SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Feb 2007
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Access control and permissions

    Hi all

    I have a website that features property available for holiday rent. It uses php and a mysql database to display the dynamic pages of the individual properties.

    Now, I would like to take this a step further by creating a control panel that will allow the property owners to login and have a limited amount of access to the database in order to update some of their property details themselves and add special promotions, update pricing and availability etc.

    I have decided to begin by looking into the access control aspects of this project and have been reading the sitepoint book "The PHP Anthology Vol2", which features in the first chapter a very good tutorial on this subject.

    The problem? I cannot get my head around how the permissions would work for the project I have in mind. The tutorial explains how general permissions can be set up, but in my project how will I restrict Mr Jones from updating Mr Smiths property details - and vice versa? All of the properties have a unique propertyID number so I am guessing I will use this in the permissions somehow. To complicate things a little, some owners have more than one property featured.

    Any help or tips would be greatly appreciated.
    Kind Regards
    Lee

  2. #2
    SitePoint Enthusiast
    Join Date
    Jul 2007
    Location
    Virginia
    Posts
    87
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should be assigning any 'members' a unique id number in which you can tie the listing to them by using the member's unique id number in the row of their listing - but I imagine you're doing this already?

    So on login you'd establish a session variable with their unique id number in it, and in any sql query you'd use their unique id (to find all listings).

    So, it's not about authentication it's more about storing their unique id number in a session variable you have access to, and using it in any customized queries.

    Did that help?
    Mark A. Drake
    - Mark A. Drake
    - OnSlaught

  3. #3
    SitePoint Member
    Join Date
    Feb 2007
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Markusmad

    Thanks for taking the time to reply.

    You are absolutely right. Its seems obvious now - the assigned userid's will have a table with the relevant property ids associated with them, and this is queried - and is separate from any permissions for edit/add/delete etc.

    For some reason I read the permissions part of the chapter yesterday, ended up going around in circles, and managed to convince myself that there was more to it than that.

    Thanks again.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •