Loading...
Answers
MenuWhat is the best way to do a permissions system for a low traffic administration system, PHP preferred, but general suggestion is also valuable.
I have an admin with 5 or 6 user types (admins, users, partners, curators, vendors, etc.) each can have access to different pages as well as different functions within a page. Wondering what best practices might be in designing a methodology for this with least amount of if statements, which is pretty much how I handle it now.
Answers
Hi,
I have been a PHP developer for 13 years and have experience building enterprise applications.
What framework are you using? Most PHP frameworks have a built in authentication and authorization mechanism. For example, Yii has a builtin RBAC system that allow you to define a hierarchical permission system.
If you're not using a framework or you just want to implement your own system for whatever reason then you can utilize Object Oriented Design and implement a Base controller (if MVC) that checks the permission for each request. That won't use a lot of if statements.
Probably need more info, to give definitive guidance. Hope that helps.
Are you using a MySQL Database? And is your PHP application coded using any frameworks that you know of, Zend, Symfony, Yii, Laravel, Codeigniter? A lot of those frameworks already have permission systems built in.
Assuming you're not using any of those, one option is creating roles, then assigning those roles to your different PHP pages, and you would then assign the roles to a user.
Here's an example of how to structure the database.
You need at least 4 tables
roles: id, name
This would be for adding the role names (admin, users, partners, etc)
role_permissions: id, role_id, page_name
This would be assigning what pages a specific role can access.
user_roles: id, user_id, role_id
This is where you assign a user to a role
users: id, username, password, email
(I'm assuming you already have a users table, but this is were your users would be stored)
Now let's assume you have all the roles configured and a users assigned.
SELECT COUNT(rp.page_name) FROM user_roles AS ur
JOIN role_permissions AS rp ON rp.role_id=ur.role_id
WHERE ur.user_id=:user_id AND
rp.page_name=:page_name
If the result equals 1 the user has permission to view the page, if 0, they do not.
This is one of the most scalable and configurable ways to handle RBAS (Role Based Access Systems)
If you'd like I can draw out detailed blueprints (WireFrames) on how the UI would look for configuring roles and assigning them to users and how to implement a re-useable class so you only need to write 1 line of code to check if a user has permission to access a specific page.
I'd be happy to speak with you over the phone to go over this more in detail.
Related Questions
-
What 3 questions to pose to a developer, to gauge his expertise level?
If you're not technical yourself, then you might not be able to gauge the efficiency of a candidate's algorithms or critique her code. But there are still some higher-level, more behavioral things that a non-technical interviewer should be looking for in a strong development candidate: 1. What are some tech blogs that you follow? Explain an interesting article to me that you read from one of them. The software development world changes all the time. Best practices are constantly evolving and new libraries are regularly released which make developers more productive. If a candidate doesn't keep up with the latest software news, that might be a red flag that they're not curious or trying to improve themselves. Also, having them explain a technical concept to someone who's non-technical is a great way to gauge their communication skills. Do they seem like someone you could work with and understand easily? Do they care about pausing to make sure you understand, or do they just drone on with jargon? If you feel overwhelmed while they're explaining this answer, imagine how you'll feel when they're telling you why the product has bugs or isn't going to be done on schedule. 2. Tell me about a time you ran into a big roadblock with something you were building. How did you get past it? It's inevitable that a software developer will get tripped up or have to solve some Gordian Knot. Everyone has to bang their head against the wall from time to time. Maybe an API didn't have the data they needed or some function was running too slow and they weren't sure how to speed it up. You're looking to see how they are as a problem solver. Did they come up with a clever but hacky solution? Were they methodical or did they fly by the seat of their pants? Did they go back to the stakeholders and see if the feature's requirements were flexible? Did they work on it for hours and hours trying new things? Did they ask for help from colleagues or on the internet? No right or wrong answers here, but you want to get the sense that this isn't someone who throws up their hands when they hit some friction. 3. Tell me about your favorite project that you worked on. What work are you most proud of? By asking them about the project they're most proud of, you'll get to see what it is that they value most. Maybe one candidate is most proud of a side project they built, even if it wasn't that technically complex, while another candidate is proud of their esoteric PhD project or some specific algorithm they improved. Again, no right or wrong answers, it really depends what type of candidate you're looking for. But it lets you see into their mind a bit, and get at some of the aspects that can make someone a strong development candidate. If you want to talk more specifically about hiring for your team, I'd be happy to do a call!Hartley BrodyHB
-
How to upload images to a server in titanium? I have a php script in the server that receives the images, but it's not working: can't upload images.
you should rather put this question on stackoverflow.com, catch the error message, paste your code so experts can understand what's going wrong. Example : http://stackoverflow.com/questions/2532478/how-to-upload-images-from-iphone-app-developed-using-titaniumLaurent RogerLR
-
How do you manage a developer who's slow, especially when you have a small budget and you don't feel like you'll get things done in time?
