Re: [phpwslistings-dev] agent active flag
Brought to you by:
rizzo,
wendall911
Menu
▾
▴
Re: [phpwslistings-dev] agent active flag
|
From: <ad...@tu...> - 2003-03-24 19:46:00
|
I might have to think about it a bit more but I would probably try using
the variable name in setUserVar to designate and check class permissions.
Ex:
$_SESSION["OBJ_users"]->setUserVar("PHPWS_LISTINGS_" . $class_name, 3);
The PHPWS_LISTINGS_ is to make sure your variable is unique among all the
user variables and the $class_name is the name of the class whos
permissions you are setting up. You would check the variable the same way
and if nothing exists at PHPWS_LISTINGS_ . $class_name then the user does
not have access to that class.
Adam
> Masking makes my jeans creamy.
>
> How would you assign class-specific permissions?
>
> I have been meaning to consolidate some of the module_rights.
>
> Don.
>
> On Mon, 24 Mar 2003 ad...@tu... wrote:
>
>> OK I may miss some things here because I'm not a real estate agent and I
>> don't know all the ins and outs of what needs to happen there. On the
>> other hand I've been looking at the system with more than real estate in
>> mind and so I'm trying to be as abstract as possible.
>>
>> If a user is given base access to the phpwslistings module, they are
>> considered an "agent". A "broker" is designated with a single
>> sub-permisssion. If the broker permission is set for a user, they get
>> total access to the module almost like a deity (without access to all
>> other modules of course). Then you could add several other permissions
>> that are for refining an agents access to the system. These permissions
>> would be bypassed in the case of a broker.
>>
>> module_rights.txt:
>>
>> is_broker::User is a Broker
>> add_listing::Add Listings
>> delete_listing::Remove Listing
>> view_sold::View Sold Listings
>>
>> This method would work for most situations but then you get into the
>> mess
>> of handling multiple "dynamic" classes and controling agent and broker
>> permissions within each class. To best handle a situation like that you
>> would need limited user of the phpws user module and would need to
>> implement your own layer of permissions into the phpwslistings module
>> itself.
>>
>> If a user is given base access to the phpwslistings module, they are
>> considered an agent with no permissions (yet). Then with a single
>> sub-permission you could designate a user as a broker.
>>
>> module_rights.txt:
>>
>> is_broker::User is a Broker
>>
>> Then, within phpwslistings, a broker can view and edit the permissions
>> of
>> agents and assign them to classes if they wish. It should be possible
>> to
>> use the setUserVar and getUserVar functions to make this easier on the
>> developer. For storage of those permissions I would suggest using
>> masking
>> of bits for speed and limited memory usage. I actually suggested that
>> for
>> the phpws user module but Matt didn't know what I meant :)
>>
>> For each agent they would have a userVar called something like
>> phpwslistings_perms. This would simply be an integer number that
>> represents the permissions of that particular agent. Lets say we have 3
>> permissions, add listing, delete listing, and view sold listings. If we
>> represent each of these in binary they would look something like this:
>>
>> 001 = add listing
>> 010 = delete listing
>> 100 = view sold listings
>> 011 = add and delete listings
>> 111 = full access to the system - broker only functions
>>
>> Then you could define masks like:
>>
>> PHPWSLISTINGS_ADD_MASK = 001;
>> PHPWSLISTINGS_DELETE_MASK = 010;
>> PHPWSLISTINGS_SOLD_MASK = 100;
>>
>> "AND" those with the users stored variable and you will get a boolean
>> TRUE/FALSE as to whether or not the agent has access to that permission:
>>
>> $add_check = $_SESSION["OBJ_user"]->getUserVar("phpwslistings_perms") &
>> PHPWSLISTINGS_ADD_MASK;
>>
>> if($add_check) {
>> ...do add...
>> } else {
>> ...doesnt have permission...
>> }
>>
>> That probably a lot to take in. Let me know if anything was unclear as
>> I
>> tend to ramble on :)
>>
>> Adam
>>
>> > Adam,
>> >
>> >> I would suggest not using a phpws user as an agent and just associate
>> an
>> >> agent with a phpws user account. This way you can accomplish the
>> >> permissioning goals you have set down and if the admin of the website
>> >> wants to allow public users to have accounts on the site for various
>> >> reasons (personal house listings, remembered settings, etc) you don't
>> >> want
>> >> them to have "agent status" in the phpwslistings system. I can say
>> more
>> >> here but I will refrain for now to hear your thoughts on what I've
>> >> written
>> >> so far.
>> >
>> > Sounds intersting. I think I understand your concept but would like
>> you
>> > to
>> > elaborate some more if you would.
>> >
>> >
>> > Mike Windsor
>> >
>> >
>> >
>> >
>> > -------------------------------------------------------
>> > This SF.net email is sponsored by: Tablet PC.
>> > Does your code think in ink? You could win a Tablet PC.
>> > Get a free Tablet PC hat just for playing. What are you waiting for?
>> > http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
>> > _______________________________________________
>> > phpwslistings-developers mailing list
>> > php...@li...
>> > https://lists.sourceforge.net/lists/listinfo/phpwslistings-developers
>> >
>>
>>
>>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> phpwslistings-developers mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwslistings-developers
>
--
Adam Morton
Developer - Electronic Student Services
http://phpwebsite.appstate.edu
Founder - Appalachian Linux Users Group
http://alug.appstate.edu
|
