2. PHPRunner General questions
  3. CMS in PHPR with user permissions
This topic is locked

CMS in PHPR with user permissions

 		12/6/2007 3:50:51 PM
PHPRunner General questions
J
 jacekq author

Hi there,
I've the following question: I have 4 tables - documents, categories, users and user permissions to categories. I'd like to have different user types - each user type see selected categories only (the list of permitted categories is setup by admin dynamicaly).

If I log as a given user (not admin), I'd like to see my permitted categories only. I feel that I should write my sql select statement using information of logged user ID (int field, not varchar - username) based on JOIN - and create view to categories table.
I don't know how to filter categories table for a given user using information of logged user id.
Any suggestions?
Best Rgds,

Jacek

PHPR fan!
Alexey admin 12/7/2007

Jacek,
you can add filtering to SQL query in Before SQL query event.

However it's hard to give any recommendations without having your tables structure.
J
 		jacekq author 12/7/2007

Table structures:

  1. Users

    CREATE TABLE `cms_users` (

    `id` int(11) NOT NULL auto_increment,

    `login` varchar(30) collate utf8_polish_ci NOT NULL,

    `password` varchar(100) collate utf8_polish_ci NOT NULL,

    `email` varchar(50) collate utf8_polish_ci NOT NULL,

    `group` varchar(20) collate utf8_polish_ci NOT NULL,

    PRIMARY KEY (`id`)

    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_polish_ci AUTO_INCREMENT=4 ;
    This table is used for keeping login/pass of allowed users. How to get logged user `id`? I've seen that login.php sets $_SESSION variable userID but it contains `login` field...
  2. Table that is used for keeping permissions - it should be setup by admin only:

    CREATE TABLE `cms_userscats` (

    `user_id` int(11) NOT NULL,

    `category_id` int(11) NOT NULL,

    PRIMARY KEY (`user_id`,`category_id`)

    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_polish_ci;
    So, I think my SQL SELECT for categories table list should be very complicated (connected to cms_usercats) and that SELECT should contain logged user `id`.
Alexey admin 12/10/2007

Jacek,
to save id in the session use this code in AfterSuccessfulLogin event:

$_SESSION["uid"]=$data["id"];


Add INNER JOIN cms_userscats clause to your main table query and put this code to Before SQL query event:

$strWhereClause=whereAdd($strWhereClause,"cms_userscats.user_id=".$_SESSION["uid"]);