validation - PHP: how to validate access to options in a menu depending on user/group? -


i have php page shows several links options (i.e. simple menu), need validate logged in user and/or assigned group see if have access each option.

let me explain example.

my "menu.php" page has simple html listing of links, e.g.:

option1.php option2.php option3.php ... optionn.php 

[i obviating html code, showing logic]

now, each option should visible groups , or users. example, group 1 has access options 1,2,5, group 2, options 2,4,5, group 3 options 1 , 6, usera options 3,4, userb options 4,6 , on.

i need have permission either single user or group give access, in other words, or condition, either group or user, not necesarily both.

i receive both user , group via $_session variable, can validate directly.

now, best way structure script validate each options permision?

i don't have option use databases store permisions, need within code (hard coded).

an idea have create several arrays, both each option, , in each store ids of each group , user have access it, example.

$option1_users[1,2,4,5]; $option1_groups[3,5]; $option2_users[2,5,7]; $option2_groups[1,6,12]; ... 

... , on, , nest every link validation, like:

if( in_array($logged_user,$option1_users) || in_array($logged_group,$option1_groups){ echo option1.php; //the html option 1 link } 

that way, each time option going echoed, verify if user/group has access it.

although work way, think dirty , lots of arrays (twice each option). there better way this? there "common" or standard way achieve it? else besides arrays , plain ifs use?

notes: -each user can belong several groups , each group can have several users (many many relationship), irrelevant, because can validate either in script.

-the main "menu.php" has database validation access it, based on group of user (if group doesn't have permissions, user cannot enter menu), works allow access menu itself, within it, need validate again specific options user/group can see.

-i need solution hardcoded (i know, dirty, need script validate on own, not depending on databases know permissions), if have solution involving databases , storing permissions there, feel free mention , , how implement it.

thanks.

this not great solution make code little cleaner

instead of making bunch of arrays each option make 1 master array.

$options = array(1 =>array('users' => array(1,2,3,4,5), 'groups'=>array(3,5)))) foreach($options $option=>$perms) {     if( in_array($logged_user,perms['users']) || in_array($logged_group,perms['groups']){         echo '<a href="option.'.$option.'.php">option '.$option.'</a>';     } } 

like said before not ideal solution problem if have permissions coming form database handle other parts of menu should using , not create 2 section of permissions code. hard coding noted not ideal , may end causing headache sooner think.


Comments

Popular posts from this blog

c++ - Creating new partition disk winapi -

Android Prevent Bluetooth Pairing Dialog -

VBA function to include CDATA -