M
M
makar042016-03-06 17:49:11
PHP
makar04, 2016-03-06 17:49:11

How to implement a user rights check on the site to change a specific page?

Good day! I am inventing my bicycle, and the question arose of how to implement a user rights check for editing a specific page! For example: An authorized user creates a blog on the site, in this blog he can post his articles. How to properly organize a check to see if a user is a blog administrator, and if he is an administrator, then allow him to do whatever he wants on this blog? There will also be moderators and subscribers on the blog, and everyone will have different rights! Now for the test implemented as follows. The database has blog and permission tables in Table. blog directly stores all the info about the blog "description, its id, etc.", the permission table stores the blog id, user id and user role, in which roles are stored as numbers 1, 2, 3 (1 = administrator, 2 = moderator, 3 = subscriber). When loading a blog, a query is made to the database and one of the user role values ​​is returned. In general, I understand that this is very clumsy, and therefore the question is how to correctly implement this check, maybe somehow you can get the rights for all the user's blogs once and put them in the session, so that each time you do not access the database? Maybe there are some articles on this subject, or at least push the right idea? Thanks in advance! What would not access the database every time? Maybe there are some articles on this subject, or at least push the right idea? Thanks in advance! What would not access the database every time? Maybe there are some articles on this subject, or at least push the right idea? Thanks in advance!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
Silm, 2016-03-06
@Silm

It is best to use ready-made systems for managing authentication, roles, authorization
,
rights
. In a DB we store roles, the rights. In the code, we determine whether there is a right to act. To avoid constant requests to the database, we cache in memory (Memcached / Redis).
The main thing is that the implementation does not turn out to be full of holes.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question