Reputation: 273
read user permission from session or database
In my database, users have roles and each role has permissions. permissions have two fields permission group (such as users, posts, comments) and permission action (add 01, delete 02, edit 04, approve 08 which are bitwise).
For example, to add and approve a post:
permission[POST_PERMISSION_GROUP]= 01 | 08 ;
and I want to store it into session of user. But once admin changes permission of a user, session of that user should be updated. Now I'm in a dilemma if I should cache these permissions inside session or better to read them from database directly? each time user has access to each page several permissions have to be checked.
it would great if you share your experiences.
Upvotes: 1
Views: 798
Answers (1)
Reputation: 31685
Two things can be done with permissions:
- Checking whether a certain user has a permission.
- Setting whether a certain user has a permission.
For this, you need two functions:
check_permission($user, $permission)set_permission($user, $permission, $allowed)
A first implementation of these functions should manipulated the authoritative source for permissions (i.e. likely the database).
If you don't run into performance problems, leave it like that. If you have confirmed, that checking and settings perissions takes too long, then optimize, not earlier.
Upvotes: 0
Related Questions
- Check if the user has role in sessions (PHP)
- PHP - session multi user and admin privileges
- PHP - Problem with permissions using SESSION
- How can I find out if my user has an admin permission?
- login php with permission level
- PHP Check Session if one has privilege
- Setting permission levels in PHP
- How to identify user access privileges using PHP and MySQL?
- Identify logged users in PHP
- Check user Group Level via session or database?