Usually Programmers are only slow when they don't know how to solve a particular problem. So they will spend a lot of time researching and a lot of trial & errors to solve a problem. It is important that before you engage a programmer on a project, you break down the entire project into simple, easy to understand modules. Let him give you an estimate of how many hours he will require to complete each of the modules. Example: a typical site will have a login module, registration, My account, profile etc. So let him estimate how much he will require to do the login. You can go even detail here. (e.g. how much extra time if you were to implement Facebook/Twitter Login?). Once he start developing, track his progress closely and make sure he is following his given timeline. If he goes over his budgeted time on a module, talk with him and see what went wrong. It is often seen that they may be wasting their time on something very insignificant that you may have asked him to implement, but you can totally go by without it too. So by understanding what is taking longer time, you will be able to prioritise things better. You definitely need some tools to get this done. Google Spreadsheet or Excel works just fine. But if you don't mind spending a few bucks there are many agile project management tools that you might look into. Here is a list, google them all and sign up for trials: * AgileZen * Agile Bench * Assembla * AssiTrack * Blossom * Basecamp * Breeze * DoneDone * Eidos * Fogbugz * GreenHopper * Jugggla * Kanbanpad * Pivotal Tracker Or the reason why he is slow can be purely non-technical. Sometime your developer may don't share the same level of enthusiasm as you about the idea that you are working on. They often don't often see the "bigger picture" (since you don't share everything with them explicitly). If you can somehow get them excited about what he is a part of, it will work like a drug :) He will work day and night without questioning you. But you need to work equally as hard as him. The moment he sees that you are the boss and he is just the guy doing work for you -- his mentality will shift from being part of something to being the low paid developer. Ultimately its all about motivation and making him a part of your venture. After all he deserves it, if he is really playing a crucial role in the entire development.Saad KamalSK
-
What learning path do I have to take to become a "full-stack" web developer?
If I was just starting out, I'd consider learning Meteor (https://www.meteor.com/). It's just entered version 1.0 and after working with it for a little less than a year I do have some issues with it but it still makes for a very solid framework that gets you up and running very fast. You would only need to learn Javascript, and you can slowly work your way towards nodejs from there (which Meteor is based on) if you want to, or you could get the basics down and focus on learning design if you prefer.Kristian DupontKD
-
How can I manage my developers' performance if I don't understand IT?
Whenever you assign them a task, break down the task into small chunks. Make the chunks as small as you can (within reason, and to the extent that your knowledge allows), and tell your devs that if any chunks seem large, that they should further break those chunks down into bite size pieces. For instance, for the overall task of making a new webpage, _you_ might break it down as follows: 1) Set up a database 2) Make a form that takes user email, name, and phone number and adds them to database 3) Have our site send an email to everyone above the age of 50 each week When your devs take a look at it, _they_ might further break down the third step into: A) Set up an email service B) Connect it to the client database C) Figure out how to query the database for certain users D) Have it send emails to users over 50 You can keep using Asana, or you could use something like Trello which might make more sense for a small company, and might be easier to understand and track by yourself. In Trello you'd set up 4 columns titled, "To Do", "Doing", "Ready for Review", "Approved" (or combine the last two into "Done") You might want to tell them to only have tasks in the "Doing" column if they/re actually sitting at their desk working on it. For instance: not to leave a task in "Doing" overnight after work. That way you can actually see what they're working on and how long it takes, but that might be overly micro-manager-y At the end of each day / week when you review the tasks completed, look for ones that took a longer time than average (since, on average, all the tasks should be broken down into sub-tasks of approximately the same difficulty). Ask them about those tasks and why they took longer to do. It may be because they neglected to further break it down into chunks as you had asked (in which case you ask them to do that next time), or it may be that some unexpected snag came up, or it may be a hard task that can't be further broken down. In any case, listen to their explanation and you should be able to tell if it sounds reasonable, and if it sounds fishy, google the problem they say they encountered. You'll be able to get a better feel of their work ethic and honesty by how they answer the question, without worrying as much about what their actual words are. Make sure that when you ask for more details about why a task took longer, you don't do it in a probing way. Make sure they understand that you're doing it for your own learning and to help predict and properly plan future timelines.Lee von KrausLV
the startups.com platform
Copyright © 2025 Startups.com. All rights reserved.