Permission Medium Level
Medium Level: Assign rights to groups of users
An increasing number of users of a system will quickly limit the usage of the simple level of permissions. Assigning rights to a group of users requires less work than repeating the task for each user.
When working with the next level of permission management, LiveUser just makes those new concepts available.
The functional view
In addition to all concepts described in the simple level, we can now also deal with group of users.
Users may be set into groups for easier right management. For each group, note the group name, whether it's considered as active and an associated group id.
From functional to technical point of view...
The «liveuser_groups» Table
Based on the functional needs, lets fill in the «liveuser_groups» table:
- a group id: the identifyer of the group
- a group_type: you could use it to make the difference between user groups and roles. Within LiveUser, no functionality is attached to it. So we'll leave the value equal to 0 here.
- group_define_name: the name of the group
- is_active: 1 (=yes) or 0 (=no)
- owner_user_id
- owner_group_id
| group_id | group_define_name | is_active | ... |
|---|---|---|---|
| 1 | EVE_VIEWER | 1 | |
| 2 | EVE_EDITOR | 1 | |
| 3 | EVE_EDITOR_DEL | 1 |
Then, rights are assigned to groups. Users are made member of groups.
On a technical point of view, 2 more tables are used to make those links: «liveuser_grouprights» and «liveuser_groupusers».
The «liveuser_grouprights» Table
Now we'll make the link between a group of users and the list of rights in the «liveuser_grouprights» table
- group_id: the id of the group
- right_id: the id of the right
- right_level: set it at 3 for the moment and we'll come back later on on this
| group_id | right_id | right_level |
|---|---|---|
| 1 | 1 | 3 |
| 2 | 1 | 3 |
| 2 | 2 | 3 |
| 2 | 3 | 3 |
| 3 | 1 | 3 |
| 3 | 4 | 3 |
The «liveuser_groupusers» Table
And each user will be member of a group, as specified in the «liveuser_groupusers» table:
- the perm_user_id: the id of the user (at permission level)
- the group_id: the id of the group
| perm_user_id | group_id |
|---|---|
| 1 | 3 |
| 2 | 1 |
| 3 | 2 |
| 4 | 1 |
Configuration file
To be able to use groups in the permission system, the configuration file needs to be updated, specifically in the perm container array: from «Simple» to «Medium».
...
'permContainer' => array(
'type' => 'Medium',
'storage' => array(
'MDB2' => array( // storage container name
'dsn' => $dsn,
'prefix' => 'liveuser_', // table prefix
'tables' => array(),
'fields' => array(),
'alias' => array()
)
)
)
...
List the rights
The list of rights, as a set of constants, remains unchanged in a separate file.
Check the user rights
Now quite easily after the login, you check whether a specific right was granted to the user. You may then provide him or not some specific content.
Download «LU_test_rights2.php»
...
if (!$LU->checkRight(EVE_VIEW))
{
echo 'You are not authorized to view events.';
}
else
{
echo 'You are authorized to view events.';
}
if (!(EVE_CREATE))
{
echo 'You are not authorized to create events.';
}
else
{
echo 'You are authorized to create events.';
}
if (!(EVE_EDIT))
{
echo 'You are not authorized to modify events.';
}
else
{
echo 'You are authorized to modify events.';
}
if (!(EVE_DELETE))
{
echo 'You are not authorized to delete events.';
}
else
{
echo 'You are authorized to delete events.';
}
...
Test it
Let's test with 3 users defined in the «liveuser_users» table: userA, userB and admin
User A
The result for «userA» is:
User B
The result for «userB» is:
Admin User
The result for «admin» is:
