users and permissions

Question

I want to give some users certain permissions. Would this be the best way? I don't want to make groups like: admin, moderator, normal and so on. I want to be able to give one user maybe access to make news post and another one create poll, and maybe another delete polls.

I'm thinking tables like this:

CREATE TABLE `users` (
`id` mediumint(8) unsigned NOT NULL,
`username` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL,
)

CREATE TABLE `user_permissions` (
`id` mediumint(8) unsigned NOT NULL,
`user_id` mediumint(8) unsigned NOT NULL DEFAULT '0',
`can_post_news` tinyint(1) NOT NULL DEFAULT '0',
`can_delete_topics` tinyint(1) NOT NULL DEFAULT '0'
 ........
)

And On each page I need to check:

$sql = mysql_query("SELECT * FROM user_permissions WHERE user_id = $loggedinuser");
$row = mysql_fetch_assoc($sql);

if ($row['can_delete_topics'] == 1) {
mysql_query("delete from topics....");
}

Another question: Could I make a function of the 'check code' so I don't need this ugly code on each page? (I'm not so good with functions yet)

Excuse my English, I'm doing my best

Thanks

Answer 1

a better way could be (using postgresql sql syntax):

CREATE TABLE users (
    id      SERIAL, -- autoincrementing int
    ...
)

CREATE TABLE permissions (
    id      SERIAL,
    name    VARCHAR(255) NOT NULL,
    ...
)

create table users_permissions (
    id_user REFERENCES users(id),
    id_permission REFERENCES permission(id),
    UNIQUE(id_user, id_permission)
)

and then check for a row in users_permissions table.

for your second question the story is longer. for the code above there is no way, you must check that an user has the right permission to execute a particular function. for what i can remember php (isn't it php, right?) has pear that is a library of useful code. there was also a big repository of classes but i can't remember its name.

Edit:

i found the site: http://www.phpclasses.org/ how hard to remember...