CODEWITHSUNDEEP
phpmysqlauthenticationlaravel-4permissions
Daniel Euchar
Daniel Euchar

Reputation: 1820

Handling Permission PHP and MYSQL

Need suggestion for handling user permission, My application has 2 factors :

  1. Location
  2. Modules

Scenario:

A user in system might have access to 3 modules in location1 and 2 modules in location2

Now how should i handle my Table

Method 1:

Assigning a permission column in the user table it self and separating permission using delimiter example:

Permission(column) : loc1m1,loc1m2,loc1m3,loc2m1,loc2m2

Method 2:

having a separate table for the permissions: 

| id | userid | location | module | status |
|----|--------|----------|--------|--------|
| 1  | 1      | loc1     | 1      | 1      |
| 2  | 1      | loc1     | 2      | 1      |
| 3  | 1      | loc1     | 3      | 1      |
| 4  | 1      | loc2     | 1      | 1      |
| 5  | 1      | loc2     | 2      | 1      |

Or If there is a better practice i would like to know about it

each person will have different permission so defining roles is not required.

Kindly share your insights. here is the schema

http://www.laravelsd.com/share/7fOnku

Thanks

Upvotes: 1

Views: 404

Answers (3)

Peter Blazovics
Peter Blazovics

Reputation: 71

I think you should create 5 table:

main table

  1. Users(id, name, ...)
  2. Locations(id, name, ...)
  3. Moduls(id, name, ...)

pivot table:

  1. users_locations(id, users_id, locations_id)
  2. locations_moduls(id, locations_id, moduls_id)

After this you can use table joins (many-to-many). If you use laravel, this can help you: https://scotch.io/tutorials/a-guide-to-using-eloquent-orm-in-laravel

Upvotes: 1

Oliver Bayes-Shelton
Oliver Bayes-Shelton

Reputation: 6292

I am not sure if you have looked into Access Control List yet but laravel and symfony both have really good articles on the matter and some amazing bundles that work well so you might be kinda inventing the wheel.

take a look at these articles:

https://medium.com/laravel-4/laravel-4-acl-a7f2fa1f9791

http://ollieread.com/blog/2014/03/18/a-simplified-laravel-acl/

packages:

https://packagist.org/packages/jacopo/laravel-authentication-acl

https://github.com/intrip/laravel-authentication-acl

Upvotes: 1

Laurence
Laurence

Reputation: 60048

Definitely do not do Method 1.

Method 2 is generally the accepted way of doing it. This way you can run queries about who has access to specific areas, or what areas a certain user can access.

The other option is to use a package that handles access control for you - I generally use https://github.com/BeatSwitch/lock-laravel

Upvotes: 1

Related Questions