Re: [psa-users] Feature Request?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Thursday, July 3, 2003, at 04:07 PM, Justin Koivisto wrote:

> Peter Hiltz wrote:
>> My homegrown system on an internal site isn't that good, but one 
>> thing it does (which doesn't seem quite as easy in phpsecurityadm) is 
>> a simple test of: Does the current user have X profile?
>> This allows me to show sections of pages, depending on the profile of 
>> the user. E.g. if(current_user->profile == 99) show_module1();
>> else show_module2();
>> Actually, since I have a numerical security scale, it tends to be 
>> more:
>> if(current_user->securityclearance > 9) show_module1();
>> else show_module2();
>> Is there an easy way to do this with phpsecurityadmin that I am just 
>> missing?
>
> One way to do this is to put each section of a page in a separate php 
> script using the _restrict.php file in it. Then you can assign each 
> script a security profile. If you don't want to see a message about 
> not having rights, you can suppress the output using either the ob_* 
> functions or the $PSA_DISPLAY_OUTPUT flag in the PSA config file.
>
> What Albert was thinking of (with psaug) was in an older version... To 
> do this now, you need to go through and do the following:
>
> $users=$sec_sys->getUsers();
> $groups_for_user=explode(',',$users[$_SESSION['psaun']]['groups']);
>
> This will give you an array of all the groups (or profiles) that the 
> user belongs to. In your case, you'd likely want something like:
>
> function isGroupMember($user,$group,$sec_sys){
>     $users=$sec_sys->getUsers();
>     $groups=explode(',',$users[$user]['groups']);
>     foreach($groups as $grp){
>         if($grp==$group) return TRUE;
>     }
>     return FALSE;
> }
>
> Then, in your script, you could call it like:
>
> if(isGroupMember($_SESSION['psaun'],$group_number,$PSA_object)){
>     // display it
> }else{
>     // don't display it
> }
>
> For that matter, that should be added to the class... (when I (or 
> someone else) gets around to it.)
>
> Hope this helps!
>

Ay yes, this is due to the fact that users can be in multiple groups 
now and psag will now be an array. Yes - it should also be put into the 
class so it can be accessed immediately. That is a simple enough 
addition, I'll try to fix it this weekend.