LiveUser Permission (Medium Level of Management)

Medium Level: Assign rights to groups of users

An increasing number of users of a system will quickly limit the usage of the simple level of permissions. Assigning rights to a group of users requires less work than repeating the task for each user.

When working with the next level of permission management, LiveUser just makes those new concepts available.

The functional view

In addition to all concepts described in the simple level, we can now also deal with group of users.


Medium Level

Users may be set into groups for easier right management. For each group, note the group name, whether it's considered as active and an associated group id.

From functional to technical point of view...

The «liveuser_groups» Table

Based on the functional needs, lets fill in the «liveuser_groups» table:

  • a group id: the identifyer of the group
  • a group_type: you could use it to make the difference between user groups and roles. Within LiveUser, no functionality is attached to it. So we'll leave the value equal to 0 here.
  • group_define_name: the name of the group
  • is_active: 1 (=yes) or 0 (=no)
  • owner_user_id
  • owner_group_id
liveuser_groups
group_id group_define_name is_active ...
1 EVE_VIEWER 1
2 EVE_EDITOR 1
3 2 EVE_EDITOR_DEL

Then, rights are assigned to groups. Users are made member of groups.

On a technical point of view, 2 more tables are used to make those links: «liveuser_grouprights» and «liveuser_groupusers».

Group management at medium level

The «liveuser_grouprights» Table

Now we'll make the link between a group of users and the list of rights in the «liveuser_grouprights» table

  • group_id: the id of the group
  • right_id: the id of the right
  • right_level: set it at 3 for the moment and we'll come back later on on this
liveuser_grouprights
group_id right_id right_level
1 1 3
2 1 3
2 2 3
2 3 3
3 1 3
3 4 3

The «liveuser_groupusers» Table

And each user will be member of a group, as specified in the «liveuser_groupusers» table:

  • the perm_user_id: the id of the user (at permission level)
  • the group_id: the id of the group
liveuser_groupusers
perm_user_id group_id
1 3
2 1
3 2
4 1

Configuration file

To be able to use groups in the permission system, the configuration file needs to be updated, specifically in the perm container array: from «Simple» to «Medium».

Download «conf.php»

Code
   ...
        'permContainer' => array(
            'type' => 'Medium',
            'storage' => array(
                'MDB2' => array(                    // storage container name
                    'dsn' => $dsn,
                    'prefix' => 'liveuser_',        // table prefix
                    'tables' => array(),
                    'fields' => array(),
                    'alias'  => array()
                )
            )
        )
   ...

List the rights

The list of rights, as a set of constants, remains unchanged in a separate file.

Download «eve_rights.php»

Check the user rights

Now quite easily after the login, you check whether a specific right was granted to the user. You may then provide him or not some specific content.

Download «LU_test_rights2.php»

Code
   ...
    if (!$LU->checkRight(EVE_VIEW))
      {
      echo 'You are not authorized to view events.';
      }
    else
      {
      echo 'You are authorized to view events.';
      }
    if (!(EVE_CREATE))
      {
      echo 'You are not authorized to create events.';
      }
    else
      {
      echo 'You are authorized to create events.';
      }
    if (!(EVE_EDIT))
      {
      echo 'You are not authorized to modify events.';
      }
    else
      {
      echo 'You are authorized to modify events.';
      }
    if (!(EVE_DELETE))
      {
      echo 'You are not authorized to delete events.';
      }
    else
      {
      echo 'You are authorized to delete events.';
      }
  ...

Test it

Let's test with 3 users defined in the «liveuser_users» table: userA, userB and admin

User A

The result for «userA» is:


Rights for userA


User B

The result for «userB» is:


Rights for userB


Admin User

The result for «admin» is:


Rights for admin

Get in touch!

We'd love to hear from you, what you think about this page or what we can do for you.

Contact Us

View this page with IE8+, Mozilla Firefox, Safari, Chrome and Mobiles

Last modificaton on 21 May 2015 by St├ęphane Van Nerom

© 2006-2014 - GVN - All rights reserved
v2.0.14