tags:

views:

80

answers:

2
Q: 

Some ideas while planning php system

Hi,

I am just about to undertake building a relatively large PHP system, I just need some ideas on how to implement a certain feature.

I will allow users to register. Once registered, the user will have a security level which will be assigned to their account.

So if I had security levels 1, 2 and 3, what would be the best way to show certain things to people with certain security levels ?

Thank you in advance.

+4  A: 

Before you reinvent the wheel, be sure to look whether Zend_ACL is for you. I haven't used it myself but from what it promises in the docs, it can do what you need and much more.

Pekka  2010-01-27 11:42:28
+1 for Zend_ACL
Kemo  2010-01-27 11:45:52
+3  A: 

Pekka's comments about looking at the Zend API's are good. Many of the Frameworks for PHP are currently (sadly) badly implemented junk (with hideously amateur code underneath), but the Zend API's are almost uniquely valuable.

If you do roll your own, which there is nothing wrong with doing if you can't find something that fits what you want (and can't be extended easily), then I'd take an OO approach and expose user properties via a class.

e.g. 

$user = new User($session->userId);
if (!$user->isAdministrator && !$user->canViewReports)
    someErrorHandler("You do not have permission to access this content.");

I'd avoid having fixed levels, but instead follow a roles based approach.

i.e. I'd avoid having levels like:

  • Staff
  • Manager
  • Administrator

And instead I'd go for properties (just as illustrative examples):

  • read_access
  • write_access
  • can_view_logs
  • can_view_reports
  • is_administrator

This allows you to be easily more explicit later, when you (inevitably) discover you want an additional permissions group you want have to go back and change existing code.

That doesn't mean putting users in groups is a bad idea (it's not and you could implement this using a groups system, e.g. where by a user could be in both "Reporting" and "Logs"), but assumptions about security levels being hierarchical are typically the wrong approach (e.g. Level 1=Staff, Level 2=Managers, Level 3=Admin) - this is because you almost always end up needing a system that's more flexible than a simple hierarchical system allows.

In practice if you do end up taking this approach, you may want to have a Permissions or Group class, to avoid having an overly large User class (which might end up full of stuff for getting user properties, setting new passwords, etc).

e.g.

$group = new Group($session->userId);
if (!$group->Administrators && !$group->Reporting)
    someErrorHandler("You do not have permission to access this content.");
Iain Collins  2010-01-27 13:24:59
Pefect Thanks for the information :)
Oliver Bayes-Shelton  2010-01-28 09:07:43

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases