Re: [phplib] extending permissions From: Spruce Weber (sprucely <email protected>)
Date: 07/08/00

I've implemented a simple scheme for checking whether a user is a member of
a particular group.

Here's the schema for the two tables I've added for group functionality...
#
# Table structure for table 'groups'
#

CREATE TABLE groups (
   group_id int(10) unsigned NOT NULL auto_increment,
   group_name varchar(32) NOT NULL,
   PRIMARY KEY (group_id),
   UNIQUE group_name (group_name)
);

#
# Table structure for table 'groups_users'
#

CREATE TABLE groups_users (
   groups_users_id int(10) unsigned NOT NULL auto_increment,
   group_id int(10) unsigned NOT NULL,
   user_id varchar(32) NOT NULL,
   PRIMARY KEY (groups_users_id)
);

Here's the code I've added to my extension of the perm class that utilizes
these new tables...

  function group_invalid($err_msg) {
    global $_PHPLIB;

    include($_PHPLIB["libdir"] . "groupinvalid.ihtml");
  }

  function check_group($g) {
    global $auth;
    $uid = $auth->auth["uid"];
    $db = new $auth->database_class;
    $db->query("select group_id from groups where group_name='$g'");
    while($db->next_record())
      $gid = $db->f("group_id");
    if(!$gid) {
      $this->group_invalid("The group \"$g\" doesn't exist.");
      exit();
    }
    else {
      $db->query("select count(groups_users_id) as ids from groups_users
where group_id='$gid' and user_id='$uid'");
      while($db->next_record())
        $ids = $db->f("ids");
      if(!$ids) {
        $this->group_invalid("You are not a member of group \"$g\".");
        exit();
      }
    }
  }

  function in_group($g) {
    global $auth;
    $uid = $auth->auth["uid"];
    $db = new $auth->database_class;
    $db->query("select group_id from groups where group_name='$g'");
    while($db->next_record())
      $gid = $db->f("group_id");
    if(!$gid) {
      $this->group_invalid("The group \"$g\" doesn't exist.");
      exit();
    }
    else {
      $db->query("select count(groups_users_id) as ids from groups_users
where group_id='$gid' and user_id='$uid'");
      while($db->next_record())
        $ids = $db->f("ids");
      if(!$ids)
        return false;
      else
        return true;
    }
  }

You can have as many groups as you want by adding to the groups table. You
add a user to as many groups as you like by creating new uid/gid pairs on
the groups_users table. The functions group_invalid(), check_group(), and
in_group() are equivilant respectively to perm_invalid(), check(), and
have_perm().

A more complicated scheme would be to provide users with permissions unique
to each group. This would involve adding a perms field to the groups_users
table and utilizing a couple other functions in the perm class for comparing
them.

What I have so far works for me. Any interest in going further with this?

----Original Message Follows----
From: "wfries" <wfries <email protected>>
To: "Spruce Weber" <sprucely <email protected>>
Subject: Re: [phplib] extending permissions
Date: Fri, 7 Jul 2000 22:20:49 -0400

Bruce I would be interested in what you come up with as this is an issue
that I may have to deal with soon Thanks Bill

----- Original Message -----
From: Spruce Weber <sprucely <email protected>>
To: <phplib <email protected>>
Sent: Friday, July 07, 2000 9:18 PM
Subject: [phplib] extending permissions

> I'm thinking of extending the permissions class to utilize groups. My
> initial thought is to have a table called "groups" with the fields
group_id
> and group_name, and then another table called groups_users to link back
to
> the auth_user table. This would allow any user to be added to multiple
> groups.
>
> I was originally going to implement my own unix-style group system for a
> topical discussion board. Yes, I know there are tons of php discussion
> boards already out there, but they are complete systems and not easily
> modified for what I want to do. Then I realized that an extension of the
> perm class would make life much simpler, and other PHPLIB users might be
> interested in such a beast.
>
> Has there been any discussion in the past about implementing group
> permissions? It can be made an optional feature just as everything else
in
> PHPLIB is;-) If anyone is interested or has any ideas or concerns about
how
> I should proceed, please speak up. Otherwise I'll just go on my merry way
> and implement it for my own use.
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>
>

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>