Loading...
Answers
MenuWhat is the best way to do a permissions system for a low traffic administration system, PHP preferred, but general suggestion is also valuable.
I have an admin with 5 or 6 user types (admins, users, partners, curators, vendors, etc.) each can have access to different pages as well as different functions within a page. Wondering what best practices might be in designing a methodology for this with least amount of if statements, which is pretty much how I handle it now.
Answers
Hi,
I have been a PHP developer for 13 years and have experience building enterprise applications.
What framework are you using? Most PHP frameworks have a built in authentication and authorization mechanism. For example, Yii has a builtin RBAC system that allow you to define a hierarchical permission system.
If you're not using a framework or you just want to implement your own system for whatever reason then you can utilize Object Oriented Design and implement a Base controller (if MVC) that checks the permission for each request. That won't use a lot of if statements.
Probably need more info, to give definitive guidance. Hope that helps.
Are you using a MySQL Database? And is your PHP application coded using any frameworks that you know of, Zend, Symfony, Yii, Laravel, Codeigniter? A lot of those frameworks already have permission systems built in.
Assuming you're not using any of those, one option is creating roles, then assigning those roles to your different PHP pages, and you would then assign the roles to a user.
Here's an example of how to structure the database.
You need at least 4 tables
roles: id, name
This would be for adding the role names (admin, users, partners, etc)
role_permissions: id, role_id, page_name
This would be assigning what pages a specific role can access.
user_roles: id, user_id, role_id
This is where you assign a user to a role
users: id, username, password, email
(I'm assuming you already have a users table, but this is were your users would be stored)
Now let's assume you have all the roles configured and a users assigned.
SELECT COUNT(rp.page_name) FROM user_roles AS ur
JOIN role_permissions AS rp ON rp.role_id=ur.role_id
WHERE ur.user_id=:user_id AND
rp.page_name=:page_name
If the result equals 1 the user has permission to view the page, if 0, they do not.
This is one of the most scalable and configurable ways to handle RBAS (Role Based Access Systems)
If you'd like I can draw out detailed blueprints (WireFrames) on how the UI would look for configuring roles and assigning them to users and how to implement a re-useable class so you only need to write 1 line of code to check if a user has permission to access a specific page.
I'd be happy to speak with you over the phone to go over this more in detail.
Related Questions
-
How can I manage my developers' performance if I don't understand IT?
Whenever you assign them a task, break down the task into small chunks. Make the chunks as small as you can (within reason, and to the extent that your knowledge allows), and tell your devs that if any chunks seem large, that they should further break those chunks down into bite size pieces. For instance, for the overall task of making a new webpage, _you_ might break it down as follows: 1) Set up a database 2) Make a form that takes user email, name, and phone number and adds them to database 3) Have our site send an email to everyone above the age of 50 each week When your devs take a look at it, _they_ might further break down the third step into: A) Set up an email service B) Connect it to the client database C) Figure out how to query the database for certain users D) Have it send emails to users over 50 You can keep using Asana, or you could use something like Trello which might make more sense for a small company, and might be easier to understand and track by yourself. In Trello you'd set up 4 columns titled, "To Do", "Doing", "Ready for Review", "Approved" (or combine the last two into "Done") You might want to tell them to only have tasks in the "Doing" column if they/re actually sitting at their desk working on it. For instance: not to leave a task in "Doing" overnight after work. That way you can actually see what they're working on and how long it takes, but that might be overly micro-manager-y At the end of each day / week when you review the tasks completed, look for ones that took a longer time than average (since, on average, all the tasks should be broken down into sub-tasks of approximately the same difficulty). Ask them about those tasks and why they took longer to do. It may be because they neglected to further break it down into chunks as you had asked (in which case you ask them to do that next time), or it may be that some unexpected snag came up, or it may be a hard task that can't be further broken down. In any case, listen to their explanation and you should be able to tell if it sounds reasonable, and if it sounds fishy, google the problem they say they encountered. You'll be able to get a better feel of their work ethic and honesty by how they answer the question, without worrying as much about what their actual words are. Make sure that when you ask for more details about why a task took longer, you don't do it in a probing way. Make sure they understand that you're doing it for your own learning and to help predict and properly plan future timelines.Lee von KrausLV
-
What is the best method for presenting minimum viable products to potential customers?
