Home/ Questions/Q 283943
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T05:24:59+00:00

The site I am working with has a somewhat convoluted way with dealing with

  • 0

The site I am working with has a somewhat convoluted way with dealing with users and permissions.

These are the user types:

  • User
  • Facility Approver
  • Facility Admin
  • Corporate Approver
  • Corporate Admin

Now there are also facilities, and that is where these permission levels come into play. Facilities are linked to users and user levels in a table like such:

user_id     facility_id     userlevel
joebob      ABCInc          Facility Admin

Pretty simple so far, but now what I want is be able to allow one user level to set restrictions on another user level for a certain facility. For example, I’m the Facility Admin and I want to only allow Users to submit certain forms. How would I store this?

I was thinking a new table that links facility_id, userlevel and permissionlevel. But what exactly would permissionlevel be? An int? Or would I add columns to the table like canOrderThings or canSearchForStuff?

I was seeing if like this would work, but it seems like it would get a tad messy and hard to keep track if you have a large number of permissions. How would you add permission levels without throwing everything out of wack? Or even setting permission levels would be a bit challenging I think.

Also user levels are directly linked to users in the User Table, but those server different purposes.

Is there a completely better way to structure all of this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using a second table for options is a good idea. Some forum frameworks use this method.
    Each of your users are given a UserGroupId which is usually an Int since they are easiest to work with. UserGroupId of 1 for instance, could be an admin, 2 could be a teacher (depends on your organization).

    Then you have a table called Permissions, on this table you include all options as Columns, something like this.

    UserGroupID --|-- SearchEnabled --|-- CanOrder
             1                   0           1
             2                   1           1

    Using a simple binary system, 1 enabled, 0 disabled, you can control options for each user group. This allows you to get all permissions with a single query, while still offering a very large area for customization.

    You don’t have to use binary numbers though. For instance you could use values 1,2,3 where 1 is full permission, 2 is partial, and 3 is zero. It depends on how specific your regulations need to be.

    Now before you allow a user to perform an option you do a simple check on the users permissions (which you should store in an array or a class for quick access). For a function that enables search you would use a condition such as

    If ($user['SearchEnabled')
{
   $generate->SearchOptions();
}
else 
{
   $generate->Error('NoSearchPermissions');
}

    Using binary numbers has the obvious benefit of simply check if TRUE or FALSE. If you use a different numbering system it would require a bit more work, checking the specific value
    If ($user['SearchEnabled'] == 2 || $user['SearchEnabled'] == 1)

    • 0