2. PHPRunner General questions
  3. Admin System Idea
This topic is locked

Admin System Idea

 		8/27/2007 2:04:13 PM
PHPRunner General questions
F
 fsteves author

I am currently working on a PHP based Administration system to allow for changing of the user groups on the fly. My idea so far is to have two extra fields per user account, one for tableList (List, in order, the tables in the DB which get permissions). and one for their modifiers (A E D S P T), semi-colon delimeted.
I would like to be able to do on the fly what you have to set statically in PHPRunner. Is this a good idea, and what are the flaws and downfalls?
It would Be something like this for the table:

UserID (Primary):

0

UserName:

Administrator

UserPass:

p@ssw0rd

UserEmail:

bill@bob.com

TableMap:

table_One;table_Two;table_Users;custom_View;custom_Report

TablePrivs:

AEDSP;AEDSP;AEDSP;AESP;SP
__

As they are parsed out, PHP will create the code on the fly (I'm still working on this all)
Is there already progress on something better?
F
 		fsteves author 8/29/2007

Alright, well, I have finished my crude implementation of this idea, and its working. There are of course probably a lot of bugs, as PHP isn't my first language, but it works. I am working on the generation of a Check box grid to parse out the current users privileges, right now you have to manually edit them (be it the 'Edit' feature or with phpMyAdmin or direct mysql queries).
I am also trying to preserve the ability to use groups in my code, so others can keep what they like.
If anyone thinks a user based privilege setup would be great, please let me know and I will pass on my code so you can test it out. If the developers would like this idea, please let me know. It is fairly simple to implement, and would allow for SO much more flexibility in this application.
Alexey admin 8/29/2007

Hi,
thank you for sharing your idea.

We plan to add dynamic permissions in one of the next versions of PHPRunner.
F
 		fsteves author 8/29/2007

Okay, should I not post the code as to keep from creating confusion?
D
 		daviesgh 8/29/2007

Clarity,
I have done something similar, but based around group permissions rather than individual permissions.
I have added 4 tables:

  • users: contains details of the user and their security level

    fields: userid, login, password, userlevelid etc
  • userlevels: lookup table for security levels

    fields: userlevelid, userlevelname
  • userpages: list of all tables/pages in my application with the default access rights for new security levels

    fields: pageid, phprunnerpagename, page description, defaultpermission
  • userlevelpermissions: contain access rights for each table/page and each security level

    fields: userlevelid, pageid, permission (ADESP)
    When the user logs in, I have a custom function PagePermissions($SecurityLevel), which queries the database and stores the access rights for each page and security level of the user in session variables using the phprunnerpagename.
    To get the access rights, I have changed the function GetUserPermissions($table="") in commonfunctions.php to return the session variable for the particular page (return $_SESSION[ProjectName."Permission".$table]<img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=20959&image=1&table=forumreplies' class='bbc_emoticon' alt=';)' /> This returns what PHPRunner is expecting, so no further changes are required to the application, apart from maintainence pages for the above tables.
    Hope this helps
    Gordon