0

I'm trying to create a modular admin capability on my website, and I had a couple of questions about making it easy to look up who has admin rights to a particular page (I want it so that I can change admin rights to specific portions of the website, so as to not give any one person too much control).

I originally thought about whitelists, but decided it would get pretty ugly to handle, so I started thinking about building an SQL table that holds the member ID number and the pages that they have administrative control over (and perhaps to what extent they have admin rights on that page).

In order to accomplish this i was thinking of 3 columns, first with the ID, second with the pages separated by commas, and third as a byte with flagged bits for specific admin capabilities. When a user is logged in, it would store the information in a session for which pages they have admin rights of for 'quick access' so that certain things appear on the page (such as creating new news, modifying posts, deleting posts, etc...)

Is this a viable/efficient way of doing this? Are there standards for how giving and checking admin rights is conducted?

[EDIT] I was looking, and I am thinking that doing a check/lookup for every action is preobably better than holding the information in a session, but is the rest of the premise sound?

4

1 に答える 1

2

This is something we did as classroom activity few years back.
using DB to manage Roles of user

Table user::
  username      password      Role
    1             123          REGULAR
    2             123          MOD
    3             123          ADMIN

Table Role::
  Role-Name      Permissions
   ADMIN           WRITE,DELETE, APPEND
   MOD             WRITE,APPEND
   REGULAR        WRITE

Then there was a read permission which was common to all. And there was a special guest user which can only read. We used full text search to check if the user role had the specific permission in the blog or not.

Eg if the user is admin, he can see all three buttons on his panel. It was done using PHP and the permission was kept in array after splitting around ,. 

$sql = "Select Permissions from ROLE where Role-name = (select ROLE from user where username = '1')"
$permission[] = split(mysql_query($sql), ',');

<div id = command_bar>
        <a> ...
            some common buttons..</a>
         foreach values in $permission[]
            { <a href='url?option=permission'> permission </a> }

The above created something like <a href="url/?option=APPEND">APPEND</a> and that gave the user the ability to do the roles. It was not an actual project but a classroom activity for learning.

于 2013-02-22T20:00:53.607 に答える