views:

298

answers:

1

I have a database setup like this (I know it isnt the best setup but its out of my power to change it :-(

Basically there are 3 levels of users - Admin - Managers - Staff

Few notes: -Each member of staff belongs to department -If the Staffs logon_code appears in the manager table they are a Manager, otherwise they are a member of staff -If the staffs logon_code appears in the manager table and SystemAdmin is set to 1, they are Admin

How on earth do I go about setting ACL/Auth for this? Any ideas?

CREATE TABLE tblStaff ( StaffID int(11) NOT NULL auto_increment, dept_id varchar(5) default NULL, logon_code char(10) NOT NULL, forename char(50) NOT NULL, surname char(50) NOT NULL, PRIMARY KEY (StaffID), ) ;

CREATE TABLE tblManager ( ManagerID varchar(15) NOT NULL, logon_code varchar(15) NOT NULL, dept_id varchar(5) NOT NULL, SystemAdmin tinyint(1) unsigned default NULL, PRIMARY KEY (ManagerID) ) ;

CREATE TABLE tblDepartment ( dept_id varchar(5) NOT NULL, sect_id varchar(50) default NULL, subsect_id varchar(50) default NULL, sect_name varchar(50) default NULL, sect_abbr varchar(50) default NULL, subsect_name varchar(50) default NULL, PRIMARY KEY (dept_id) ) ;

+1  A: 

I honestly don't see why tblStaff and tblManager should be separated in your example. Aren't they all "employees" i.e. "staff" in some sort of way?

Why not:

create table tblUsers (UserID, logon_code, dept_id, SystemAdmin, firstname, lastname, etc)

After all, regardless of whether they will be "staff" or "manager" they will be "users" of your application.

Additionally, if you need more separation of those, you can add another field (such as user_level_id) which will determine the role of every user. After that, Auth/ACL should be fairly straightforward.

dr Hannibal Lecter
The tblManager table is needed bacause it is possible for a member of staff to be in charge of more than one department..But it does help knowing that staffid and a "user_level_id" need to be somewhere
Jenski
This can be solved by a HABTM relation between your tblUsers and tblDepartments, no need to keep two tables. The keyword here is normalization.
dr Hannibal Lecter
In theory isn't the tblManager the link table in the HABTM relationship? 1 Member of staff can have 2 or more managers 1 department can have 2 or more managers System Permissions stored on the Manager Table to determine what they can/can't have access to
Jenski
Actually, that seems like a very good idea (if that's what you need), but you'll need a lot of coding when it comes to ACL later. If you also need to define ACL for staff members, the problem with the ACL is going to be the fact that an ACL node cannot have two parents, but in your case one member of staff can have two managers. If this is not the case (i.e. you define ACL for managers only), then "staff belongsTo departments hasMany managers" should be the correct setup.
dr Hannibal Lecter
I have the relationship "staff belongsTo departments hasMany managers", how do I now link the ACL? As I don't have a group table as such but tblManagers with specific permissions...
Jenski