Menu

phplib permission

Help
Anonymous
2004-04-22
2004-04-28

  • Anonymous

    Anonymous - 2004-04-22

    Hi,

    I tried to follow the documentation to setup inclusive permission for my website using phplib 7.4.  But I still get the permission denied even the permission is correct.

    In my local4.inc I have done the following.
    class Example_Perm extends Perm {
      var $classname = "Example_Perm";
     
      var $permissions = array(
                                "user"       => 1,
                                "author"     => 2,
                                "editor"     => 4,
                                "supervisor" => 8,
                                "admin"      => 16
                              );

      function perm_invalid($does_have, $must_have) {
        global $perm, $auth, $sess;
        global $_PHPLIB;
       
        include($_PHPLIB["libdir"] . "perminvalid.ihtml");
      }
    }

    From the page I want to protect I have done
    page_open(array("sess" => "Example_Session",
                             "auth" => "Example_Auth",
                             "perm" => "Example_Perm",
                             "user" => "Example_User"));

    $perm->check("admin");

    Any idea I still keep getting the permission denied.

     

    • Layne Weathers

      Layne Weathers - 2004-04-22

      Make sure your user record in the auth_user table has the correct permission value assigned.

       

    • Anonymous

      Anonymous - 2004-04-22

      Hi Thanks for the reply.

      I have found out that because I assign number for the permission field.  Once I change it to "admin" it work again.

      However, my inclusive permission is still not working.  A page with $perm->check("user") will still deny admin user.

       

    • Layne Weathers

      Layne Weathers - 2004-04-22

      You have exclusive permissions set. Use 1, 3, 5, 7, 15 instead (think binary).

       

    • Joe Stewart

      Joe Stewart - 2004-04-22

      The example you used is for exclusive permissions.

      See:
      http://www.sanisoft.com/phplib/manual/how_permissions_work.php

      For admin and user perms it would be 17.
      For all the above 31.

      Joe

       

    • Anonymous

      Anonymous - 2004-04-26

      Forgive me as I am still confusing.

      I have tried the following. From my database table

      update users set permission='admin' where username='admin';

      From the page I want to protect I code the following

      $perm->check("1");

      But I still get the following error.

      Permission denied
      Your session 1b4e2dc808835887ce0f907b609d8214 has been authenticated with a user id of 1 and a user name of admin.

      To access this page, the following permissions are required: 1.
      I won't let you access this page, because you have these permissions: admin.

       

      • Layne Weathers

        Layne Weathers - 2004-04-26

        Use the name of the permission level for 1. If $permissions = array("user" => 1, "admin" => 3); use $perm->check("user"); not $perm->check("1") or $perm->check(1)

        Remember, the idea is to us level names throughout your app as they are far easier to remember than the bit level.

         

    • Anonymous

      Anonymous - 2004-04-27

      Hi I have done that before but it doesn't work

      Here is my local4.inc file
        var $permissions = array(
                                  "user"       => 1,
                                  "author"     => 2,
                                  "editor"     => 4,
                                  "supervisor" => 8,
                                  "admin"      => 16
                                );

      In the page I want to protect.

      require_once("./config/config.php");

      page_open(array("sess" => "Example_Session",
                               "auth" => "Example_Auth",
                               "perm" => "Example_Perm",
                               "user" => "Example_User"));

      $perm->check("user");

      In my database user table I have permission column for admin user set to admin.

      But I still get the following error message

      Permission denied
      Your session 9e1464bf496104909c245c570d026776 has been authenticated with a user id of 1 and a user name of admin.

      To access this page, the following permissions are required: user.
      I won't let you access this page, because you have these permissions: admin.

       

    • Joe Stewart

      Joe Stewart - 2004-04-27

      Read a little closer.  You are asking:

      $perm->check("user"); 

      Does this user have "user" permissions?

      var $permissions = array(
      "user" => 1,
      "author" => 2,
      "editor" => 4,
      "supervisor" => 8,
      "admin" => 16
      );

      No -

      admin - 1000
      user -    0001

      No match

      If you want admin to include all the permissions, add them up in binary.

      "user" => 001,
      "author" => 010,
      "editor" => 100,
      "supervisor" => 1000,
      "admin" => 1111 = 17

      But you might really want like the documentation says for inclusive permissions:

      http://www.sanisoft.com/phplib/manual/how_permissions_work.php

                                   var $permissions = array(
                                           "user"       => 1,
                                           "author"     => 3,
                                           "editor"     => 7,
                                           "supervisor" => 15,
                                           "admin"      => 31
                                    );

       

    • Anonymous

      Anonymous - 2004-04-28

      Oops.  my problem solved.

      Thanks for your patient and your help.

       

Log in to post a comment.