Home/ Questions/Q 7636961
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T07:49:13+00:00

I am building a web app which users use to assign tasks to each

  • 0

I am building a web app which users use to assign tasks to each other.

The users are all on a LAN.

There is a basic permissions system already, where user roles are either Admin or normal user.

What I have to implement is something really fine-grained…and I cant think of a good way to do this

Heres a list of things I need to have control over:

  1. If a user can change other users info
  2. If the user can access the LAN network via VPN(this is another challenge all together, i think)
  3. Users can assign tasks to only a set of other users(maybe all, maybe few)
  4. If user has the ability to change/delete an already assigned task from another user
  5. If the user can delete other users
  6. If a user can change other users permissions

What I want is an example of something similar so that I dont have to re-invent the wheel. Or maybe an idea on how to implement this with as little headache as possible :P. Also I dont know how I would structure a MySQL table/s to store all these permissions.

I thought of assigning users roles but I need more flexibility than just those roles.

Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One simple approach is to only have one extra column in the user table, called Access, Permission or something like that. Then for each of the permissions you want you define a constant with a integer value that’s dividable by 2, or the number 1, e.g:

    class PermissionChecker {
  const CAN_CHANGE_OTHER_USERS_INFO = 1; // in bit form: 000001
  const CAN_ACCESS_LAN_VIA_VPN = 2;      //              000010
  const CAN_ASSIGN_TASKS = 4;            //              000100 
  const CAN_CHANGE_OTHER_USERS_TASKS = 8;//              001000
  const CAN_DELETE_USERS = 16;           //              010000
  const CAN_CHANGE_USER_PERMISSIONS = 32;//              100000

  public static function hasAccess($userAccess, $accessFlag) {
    return $userAccess & $accessFlag; // The bitwise operation is the key....
  }
}

$userAccess = 33; // read from database, in bit form: 100001

// check permissions like:

if (PermissionChecker::hasAccess($userAccess, PermissionChecker::CAN_CHANGE_OTHER_USERS_INFO)) {
  // this will be true, because 100001 & 000001 returns 1
}
if (PermissionChecker::hasAccess($userAccess, PermissionChecker::CAN_CHANGE_USER_PERMISSIONS)) {
  // this will be true as well, because 100001 & 100000 returns 1
}
if (PermissionChecker::hasAccess($userAccess, PermissionChecker::CAN_CHANGE_OTHER_USERS_TASKS)) {
  // this will not happen... because 100001 & 001000 returns 0
}

    Then when another permission level is needed you only have to add another number that’s dividable by 2, e.g. 64, 128, etc. Maybe not the prettiest solution, but a simple one.

    And when you want to store permissions for a user you use the bitwise-or operator, like:

    $userAccess = PermissionChecker::CAN_CHANGE_OTHER_USERS_TASKS |
              PermissionChecker::CAN_CHANGE_OTHER_USERS_INFO; // will give $userAccess = 9;
// then store $userAccess in the database for current user...
    • 0