Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
jamesk2018-05-11 10:02:08
PHP
jamesk, 2018-05-11 10:02:08

Correct content visibility system for mysql + php user?

Good afternoon, the task is to add an existing micro crm written in php + mysql. It is necessary to limit the visibility of content for users, i.e. if in the user's card they hung that he sees only applications from Kostroma, then the rest are not displayed for him and he also does not see the related content with these applications. The system simply makes requests to the database through pdo, which architectural approach is the most correct in this case?
In addition, I didn’t find it in scripts to fix each request for each object, so I went out with a question to the site.
It's just embarrassing that even the global system search needs to be modernized so that the user does not see too much.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vitaly, 2018-05-11
@rim89

If the whole system is written without separation of rights, then it is possible that it will be necessary to edit everywhere.
How is it done? - Users have a column with the access group ID. Table of groups with access rights to certain controllers.
And in each controller check - if this ID has access or not.

Report
J
jamesk, 2018-05-11
@jamesk

there is a separate table where there is a correspondence uid - city_id.
applications have a table id_application = city_id.
applications have, for example, a thousand objects in which the ratio object_id = application_id.
It seems to be to find all the requests that request applications really and embed the request there.
But here's every request for an object from the database, it seems rather unproductive.
Plus, there are fears that the access check in absolutely every request will slow down the system. There are also users without restrictions on the city, i.e. request becomes more complex.
Wild thoughts are already coming to create an intermediate table where to store the user's relationship to each system table and fill it with triggers, but you will also have to modernize each request, but the speed will be higher...

Similar questions
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
W
WebforSelf2021-03-23 23:45:26
How to start server after centos 7 backup, vestacp? 3Reply
A
Artem Melnykov2019-09-11 09:24:58
What to do if android sdk is not installed? 2Reply
S
Sergey2015-05-13 21:19:17
How and how to split a webm file into several working parts in linux? 2Reply
N
Nikolay2017-05-04 14:00:30
How to build a chain of calls to a static function? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question