#1
  1. No Profile Picture
    frequent PHP idiot
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    354
    Rep Power
    12

    Structural access question


    I have users and admins. Obviously admins need more features than users. How would I go about implementing these 2 UI's? Should I develop 2 blocks of code, one for each or for each new feature should I just check if the user is admin or not? My concern is having 2 blocks of code to maintain, but I also don't want 500 of the same if/else statement all around the interface.

    Whats the best way to do this?
  2. #2
  3. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    Read about access control lists

    You basically maintain a list (in a database) which would map ( in your case) user groups, eg users and admins; with what they are/are not allowed to do.

    When a request comes in you query the acl to make the decision
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  4. #3
  5. No Profile Picture
    frequent PHP idiot
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    354
    Rep Power
    12
    Originally Posted by Northie
    Read about access control lists

    You basically maintain a list (in a database) which would map ( in your case) user groups, eg users and admins; with what they are/are not allowed to do.

    When a request comes in you query the acl to make the decision
    thanks for the info. The concept name is exactly what I was looking for.
  6. #4
  7. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,181
    Rep Power
    9398
    Consider phrasing the problem not as "which UI do I show" but rather "what parts of the UI do I show". Unless they're completely different, an admin will probably be able to do everything a regular user can plus more, and deciding whether to show or hide that "plus more" can be much easier.
  8. #5
  9. No Profile Picture
    frequent PHP idiot
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    354
    Rep Power
    12
    Could i also use this concept to show various parts of the UI based on which page I'm on? Or am I just overcomplicating things?
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,008
    Rep Power
    376
    yes you could show various parts of the UI.

    Q about controlling access: should you store that info in a session? i.e. session['type'] = admin or should you query the db everytime?
  12. #7
  13. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    The session will identify the user (and user group) then query the database for user group, component and allowed action
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]

IMN logo majestic logo threadwatch logo seochat tools logo