LiveUser Permission (Complex Level of Management)

Complex Level: Advanced Features

The complex level of permission management adds some functional enhancements.

When working with the next level of permission management, in addition to all concepts described in the simple and medium levels, the implied rights feature can also be used. We'll examine it now.

Note: other additional concepts and features will be described later on.

The functional view

Complex Level

The difference with the medium level is that:

  • when a right is granted, the user may also automatically be granted another right. This is called an «implied right».
  • sub-groups are also supported

The following is not covered and still needs to be documented:

  • Permission limited by ownership
  • Type of user: from user to admin
  • User level: from area user to super user
  • Admin levels: from area to master admin
  • Sub groups

The technical view

On a technical point of view, a new table is used to define the implied rights.

Implied rights at complex level

The «liveuser_right_implied» Table

Now we'll first define the implied rights: when someone is allowed to edit the events, he will also be allowed to view them,...

Then we can simplify the rights granted to each group.

Lets fill in the «liveuser_right_implied» table:

  • a right id
  • an implied_right_id
liveuser_right_implied
right_id implied_right_id
2 1
3 1
4 1

The «liveuser_grouprights» Table

And we can simplify the «liveuser_grouprights» table.

  • the group_id: the id of the group
  • the group_right_id: the id of the right
  • right_level: set it at 3 for the moment and we'll come back later on on this
liveuser_grouprights
group_id group_right_id right_level
1 1 3
2 2 3
2 3 3
3 4 3

Configuration file

To be able to use implied rights in the permission system, the configuration file needs to be updated, specifically in the perm container array: from «Simple»/«Medium» to «Complex».

Download «conf.php»

Code
   ...
        'permContainer' => array(
            'type' => 'Complex',
            'storage' => array(
                'MDB2' => array(                    // storage container name
                    'dsn' => $dsn,
                    'prefix' => 'liveuser_',        // table prefix
                    'tables' => array(),
                    'fields' => array(),
                    'alias'  => array()
                )
            )
        )
   ...

List the rights

The list of rights, as a set of constants, remains unchanged in a separate file.

Download «eve_rights.php»

Check the user rights

Our test file remains unchanged as well.

Download «LU_test_rights2.php»

Test it

Unsurprinsingly the tests with the 3 users give the same results.

The result for «userA» is:

Rights for userA

The result for «userB» is:

Rights for userB

The result for «admin» is:

Rights for admin

Get in touch!

We'd love to hear from you, what you think about this page or what we can do for you.

Contact Us

View this page with IE8+, Mozilla Firefox, Safari, Chrome and Mobiles

Last modificaton on 21 May 2015 by St├ęphane Van Nerom

© 2006-2014 - GVN - All rights reserved
v2.0.14