phpadminuser-permissionsrole-basedrole-base-authorization

Role based user permission system for Admin Panel


Hello guys I've built an admin panel which now I have to protect based on which user try to access it. I need something in php and mySQL so that I can check in the middle of my code if the user (with $_SESSION['thisUser']) has permission to modify or only view something. I'd need it easy cos I'm not good at building php classes.. don't know something that I can call like

if( $user->hasPermission('write-news') ) 
   // write news

Any help? thanks in advance!


Solution

  • Ok I think I found an easier way to perform it.

    I just made few tables (users, roles, permissions and role_perm that connects the two). Then I made a php file (included right after the db-settings.php file) that retrieves all permissions of the logged users and saves them inside an array (taking userId from $_SESSION[]) and with a function hasPermission($Permission) { that checks the given permission in the array and returns true or false. This way each time I need to check for a specific permission I call it like

    if(hasPermission("write-news")) {
        // let him write it
    } else {
        // "you do not have permission, bye bye"
    }
    

    Maybe this isn't the proper way to set up a role based permission system or w/e it is, but It's simple and works for what I need it to. Unfortunately I really don't have time to spend learning how better systems works. If you have some suggestions about it, I'd be interested to read it.