the result would
be "false" (you need to check how many rows the query did result in, 0 is
false), while user 3 accessing userinfo.php would get a true.


As I sit here and write this, the perm column isn't really needed, but can be
used for even higher grade of permissions, like a person who has "false" on
the perm column may not be allowed to change values, while a person who has
"true" may change values.


I hope you got an idea of what I'm trying to do here, if not, then just say
what you didn't catch and I try to explain it in another way.


//Aho

[Back to original message]