Loading...
Answers
MenuWhat is the best way to do a permissions system for a low traffic administration system, PHP preferred, but general suggestion is also valuable.
I have an admin with 5 or 6 user types (admins, users, partners, curators, vendors, etc.) each can have access to different pages as well as different functions within a page. Wondering what best practices might be in designing a methodology for this with least amount of if statements, which is pretty much how I handle it now.
Answers
Hi,
I have been a PHP developer for 13 years and have experience building enterprise applications.
What framework are you using? Most PHP frameworks have a built in authentication and authorization mechanism. For example, Yii has a builtin RBAC system that allow you to define a hierarchical permission system.
If you're not using a framework or you just want to implement your own system for whatever reason then you can utilize Object Oriented Design and implement a Base controller (if MVC) that checks the permission for each request. That won't use a lot of if statements.
Probably need more info, to give definitive guidance. Hope that helps.
Are you using a MySQL Database? And is your PHP application coded using any frameworks that you know of, Zend, Symfony, Yii, Laravel, Codeigniter? A lot of those frameworks already have permission systems built in.
Assuming you're not using any of those, one option is creating roles, then assigning those roles to your different PHP pages, and you would then assign the roles to a user.
Here's an example of how to structure the database.
You need at least 4 tables
roles: id, name
This would be for adding the role names (admin, users, partners, etc)
role_permissions: id, role_id, page_name
This would be assigning what pages a specific role can access.
user_roles: id, user_id, role_id
This is where you assign a user to a role
users: id, username, password, email
(I'm assuming you already have a users table, but this is were your users would be stored)
Now let's assume you have all the roles configured and a users assigned.
SELECT COUNT(rp.page_name) FROM user_roles AS ur
JOIN role_permissions AS rp ON rp.role_id=ur.role_id
WHERE ur.user_id=:user_id AND
rp.page_name=:page_name
If the result equals 1 the user has permission to view the page, if 0, they do not.
This is one of the most scalable and configurable ways to handle RBAS (Role Based Access Systems)
If you'd like I can draw out detailed blueprints (WireFrames) on how the UI would look for configuring roles and assigning them to users and how to implement a re-useable class so you only need to write 1 line of code to check if a user has permission to access a specific page.
I'd be happy to speak with you over the phone to go over this more in detail.
Related Questions
-
What learning path do I have to take to become a "full-stack" web developer?
If I was just starting out, I'd consider learning Meteor (https://www.meteor.com/). It's just entered version 1.0 and after working with it for a little less than a year I do have some issues with it but it still makes for a very solid framework that gets you up and running very fast. You would only need to learn Javascript, and you can slowly work your way towards nodejs from there (which Meteor is based on) if you want to, or you could get the basics down and focus on learning design if you prefer.KD
-
How do you manage a developer who's slow, especially when you have a small budget and you don't feel like you'll get things done in time?
Usually Programmers are only slow when they don't know how to solve a particular problem. So they will spend a lot of time researching and a lot of trial & errors to solve a problem. It is important that before you engage a programmer on a project, you break down the entire project into simple, easy to understand modules. Let him give you an estimate of how many hours he will require to complete each of the modules. Example: a typical site will have a login module, registration, My account, profile etc. So let him estimate how much he will require to do the login. You can go even detail here. (e.g. how much extra time if you were to implement Facebook/Twitter Login?). Once he start developing, track his progress closely and make sure he is following his given timeline. If he goes over his budgeted time on a module, talk with him and see what went wrong. It is often seen that they may be wasting their time on something very insignificant that you may have asked him to implement, but you can totally go by without it too. So by understanding what is taking longer time, you will be able to prioritise things better. You definitely need some tools to get this done. Google Spreadsheet or Excel works just fine. But if you don't mind spending a few bucks there are many agile project management tools that you might look into. Here is a list, google them all and sign up for trials: * AgileZen * Agile Bench * Assembla * AssiTrack * Blossom * Basecamp * Breeze * DoneDone * Eidos * Fogbugz * GreenHopper * Jugggla * Kanbanpad * Pivotal Tracker Or the reason why he is slow can be purely non-technical. Sometime your developer may don't share the same level of enthusiasm as you about the idea that you are working on. They often don't often see the "bigger picture" (since you don't share everything with them explicitly). If you can somehow get them excited about what he is a part of, it will work like a drug :) He will work day and night without questioning you. But you need to work equally as hard as him. The moment he sees that you are the boss and he is just the guy doing work for you -- his mentality will shift from being part of something to being the low paid developer. Ultimately its all about motivation and making him a part of your venture. After all he deserves it, if he is really playing a crucial role in the entire development.SK
-
What are the key accomplishments for the first year of a startup?
A generalized question can only get a generalized answer. The most significant accomplishment is validating that the product you have built is a fit with your target market. This is demonstrated primarily by engagement (the people who sign-up or who previously visited, continue to return) and secondarily by growth, ideally based on word-of-mouth or viral growth but effectively converting paid traffic is a great second prize. Other significant accomplishments include: Not running out of money Recruiting and retaining great talent who believe in the founders' vision. Your loved ones not thinking you're as crazy as they thought you were a year ago. I'm happy to talk to you in a call to give you more specifics about what you want to set as your goals more specific to your startup.TW
-
How much should I charge to develop a WordPress site?
Take the # of hours it takes you to do it and charge $50/hour. That's the price. Eventually you can charge $100/hour but that will require a bigger customer. If the customer is small < $1M in gross sales per year - charge $50/hour If the customer id medium < $1-5M / sales - charge $75 Over $5M - charge $100 The challenge you'll face is clearly defining the expectations and handoff so that you're not stuck doing stuff that you can charge for and always getting interrupted from past customers.DM
-
Can a WordPress site be converted into an iOS app?
Be careful when simply wrapping things into a mobile app. This can backfire on you and you could be presented with some very harsh edge cases. PHP isn't going to be encapsulated so much as the HTML/CSS/JavaScript. So keep in mind your mobile application could likely be in a position of requiring an online connection to work (because it must interface with your existing hosted WordPress site). This could also mean your hosting solution needs to be evaluated to ensure you can handle any increased traffic (and those traffic patterns could be different when coming from a mobile app that perhaps loads things the user doesn't see right away, accesses content that may not be cached, etc.). You want to ensure your server doesn't go down because then your mobile app would be "down" as well. That said... Things like Phonegap (web views) are a wonderful idea for utility apps because the performance is good enough for those (and hey even some games) and they end up being easily ported across many mobile operating systems. I would look into Phonegap, Appgyver (a new and totally awesome one because parts of it will utilize the native OS and your app will feel more responsive), Appcelerator Titanium, and perhaps even the new Famo.us one. Also take a look at the Ionic Framework for some further ideas about mobile UI and what you can do with these web view style apps.TM
the startups.com platform
Copyright © 2025 Startups.com. All rights reserved.