Permission Complex Level
Complex Level: Advanced Features
The complex level of permission management adds some functional enhancements.
When working with the next level of permission management, in addition to all concepts described in the simple and medium levels, the implied rights feature can also be used. We'll examine it now.
Note: other additional concepts and features will be described later on.
The functional view
The difference with the medium level is that:
- when a right is granted, the user may also automatically be granted another right. This is called an «implied right».
- sub-groups are also supported
The following is not covered and still needs to be documented:
- Permission limited by ownership
- Type of user: from user to admin
- User level: from area user to super user
- Admin levels: from area to master admin
- Sub groups
The technical view
On a technical point of view, a new table is used to define the implied rights.
The «liveuser_right_implied» Table
Now we'll first define the implied rights: when someone is allowed to edit the events, he will also be allowed to view them,...
Then we can simplify the rights granted to each group.
Lets fill in the «liveuser_right_implied» table:
- a right id
- an implied_right_id
| right_id | implied_right_id |
|---|---|
| 2 | 1 |
| 3 | 1 |
| 4 | 1 |
The «liveuser_grouprights» Table
And we can simplify the «liveuser_grouprights» table.
- the group_id: the id of the group
- the group_right_id: the id of the right
- right_level: set it at 3 for the moment and we'll come back later on on this
| group_id | group_right_id | right_level |
|---|---|---|
| 1 | 1 | 3 |
| 2 | 2 | 3 |
| 2 | 3 | 3 |
| 3 | 4 | 3 |
Configuration file
To be able to use implied rights in the permission system, the configuration file needs to be updated, specifically in the perm container array: from «Simple»/«Medium» to «Complex».
...
'permContainer' => array(
'type' => 'Complex',
'storage' => array(
'MDB2' => array( // storage container name
'dsn' => $dsn,
'prefix' => 'liveuser_', // table prefix
'tables' => array(),
'fields' => array(),
'alias' => array()
)
)
)
...
List the rights
The list of rights, as a set of constants, remains unchanged in a separate file.
Check the user rights
Our test file remains unchanged as well.
Download «LU_test_rights2.php»
Test it
Unsurprinsingly the tests with the 3 users give the same results.
The result for «userA» is:
The result for «userB» is:
The result for «admin» is:
