Turns out that the previous idea of how to do the permissions was going to end up being a lot and lot of work and probably terribly difficult to maintain and expand. So another way was needed. After a few days of thinking and playing with variable variables. (Which are fun, dont get me wrong)
I changed the way that I am going to do permissions.
So the idea is still the same I still need
- A user who can only see the public access areas.
- A user who can view the weekly timetables but not edit classes etc.
- A user who can look after a specific location (maintain the master timetable, create classes at that location, edit classes at that location etc)
and I am sticking with the grouped permission idea similar to (More overview on the original post)
- View the weekly timetable
- View the master timetable
- Manage the master timetable (Edit, create and remove master time table entries and create terms for the location)
- Class management (Edit, create and remove classes)
- User Management (able to view, edit create and delete user accounts)
- Reports
- Site Settings
- Holiday Management
- Location Management
- Public Access.
Instead of having a permission table and then linking both users and groups to sets of permissions which will require lots of look ups to get the info from 3 different tables. I have decided to move the permissions into the users and groups tables.
So I have added a permission column to both the users and groups table which is just a text area (As the strings can get very long)
Then I have created a list of available permissions as an array on the main setup page like so.
/* Permission groups. */
$permission_groups = array("l_view_weekly_timetable", "l_view_master_timetable", "l_manage_master_timetable", "l_class_management", "m_instructor_management", "m_student_management", "m_location_management", "m_public_access", "m_invoice_management", "m_notices_management");
Now the big difference to the table is there is a l_ and m_ in front of each of them. This is so I can identify if they are master permissions (Site wide) or location specific (i.e. may have multiple of the same group but for different locations)
To display the options I declare a variable with either M for Master set or the location id reference number and call a php page that contains code similar to below. (I extracted it because it is used on 4 different pages. This way I only have to update it once to update all 4 pages)
This is fed into a switch statement like
switch($area){
case "m":
//Code here
break;
default:
//Code here
break;
} //switch
Then for each of the two statements there is a loop which creates the options in an array with the same name as the location:
/* Work through each permission group. */
foreach($permission_groups as $pg) {
/* Check if the permission group starts with a m_*/
if(substr($pg,0,2) == "m_") {
?>
<tr>
<!-- Display a checkbox -->
<td><input type="checkbox" name="m[]" value="<? echo $pg; ?>"
<?
//If in the existing permissions check the box
if(in_array($pg,$permission_array)) {
echo "checked=\"checked\"";
} //if
?>
></td>
<!-- Now display the name nicely. -->
<td><? echo ucwords(str_replace("_"," ",substr($pg,2))) ;?></td>
</tr>
<?
} //if check first two characters
} //for each permissiongroup
This is received by the following code to create a string of groups that the user is in separated by a :
foreach ($location_array as $loc) {
for($a = 0; $a < sizeof($_POST[$loc]); $a++) {
if($control == 0) {
$permission .= addslashes($_POST[$loc][$a]);
} else { //else if get the master permissions
$permission .= ":" .addslashes($_POST[$loc][$a]);
} //if else add the permission string
$control++; //add 1
} //for the size of each location array
} //for getting location permissions.
which is stored in the database as a string ready to be extracted and used. (Which I will cover next)