Loading...
Answers
MenuWhat is the best way to do a permissions system for a low traffic administration system, PHP preferred, but general suggestion is also valuable.
I have an admin with 5 or 6 user types (admins, users, partners, curators, vendors, etc.) each can have access to different pages as well as different functions within a page. Wondering what best practices might be in designing a methodology for this with least amount of if statements, which is pretty much how I handle it now.
Answers
Hi,
I have been a PHP developer for 13 years and have experience building enterprise applications.
What framework are you using? Most PHP frameworks have a built in authentication and authorization mechanism. For example, Yii has a builtin RBAC system that allow you to define a hierarchical permission system.
If you're not using a framework or you just want to implement your own system for whatever reason then you can utilize Object Oriented Design and implement a Base controller (if MVC) that checks the permission for each request. That won't use a lot of if statements.
Probably need more info, to give definitive guidance. Hope that helps.
Are you using a MySQL Database? And is your PHP application coded using any frameworks that you know of, Zend, Symfony, Yii, Laravel, Codeigniter? A lot of those frameworks already have permission systems built in.
Assuming you're not using any of those, one option is creating roles, then assigning those roles to your different PHP pages, and you would then assign the roles to a user.
Here's an example of how to structure the database.
You need at least 4 tables
roles: id, name
This would be for adding the role names (admin, users, partners, etc)
role_permissions: id, role_id, page_name
This would be assigning what pages a specific role can access.
user_roles: id, user_id, role_id
This is where you assign a user to a role
users: id, username, password, email
(I'm assuming you already have a users table, but this is were your users would be stored)
Now let's assume you have all the roles configured and a users assigned.
SELECT COUNT(rp.page_name) FROM user_roles AS ur
JOIN role_permissions AS rp ON rp.role_id=ur.role_id
WHERE ur.user_id=:user_id AND
rp.page_name=:page_name
If the result equals 1 the user has permission to view the page, if 0, they do not.
This is one of the most scalable and configurable ways to handle RBAS (Role Based Access Systems)
If you'd like I can draw out detailed blueprints (WireFrames) on how the UI would look for configuring roles and assigning them to users and how to implement a re-useable class so you only need to write 1 line of code to check if a user has permission to access a specific page.
I'd be happy to speak with you over the phone to go over this more in detail.
Related Questions
-
I have this social media idea,but no coding skills. How do I get someone to do the coding (cant afford to pay them) and not give away half of my idea?
Dilip was very kind in his response. My answer might be a bit on the "tough love" side. But that's for you to decide. My intention, just for the record, is to help you (and those like you) on your path to success. And that starts with having a viable philosophy about entrepreneurial-ism and business. And I'm going to answer this because I get asked some form / version of this question very frequently from newcomers to entrepreneurial-ism. The scenario goes something like this: "I have a great idea. It's amazing, I love it, and I just KNOW it's gonna make me a ton of money. But I have no money right now so I can't afford to (fill in the blank with things like "to build it / create it / market it / etc" or "to hire the required staff needed to work in my business to sell it / develop it / etc"). And I don't want to tell anyone about my great idea because I'm worried someone will steal it and make MY million / billion dollars. But I can't afford to legally protect it either... So how do I launch without the skills to personally create the product AND no money to hire anyone else to do that either??" The answer is ... You don't. Look - let's be honest. All you have is an idea. Big deal. Really. I'm not saying it's not a good idea. I'm not saying that if properly executed it couldn't make you a million / billion dollars... But an idea is NOT a business. Nor is it an asset. Until you do some (very important) initial work - like creating a business model, doing customer development, creating a MVP, etc - all you really have is a dream. Right now your choices are: 1. Find someone with the skills or the money to develop your idea and sell them on WHY they should invest in you. And yes, this will mean giving up either a portion of the "ownership" or of future income or equity. And the more risk they have to take - the more equity they will want (and quite frankly be entitled to). 2. Learn how to code and build it yourself. MANY entrepreneurs without financial resources are still resourceful. They develop the skills needed to create what they don't have the money to pay someone else to do. 3. Get some cash so you can pay someone to do the coding. You'll probably have to have some knowledge of coding to direct the architecture of your idea. So you will likely still have to become knowledgeable even if its not you personally doing the coding. (This is not meant to be a comprehensive list of options... And I'm sure some of the other experts here on Clarity have others to add - and I hope they do) To wrap up - Here's my final tip to you that I hope you "get"... It's FAR more valuable to have an idea that a very specific hungry crowd is clamoring for right now - One that THEY would love and pay you for right now - Maybe even one they'd pre-order because they just have to have it - Versus YOU being in love with your own idea. [Notice I didn't say "an idea that some as-of-yet-undetermined market would probably love"] I wish you the best of luck moving forward.DB
-
Can a WordPress site be converted into an iOS app?
Be careful when simply wrapping things into a mobile app. This can backfire on you and you could be presented with some very harsh edge cases. PHP isn't going to be encapsulated so much as the HTML/CSS/JavaScript. So keep in mind your mobile application could likely be in a position of requiring an online connection to work (because it must interface with your existing hosted WordPress site). This could also mean your hosting solution needs to be evaluated to ensure you can handle any increased traffic (and those traffic patterns could be different when coming from a mobile app that perhaps loads things the user doesn't see right away, accesses content that may not be cached, etc.). You want to ensure your server doesn't go down because then your mobile app would be "down" as well. That said... Things like Phonegap (web views) are a wonderful idea for utility apps because the performance is good enough for those (and hey even some games) and they end up being easily ported across many mobile operating systems. I would look into Phonegap, Appgyver (a new and totally awesome one because parts of it will utilize the native OS and your app will feel more responsive), Appcelerator Titanium, and perhaps even the new Famo.us one. Also take a look at the Ionic Framework for some further ideas about mobile UI and what you can do with these web view style apps.TM
-
What learning path do I have to take to become a "full-stack" web developer?
If I was just starting out, I'd consider learning Meteor (https://www.meteor.com/). It's just entered version 1.0 and after working with it for a little less than a year I do have some issues with it but it still makes for a very solid framework that gets you up and running very fast. You would only need to learn Javascript, and you can slowly work your way towards nodejs from there (which Meteor is based on) if you want to, or you could get the basics down and focus on learning design if you prefer.KD
-
What are the key accomplishments for the first year of a startup?
A generalized question can only get a generalized answer. The most significant accomplishment is validating that the product you have built is a fit with your target market. This is demonstrated primarily by engagement (the people who sign-up or who previously visited, continue to return) and secondarily by growth, ideally based on word-of-mouth or viral growth but effectively converting paid traffic is a great second prize. Other significant accomplishments include: Not running out of money Recruiting and retaining great talent who believe in the founders' vision. Your loved ones not thinking you're as crazy as they thought you were a year ago. I'm happy to talk to you in a call to give you more specifics about what you want to set as your goals more specific to your startup.TW
-
How much should I charge to develop a WordPress site?
Take the # of hours it takes you to do it and charge $50/hour. That's the price. Eventually you can charge $100/hour but that will require a bigger customer. If the customer is small < $1M in gross sales per year - charge $50/hour If the customer id medium < $1-5M / sales - charge $75 Over $5M - charge $100 The challenge you'll face is clearly defining the expectations and handoff so that you're not stuck doing stuff that you can charge for and always getting interrupted from past customers.DM
the startups.com platform
Copyright © 2025 Startups.com. All rights reserved.