All geek questions in one place

How to structure groups within a website? (admin, administrator privileges, user ID)

I am going to create a small user system, but I have questions.

  • If I were to make a registration table (mysql), what’s wrong, just saving the password and username in the database without encryption?

  • I'm trying to think about how to create an admin part. Should I just check the column in the database to see if the user is an administrator or not? If true, the admin page will open.

  • For administrator privileges, let's say I have 3 privileges: delete the user, approve the user and move the user. In several scenarios, I can only give some people the opportunity to approve or delete either all or any combination. How can I do it? I thought about having a column for each power and checked the script for each column. Suppose I have more than 20 credentials to be added.

  • If I have a website where people can create groups and become administrators of their groups, and these administrators can give different combinations of administrator privileges to people in their group (for example, Zack creates a group and is called Mountain and grants one member can approve new members of the group and gives the second member the ability to remove members and assigns the third member the option to delete and approve.How will I structure this in MySQL? Should I use columns that say which group they are admin and which they have the ability to be like a column: delete, approve, GroupMemberOf, GroupAdminOf and use checks.

I have an idea, but I want to learn more complex ways.

, , ( 2 - 4). , , . p >

+3
8
  • hash , , , , .

2 - 4. (1: member, 2: moderator (), 3: admin) , -- ,

id (auto_increment)|usr_id|role_id|group_id
-------------------------------------------
1                  |1     |3      |-1
2                  |2     |2      |1
3                  |2     |3      |2
4                  |3     |1      |2

1 , 2 3 2, 3 2.

[EDIT:]

: , . MVC , () , , . (), , .

,

class Authorization
{
    public $authorized = false;

    public function dummy()
    {
        $this->authorized = true;
    }

    public function member($usr_id, $group_id = null)
    {
        $sql = "SELECT usr_id FROM usr_roles WHERE usr_id = " . $usr_id . ($group_id !== null) ? " AND group_id " . $group_id : "";
        // count the results of $sql query
        // or some more stuff
        if ($results > 1)
        {
            $this->authorized = true;
        }
        else
        {
            $this->authorized = false;
        } 
    }

    // the other functions
}

:

class BaseController extends Controller
{
    protected $authorization;
    public function __construct()
    {
        $this->authorization = new Authorization();
    }

    public function render()
    {
        if ($this->authorization->authorized === true)
        {
            parent::render
        }
        else
        {
            // redirect to not authorized page 
        }
    }
}

, , :

class IndexController extends BaseController
{
    // some stuff, methods etc.

    // methods needs logged in user and user must be a member. 
    public function index()
    {
        $this->authorization->member($session_user->getId());
    }
}

[EDIT2:]

, :

:

role_id|role_name
-----------------
1      |member
2      |moderator
3      |admin

authorize() :

// role_name = "member", "moderator", "admin"
function authorize($usr_id = null, $role_name = null, group_id = null)
{
    // test for user in group and role, return boolean

}


if (authorize($usr_id, "moderator", 2)
{
    // show stuff, if user with $usr_id is moderator for group 2
}
else
{
    // do something else
}
// stuff for all
+5
  • , , - . , , , . ( , , .)
+3

1) , - , . , .

$password = "Mypassword";
$salt = "a unique and constant string";
$password = md5($password.$salt);

, md5();, md5(). , .

, , md5 , :

$password = "check_this_password";
if(md5($password.$salt) === $originalPassword) 
{ 
    //same password
}

2) , . , . , , .

3) - , . , , prm_group_id, . , :

prm_user_id  | prm_permission
   0         | Admin
   0         | Delete
   1         | Add

. , SQL PHP.

function hasPermission($permission, $userID)
{
  $permissions = array();

  $sql = "SELECT prm_permission FROM user_permissions WHERE prm_user_id = $userID";
  $query = mysql_query($sql);

  while($data = mysql_fetch_array($query))
  {
     $permissions[] = $data['prm_permission'];
  }

  //Check if they have a permission with this:
  if(in_array($permission, $permissions))
  {
     return true;
  }
return false;
}

, , . .

+3
  • , , , . , .

2+. sql

, , . . "", , ( PHP MySQL) . MySQL, :

INSERT INTO group_user_permissions
    SELECT `group_user`.`groupid`, `group_user`.`userid`, `permission`.`permbit`
        FROM permission, `group_user`
    WHERE `group_user`.`groupid` = 1
        AND `group_user`.`userid` = 1

group_user_permission groupid userid ( groupid 1 userid 1).

, , group_user_permission, , , . , , permbits, permbits permbits.

, - , ( ). PHP :

if( $permbit === "approve" )


if( $permbit === 1 )

!

0

, , CakePHP . ( PHP, , CakePHP .)

user-permissions-and-cakephp

, (, CRUD Admin) , , /, .

PermID | Deny or Allow | Action | Entity

, PermId, , (, ) ( ).

, ACL, DACL , (, , ), , . , /.

, - :

PermID | Type  | Action  | Entity
-------+-------+---------+------------
  1    | Allow | Read    | User_Entry
  2    | Allow | Delete  | User_Entry
  3    | Allow | Move    | User_Entry
  4    | Allow | Approve | User_Entry
  5    | Allow | Create  | User_Entry

, 1-5, " " 1 5. ( "" "", ).

Id | Grp    | PermId
---+--------+-----
 1 | Admin  | 1
 2 | Admin  | 2
 3 | Admin  | 3
 4 | Admin  | 4
 5 | Admin  | 5
 6 | Normal | 1
 7 | Normal | 5

, , (, ), . "", , DACL . Power User, , User_Entry.

PermID | Type  | Action  | Entity
-------+-------+---------+------------
  6    | Allow | All     | User_Entry
  7    | Deny  | Delete  | User_Entry


Id | Grp    | PermId
---+--------+-----
 8 | Power  | 6
 9 | Power  | 7

, , " " - . {homegrp}/UserEntry, UserEntry, .

, woffley, , . (, - , , ...)

0

2-4 .

0

2..

3 .. It's easy if you have a finite number of permissions

4 .. I wrote this a couple of years ago, and it is in great use in a large company. Contact me if you want more information about the scheme.

-1
source

Source: https://habr.com/ru/post/1719423/

More articles:


All Articles