Whoa, start by reading the Lean book again; you're questions suggest you are making a classical mistake made by too many entrepreneurs who live and breath Lean Startup. An MVP is not the least you can show someone to evaluate whether or not building it is a good idea; an MVP is, by it's very definition, the Minimum Viable Product - not less than that. What is the minimum viable version of a professional collaboration network in which users create a professional profile visible to others? A website on which users can register, have a profile, and in some way collaborate with others: via QA, chat, content, etc. No? A minimum viable product is used not to validate if something is a good idea but that you can make it work; that you can acquire users through the means you think viable, you can monetize the business, and that you can learn from the users' experience and optimize that experience by improving the MVP. Now, that doesn't mean you just go build your MVP. I get the point of your question, but we should distinguish where you're at in the business and if you're ready for an MVP or you need to have more conversations with potential users. Worth noting, MOST entrepreneurs are ready to go right to an MVP. It's a bit of a misleading convention to think that entrepreneurs don't have a clue about the industry in which they work and what customers want; that is to say, you shouldn't be an entrepreneur trying to create this professional collaboration network if you don't know the market, have done some homework, talked to peers and friends, have some experience, etc. and already know that people DO want such a thing. Presuming you've done that, what would you present to potential users BEFORE actually building the MVP? For what do you need nothing more than some slides? It's not a trick question, you should show potential users slides and validate that what you intend to build is the best it can be. I call it "coffee shop testing" - build a slide of the homepage and the main screen used by registered users; sit in a coffee shop, and buy coffee for anyone who will give you 15 minutes. Show them the two slides and listen; don't explain, ONLY ask.... - For what is this a website? - Would you sign up for it? Why? - Would you tell your friends? Why? - What would you pay for it? Don't explain ANYTHING. If you have to explain something, verbally, you aren't ready to build your MVP - potential customers don't get it. Keep working with that slide alone until you get enough people who say they will sign up and know, roughly, what people will pay. THEN build your MVP and introduce it first to friends, family, peers, etc. to get your earliest adopters. At some point you're going to explore investors. There is no "ready" as the reaction from investors will entirely depend on who you're talking to, why, how much you need, etc. If you want to talk to investors with only the slides as you need capital to build the MVP, your investors are going to be banks, grants, crowdfunding, incubators, and MAYBE angels (banks are investors?! of course they are, don't think that startups only get money from people with cash to give you for equity). Know that it's VERY hard to raise money at this stage; why would I invest in your idea when all you've done is validate that people probably want it - you haven't built anything. A bank will give you a loan to do that, not many investors will take the risk. Still, know not that your MVP is "ready" but that at THAT stage, you have certain sources of capital with which you could have a conversation. When you build the MVP, those choices change. Now that you have something, don't talk to a bank, but a grant might still be viable. Certainly: angels, crowdfunding, accelerators, and maybe even VCs become interested. The extent to which they are depends on the traction you have relative to THEIR expectations - VCs are likely to want some significant adoption or revenue whereas Angels should be excited for your early adoption and validation and interested in helping you scale.Paul O'BrienPO
-
Can a WordPress site be converted into an iOS app?
Be careful when simply wrapping things into a mobile app. This can backfire on you and you could be presented with some very harsh edge cases. PHP isn't going to be encapsulated so much as the HTML/CSS/JavaScript. So keep in mind your mobile application could likely be in a position of requiring an online connection to work (because it must interface with your existing hosted WordPress site). This could also mean your hosting solution needs to be evaluated to ensure you can handle any increased traffic (and those traffic patterns could be different when coming from a mobile app that perhaps loads things the user doesn't see right away, accesses content that may not be cached, etc.). You want to ensure your server doesn't go down because then your mobile app would be "down" as well. That said... Things like Phonegap (web views) are a wonderful idea for utility apps because the performance is good enough for those (and hey even some games) and they end up being easily ported across many mobile operating systems. I would look into Phonegap, Appgyver (a new and totally awesome one because parts of it will utilize the native OS and your app will feel more responsive), Appcelerator Titanium, and perhaps even the new Famo.us one. Also take a look at the Ionic Framework for some further ideas about mobile UI and what you can do with these web view style apps.Tom MaiarotoTM
-
How much should I charge to develop a WordPress site?
Take the # of hours it takes you to do it and charge $50/hour. That's the price. Eventually you can charge $100/hour but that will require a bigger customer. If the customer is small < $1M in gross sales per year - charge $50/hour If the customer id medium < $1-5M / sales - charge $75 Over $5M - charge $100 The challenge you'll face is clearly defining the expectations and handoff so that you're not stuck doing stuff that you can charge for and always getting interrupted from past customers.Dan MartellDM
-
How to upload images to a server in titanium? I have a php script in the server that receives the images, but it's not working: can't upload images.
you should rather put this question on stackoverflow.com, catch the error message, paste your code so experts can understand what's going wrong. Example : http://stackoverflow.com/questions/2532478/how-to-upload-images-from-iphone-app-developed-using-titaniumLaurent RogerLR
the startups.com platform
Copyright © 2025 Startups.com. All rights reserved.