Jump to content
xisto Community
moldboy

Permission Help what is the best way to set permission

Recommended Posts

Lets say I want to using a database create a site kinda like a wiki that will allow only users with a certian permission level view it. and only users with an even higher level edit it. So you'd have three levels, can't see it, can see it, and can see and edit it.I can think of 3 ways to do this. 1) In the database for the page (where it's content is stored) there would be a coloum one for each of the above permissions, and users wh had that permission would be listed there.2) there is a table that just contains permissions so there would be three coloms storing boolian values for each permission.3) In the user's database there would be a permission coloumb that would state what permission they have.I was wondering what the most efficant way is, or the easiest, or most secure. What would you use?

Share this post


Link to post
Share on other sites

The solution you have requires three variables. One for can't see, one for can see, and another for can see and edit. First of all, that'll take some room in the database. Not much, I know, but when your user count gets higher, the storage will increase accordingly.If you are familiar with the permissions set on the cpanel for user groups and their ability to read/write/execute files, then you will be able to understand the following proposal pretty well.Use a single variable named "permissions" (if it is not a reserved word). By default, each user would be assigned a value of zero. Having a value of zero means the user can't see the page. When the user is able to see the page, set the variable to a value of one. How you detemine the ability to see the page is your call. And for those whom you allow to edit pages, make a value of two. Admin could have a value of 3 which means that they could alter the other user's values.So instead of three variables to check, you only have one. Read the user's value. Assume it is a zero, dis-allow reading the page. If it is equal or greater than 1, allow them to read the page. If it is equal or greater than 2, allow them to change the page. If it is equal or greter than 3, allow them to chage a user's value. It might seem to be more work, but not any more than dealing with the three variables. You would have to apply the same or similar number of logical checks before setting permissions, only this way you have one piece of data to read and deal with.Just trying to help...

Share this post


Link to post
Share on other sites

Probably attached to the table you would look up the password in. Since you would access the User-id table on sign-in, it would avoid having a separate look-up in another table for the permission.the table would be : ((username)(password)(permission))Look up the user to see if they have already registered, if not, then show the reg'n page.Use the password to verify the user and the permission to determine acces and level of access.Should work okay. The username would be a unique key, required. the password required. The default permission would be default = 0 and set or re-set by an admin or use some other criteria such as activity level. Example, once you post a certain number of times, you get to edit the posts??? Admin types could set the value on sign up or because they feel like it?Another way to do it would be set the value to 1 for read access on sign-up and re-set to 0 for banning a client?You'll figure something out. Good luck with it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.