Home/ Questions/Q 8593815
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T00:04:35+00:00

I’m working on a personal CMS and I’ve got a problem. I wanted to

  • 0

I’m working on a personal CMS and I’ve got a problem. I wanted to define access levels such as CAN_DELETE_THREAD, CAN_EDIT_MESSAGE or CAN_CREATE_THREAD as binary flags, but I don’t know how a function ‘has_flag’ would work. For example, if I took a user from the db and wanted to check if he can edit messages, how would I go around doing that?

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could create a permissions database table, and a permissions_users table that joins permissions to users, and then check on a per-page basis if the logged-in user can view that page.

    Imagine you have a User model, and a permission with an ID of 1:

    if ($user->hasPermission(1)) {
    // show form or whatever
}
else {
    throw new ForbiddenException();
}

    Your hasPermission() method could be as simple as:

    <?php
class User extends Model {

    public function hasPermission($permission_id) {
        $sql = "SELECT COUNT(*) FROM `permissions_users` WHERE `user_id` = :user_id AND `permission_id` = :permission_id";
        $stmt = $this->pdo->prepare($sql);
        $stmt->bindParam(':user_id', $this->id, PDO::PARAM_INT);
        $stmt->bindParam(':permission_id', $permission_id, PDO::PARAM_INT);
        return ($this->pdo->fetchColumn() > 0); // returns true if at least 1 result
    }
}

    Obviously you’ll need to adjust this to fit your application.

    • 0