Turns out that the previous idea of how to do the permissions was going to end up being a lot and lot of work and probably terribly difficult to maintain and expand. So another way was needed. After a few days of thinking and playing with variable variables. (Which are fun, dont get me wrong)

I changed the way that I am going to do permissions.

So the idea is still the same I still need

  • A user who can only see the public access areas.
  • A user who can view the weekly timetables but not edit classes etc.
  • A user who can look after a specific location (maintain the master timetable, create classes at that location, edit classes at that location etc)

and I am sticking with the grouped permission idea similar to (More overview on the original post)

  • View the weekly timetable
  • View the master timetable
  • Manage the master timetable (Edit, create and remove master time table entries and create terms for the location)
  • Class management (Edit, create and remove classes)
  • User Management (able to view, edit create and delete user accounts)
  • Reports
  • Site Settings
  • Holiday Management
  • Location Management
  • Public Access.

Instead of having a permission table and then linking both users and groups to sets of permissions which will require lots of look ups to get the info from 3 different tables. I have decided to move the permissions into the users and groups tables.

So I have added a permission column to both the users and groups table which is just a text area (As the strings can get very long)

Then I have created a list of available permissions as an array on the main setup page like so.

/* Permission groups. */
$permission_groups = array("l_view_weekly_timetable", "l_view_master_timetable", "l_manage_master_timetable", "l_class_management", "m_instructor_management", "m_student_management", "m_location_management", "m_public_access", "m_invoice_management", "m_notices_management");

Now the big difference to the table is there is a l_ and m_ in front of each of them. This is so I can identify if they are master permissions (Site wide) or location specific (i.e. may have multiple of the same group but for different locations)

To display the options I declare a variable with either M for Master set or the location id reference number and call a php page that contains code similar to below. (I extracted it because it is used on 4 different pages. This way I only have to update it once to update all 4 pages)

This is fed into a switch statement like

switch($area){
    case "m":
        //Code here
        break;
    default:
        //Code here
        break;
} //switch

Then for each of the two statements there is a loop which creates the options in an array with the same name as the location:

/* Work through each permission group. */
foreach($permission_groups as $pg) {
    /* Check if the permission group starts with a m_*/
    if(substr($pg,0,2) == "m_") {
    ?>
        <tr>
            <!-- Display a checkbox -->
            <td><input type="checkbox" name="m[]" value="<? echo $pg; ?>" 
        <? 
        //If in the existing permissions check the box
        if(in_array($pg,$permission_array)) {
            echo "checked=\"checked\"";
        } //if
        ?>
            ></td>
            <!-- Now display the name nicely. -->
            <td><? echo ucwords(str_replace("_"," ",substr($pg,2))) ;?></td>
       </tr>
       <?
   } //if check first two characters
} //for each permissiongroup

This is received by the following code to create a string of groups that the user is in separated by a :

foreach ($location_array as $loc) {
	for($a = 0; $a < sizeof($_POST[$loc]); $a++) {
		if($control == 0) {
			$permission .= addslashes($_POST[$loc][$a]);
		} else { //else if get the master permissions
			$permission .= ":" .addslashes($_POST[$loc][$a]);
		} //if else add the permission string
		$control++; //add 1
	} //for the size of each location array
} //for getting location permissions.

which is stored in the database as a string ready to be extracted and used. (Which I will cover next)