Hello guys I've built an admin panel which now I have to protect based on which user try to access it. I need something in php and mySQL so that I can check in the middle of my code if the user (with $_SESSION['thisUser']) has permission to modify or only view something. I'd need it easy cos I'm not good at building php classes.. don't know something that I can call like
if( $user->hasPermission('write-news') )
// write news
Any help? thanks in advance!
Ok I think I found an easier way to perform it.
I just made few tables (users, roles, permissions and role_perm that connects the two). Then I made a php file (included right after the db-settings.php file) that retrieves all permissions of the logged users and saves them inside an array (taking userId from $_SESSION[]) and with a function hasPermission($Permission) { that checks the given permission in the array and returns true or false. This way each time I need to check for a specific permission I call it like
if(hasPermission("write-news")) {
// let him write it
} else {
// "you do not have permission, bye bye"
}
Maybe this isn't the proper way to set up a role based permission system or w/e it is, but It's simple and works for what I need it to. Unfortunately I really don't have time to spend learning how better systems works. If you have some suggestions about it, I'd be interested to read it.