Loading...
Answers
MenuWhat is the best way to do a permissions system for a low traffic administration system, PHP preferred, but general suggestion is also valuable.
I have an admin with 5 or 6 user types (admins, users, partners, curators, vendors, etc.) each can have access to different pages as well as different functions within a page. Wondering what best practices might be in designing a methodology for this with least amount of if statements, which is pretty much how I handle it now.
Answers
Hi,
I have been a PHP developer for 13 years and have experience building enterprise applications.
What framework are you using? Most PHP frameworks have a built in authentication and authorization mechanism. For example, Yii has a builtin RBAC system that allow you to define a hierarchical permission system.
If you're not using a framework or you just want to implement your own system for whatever reason then you can utilize Object Oriented Design and implement a Base controller (if MVC) that checks the permission for each request. That won't use a lot of if statements.
Probably need more info, to give definitive guidance. Hope that helps.
Are you using a MySQL Database? And is your PHP application coded using any frameworks that you know of, Zend, Symfony, Yii, Laravel, Codeigniter? A lot of those frameworks already have permission systems built in.
Assuming you're not using any of those, one option is creating roles, then assigning those roles to your different PHP pages, and you would then assign the roles to a user.
Here's an example of how to structure the database.
You need at least 4 tables
roles: id, name
This would be for adding the role names (admin, users, partners, etc)
role_permissions: id, role_id, page_name
This would be assigning what pages a specific role can access.
user_roles: id, user_id, role_id
This is where you assign a user to a role
users: id, username, password, email
(I'm assuming you already have a users table, but this is were your users would be stored)
Now let's assume you have all the roles configured and a users assigned.
SELECT COUNT(rp.page_name) FROM user_roles AS ur
JOIN role_permissions AS rp ON rp.role_id=ur.role_id
WHERE ur.user_id=:user_id AND
rp.page_name=:page_name
If the result equals 1 the user has permission to view the page, if 0, they do not.
This is one of the most scalable and configurable ways to handle RBAS (Role Based Access Systems)
If you'd like I can draw out detailed blueprints (WireFrames) on how the UI would look for configuring roles and assigning them to users and how to implement a re-useable class so you only need to write 1 line of code to check if a user has permission to access a specific page.
I'd be happy to speak with you over the phone to go over this more in detail.
Related Questions
-
Can a WordPress site be converted into an iOS app?
Be careful when simply wrapping things into a mobile app. This can backfire on you and you could be presented with some very harsh edge cases. PHP isn't going to be encapsulated so much as the HTML/CSS/JavaScript. So keep in mind your mobile application could likely be in a position of requiring an online connection to work (because it must interface with your existing hosted WordPress site). This could also mean your hosting solution needs to be evaluated to ensure you can handle any increased traffic (and those traffic patterns could be different when coming from a mobile app that perhaps loads things the user doesn't see right away, accesses content that may not be cached, etc.). You want to ensure your server doesn't go down because then your mobile app would be "down" as well. That said... Things like Phonegap (web views) are a wonderful idea for utility apps because the performance is good enough for those (and hey even some games) and they end up being easily ported across many mobile operating systems. I would look into Phonegap, Appgyver (a new and totally awesome one because parts of it will utilize the native OS and your app will feel more responsive), Appcelerator Titanium, and perhaps even the new Famo.us one. Also take a look at the Ionic Framework for some further ideas about mobile UI and what you can do with these web view style apps.TM
-
How do you manage a developer who's slow, especially when you have a small budget and you don't feel like you'll get things done in time?
