Novice to ninja: How to create different permissions for different users

@TomB In your book sir(am talking of page 634), you talked about permissions and how we can group permissions into different columns such as adminPermissions and jokePermissions. Now let say, I have different groups of permissions giving to users like modPermissions, juniorAdminpermissions, seniorAdminpermissions and superAdminPermissions like this

//For moderators
const DELETE_THREAD = 1;
    const DELETE_POST = 2;
    
    //junior admin
    const WARN_USER = 1;
    const ADD_MODERATOR = 2;
    const BAN_USER = 4;
    
   //For  senior admin
    const ADD_CATEGORY = 1;
    const EDIT_CATEGORY = 2;
    const DELETE_CATEGORY = 4;

    //For superadmin
    const ADD_ADMIN = 1;
    const EDIT_ADMIN = 2;
    const DELETE_ADMIN = 4;

while the savePermission function has this

public function savePermission(){
        $user = [
            'id' => $_GET['id'],
            'permission' => array_sum($_POST['moderator'] ?? []),
            'superadminpermission' => array_sum($_POST['superadminpermissions'] ?? []),
            'adminpermission' => array_sum($_POST['junioradminpermissions'] ?? []),
            'adminMod' => array_sum($_POST[senior'adminmodpermissions'] ?? [])
        ];

        $this->usersTable->save($user);
        header('location: user/list');
    }

My question now is on the view, since in the book, the example you use will work on a single column, how then, will I create the template since the ReflectionClass will get all the constants even if I create different view pages for the admins

If you want to keep using reflection, you’ll need to have separate classes for each user type Moderator Junior Admin, etc.

However, having user roles (admin, moderator, etc) is a completely different permissions model to having checkboxes for each permission. Using the approach I showed in the book, anyone can be given any permission, a very fine grained level of control rather than being granted permissions based on their role. Using this role based approach you’d normally define a set of permissions for a role then assign a user to a role e.g. roleId => 2

The problem with this approach is that checking permissions becomes more difficult. When you use ->hasPermission(ADD_ADMIN) how does it know which column to check in?

Oh Thanks @TomB what is the best way to solve the problem? The roles have already exceeded the 64bit(If I understand what you mean by a CPU can only accept 64bit)if I were to go by mulitiplying by 2, the highest role is 1028 which I belive is higher than the 64bit

You will need 64 different permissions (if your column is unisigned int 63 if it’s signed) before you hit the 64 bit limit (each permission uses 1 bit). If you do find yourself going over that, you may wish to break them up into different columns, but you’d be best off keeping the logic for that inside the permissions class.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.