views:

353

answers:

12

I've tried to do this several times with no luck. After reading this post, it made me interested in doing this again. So can anyone tell me why the following doesn't work?

<?php

    $guest = 1;
    $editor = 2;
    $admin = 4;

    $user = $editor;

    if( $user == ($editor | $admin) ) {
     echo "Test"; 
    }

?>
+2  A: 

It's been a long time since I used PHP, but I will assume that this will work:

<?php

    $guest = 1;
    $editor = 2;
    $admin = 4;

    $user = $editor;

    if( ($user == $editor) || ($user == $admin) ) {
        echo "Test";    
    }

?>
Espenhh
+6  A: 

Use the bitwise OR operator (|) to set bits, use the AND operator (&) to check bits. Your code should look like this:

<?php

    $guest = 1;
    $editor = 2;
    $admin = 4;

    $user = $editor;

    if( $user & ($editor | $admin) ) {
        echo "Test";    
    }

?>

If you don't understand binary and exactly what the bitwise operators do, you should go learn it. You'll understand how to do this much better.

yjerem
+1  A: 

(2 | 4) is evaluating to 6, but 2 == 6 is false.

mk
+1  A: 

@mk: (2 | 4) evaluates to 6.

yjerem
+1  A: 

$guest = 1; $editor = 2; $admin = 4;

$user = $editor;

if (user == $editor || $user == $admin) {
    echo "Test";
}
conmulligan
A: 

Awesome, this seems like the best way to do permissions in a CMS. Yes? No?

Kevin
+1  A: 

Awesome, this seems like the best way to do permissions in a CMS. Yes? No?

Maybe, I've never really done it that way. What I have done is used bitwise operators to store a whole bunch of "yes or no" settings in a single number in a single column in the database.

I guess for permissions, this way would work good if you want to store permissions in the database. If someone wants to post some content, and only wants admins and editors to see it, you just have to store the result of

 ($editor | $admin)

into the database, then to check it, do something like

 if ($user & $database_row['permissions']) {
       // display content
 } else {
       // display permissions error
 }
yjerem
A: 

In my opinion this doesn't scale well. I haven't actually tried using it on a large scale project, but a CMS sounds way to complicated to use this on.

Espenhh
+3  A: 

In the interest of not reinventing the wheel, why not take a look at ACL/Authentication systems like Zend ACL and Zend Auth? Both can be used independently from the Zend Framework as a whole. Access Control is a tricky situation so it benefits one to at least look at how other systems do it.

dragonmantank
A: 

In my opinion this doesn't scale well.

Can you be more specific...

Also, is this not how Linux handles permissions?

Kevin
A: 

It always depends on what you need. If you know the Zend Framework already, then I'd second the Zend_Acl/_Auth suggestion which was made earlier. But keep in mind that every framework propably comes with a similar component.

The other thing that comes to mind is LiveUser. I like working with it a lot as well.

I think you can do pretty much anything and while your approach looks very simple, it's also limited since (through all those if()'s) you are gonna put a lot of the ACL-logic right in the middle of your application. Which is not the greatest thing to do in order to keep it simple and extendible. ;)

Till
+2  A: 

I've used this in error reporting and it works quite well. As for user permissions it should work very well - you could have several columns for each user permission in your database or one userlevel column in your database. Go for this option.

Ross