Usually Programmers are only slow when they don't know how to solve a particular problem. So they will spend a lot of time researching and a lot of trial & errors to solve a problem. It is important that before you engage a programmer on a project, you break down the entire project into simple, easy to understand modules. Let him give you an estimate of how many hours he will require to complete each of the modules. Example: a typical site will have a login module, registration, My account, profile etc. So let him estimate how much he will require to do the login. You can go even detail here. (e.g. how much extra time if you were to implement Facebook/Twitter Login?). Once he start developing, track his progress closely and make sure he is following his given timeline. If he goes over his budgeted time on a module, talk with him and see what went wrong. It is often seen that they may be wasting their time on something very insignificant that you may have asked him to implement, but you can totally go by without it too. So by understanding what is taking longer time, you will be able to prioritise things better. You definitely need some tools to get this done. Google Spreadsheet or Excel works just fine. But if you don't mind spending a few bucks there are many agile project management tools that you might look into. Here is a list, google them all and sign up for trials: * AgileZen * Agile Bench * Assembla * AssiTrack * Blossom * Basecamp * Breeze * DoneDone * Eidos * Fogbugz * GreenHopper * Jugggla * Kanbanpad * Pivotal Tracker Or the reason why he is slow can be purely non-technical. Sometime your developer may don't share the same level of enthusiasm as you about the idea that you are working on. They often don't often see the "bigger picture" (since you don't share everything with them explicitly). If you can somehow get them excited about what he is a part of, it will work like a drug :) He will work day and night without questioning you. But you need to work equally as hard as him. The moment he sees that you are the boss and he is just the guy doing work for you -- his mentality will shift from being part of something to being the low paid developer. Ultimately its all about motivation and making him a part of your venture. After all he deserves it, if he is really playing a crucial role in the entire development.SK
-
How can I manage my developers' performance if I don't understand IT?
Whenever you assign them a task, break down the task into small chunks. Make the chunks as small as you can (within reason, and to the extent that your knowledge allows), and tell your devs that if any chunks seem large, that they should further break those chunks down into bite size pieces. For instance, for the overall task of making a new webpage, _you_ might break it down as follows: 1) Set up a database 2) Make a form that takes user email, name, and phone number and adds them to database 3) Have our site send an email to everyone above the age of 50 each week When your devs take a look at it, _they_ might further break down the third step into: A) Set up an email service B) Connect it to the client database C) Figure out how to query the database for certain users D) Have it send emails to users over 50 You can keep using Asana, or you could use something like Trello which might make more sense for a small company, and might be easier to understand and track by yourself. In Trello you'd set up 4 columns titled, "To Do", "Doing", "Ready for Review", "Approved" (or combine the last two into "Done") You might want to tell them to only have tasks in the "Doing" column if they/re actually sitting at their desk working on it. For instance: not to leave a task in "Doing" overnight after work. That way you can actually see what they're working on and how long it takes, but that might be overly micro-manager-y At the end of each day / week when you review the tasks completed, look for ones that took a longer time than average (since, on average, all the tasks should be broken down into sub-tasks of approximately the same difficulty). Ask them about those tasks and why they took longer to do. It may be because they neglected to further break it down into chunks as you had asked (in which case you ask them to do that next time), or it may be that some unexpected snag came up, or it may be a hard task that can't be further broken down. In any case, listen to their explanation and you should be able to tell if it sounds reasonable, and if it sounds fishy, google the problem they say they encountered. You'll be able to get a better feel of their work ethic and honesty by how they answer the question, without worrying as much about what their actual words are. Make sure that when you ask for more details about why a task took longer, you don't do it in a probing way. Make sure they understand that you're doing it for your own learning and to help predict and properly plan future timelines.LV
-
What learning path do I have to take to become a "full-stack" web developer?
If I was just starting out, I'd consider learning Meteor (https://www.meteor.com/). It's just entered version 1.0 and after working with it for a little less than a year I do have some issues with it but it still makes for a very solid framework that gets you up and running very fast. You would only need to learn Javascript, and you can slowly work your way towards nodejs from there (which Meteor is based on) if you want to, or you could get the basics down and focus on learning design if you prefer.KD
-
How to upload images to a server in titanium? I have a php script in the server that receives the images, but it's not working: can't upload images.
you should rather put this question on stackoverflow.com, catch the error message, paste your code so experts can understand what's going wrong. Example : http://stackoverflow.com/questions/2532478/how-to-upload-images-from-iphone-app-developed-using-titaniumLR
the startups.com platform
Copyright © 2025 Startups.com. All rights reserved.