LiveUser Permission (Simple Level of Management)

Simple Level: Assign rights directly to users

The simple level of permission is efficient for managing simple applications with few users.

With an increasing number of users and complexity of applications in terms of functional areas and rights, you will want to implement higher level of permission management.

Now we can start assigning rights to users.

The functional view

A first way of doing is by assigning directly a right to a user. This is an easy way of handling permissions. In this case we'll only use a subset of all LiveUser concepts.


permission simpe

The «language and translation» of the simple level of permission management is not yet handled in this documentation. We didn't look at it because it was not in our priorities. This will be investigated later on in a context larger than LiveUser.

The technical view

Now we can slide from the functional point of view into the technical point of view.

The following graph illustrates what are the LiveUser tables and the links that we need to build for assigning rights directly to a user.

Note the numbers in the boxes of the technical graph matches the ids listed in the sample table records below in this document, so you can refer to the graph for better understanding.


The «liveuser_userrights» Table

A record will need to be created in the «liveuser_userrights» table to make the link between a user and a right. It will contain:

  • perm_user_id: the user id at permission level (perm_user_id)
  • right_id: the right id the user will be granted
  • right_level: it is used for checking access based on document ownership. Let's put 3 for the moment.
liveuser_userrights
perm_user_id right_id right_level
12 1 3

Configuration file

To be able to use the permission system, the configuration file needs information regarding the permission container 'permContainer'.

Download «conf.php»

Code
   ...
        'permContainer' => array(
            'type' => 'Simple',
            'storage' => array(
                'MDB2' => array(                    // storage container name
                    'dsn' => $dsn,
                    'prefix' => 'liveuser_',        // table prefix
                    'tables' => array(),
                    'fields' => array(),
                    'alias'  => array()
                )
            )
        )
   ...

We'll use here MDB2 to access the permission data.

The required customization is:

  • set the «type» to «Simple»
  • set a «MDB2» definition

Note the «prefix» value set to «liveuser_» because all LiveUser tables begin with «liveuser_».

Note also «tables», «fields» and «alias» arrays are not customizable for the moment.


List the rights

For ease of use, it may be a good idea to store the list of rights in a separate file. See outputRightsConstants on how to generate this file.

So constants have been defined with the corresponding «right_id» as value.

Download 'eve_rights.php'

Code
<?php
  	define('EVE_VIEW',  1);
  	define('EVE_CREATE',2);
  	define('EVE_EDIT',  3);
  	define('EVE_DELETE',4);
?>

Check the user rights

Now quite easily after the login, you check whether a specific right was granted to the user. You may then provide him or not some specific content.

Download «LU_test_rights.php»

Code
   ...
    if (!$LU->checkRight(EVE_VIEW))
      {
      echo 'You are not authorized to view events';
      }
    else
      {
      echo 'You are authorized to view events';
      }
  ...

Test it

Let's use a «userF» defined in the «liveuser_users» table. If no associated record is found in the «liveuser_perm_users» table, no right will be granted to the user.

The result is:

Now configure the rights

We'll define a record in the «liveuser_perm_users» table (with perm_user_id=12) associated to the «userF». Let's grant directly a right (EVE_VIEW has right_id=1) to a perm_user_id (=12). We'll keep the right_level=3 for the moment.

liveuser_perm_users
perm_user_id auth_user_id auth_container_name perm_type
12 25 0 1

liveuser_userrights
perm_user_id right_id right_level
12 1 3

The user is now allowed to view event information. See the result below:

Access granted

Get in touch!

We'd love to hear from you, what you think about this page or what we can do for you.

Contact Us

View this page with IE8+, Mozilla Firefox, Safari, Chrome and Mobiles

Last modificaton on 21 May 2015 by St├ęphane Van Nerom

© 2006-2014 - GVN - All rights reserved
v2.0.14