validation - PHP: how to validate access to options in a menu depending on user/group? -

-

i have php page shows several links options (i.e. simple menu), need validate logged in user and/or assigned group see if have access each option.

let me explain example.

my "menu.php" page has simple html listing of links, e.g.:

option1.php option2.php option3.php ... optionn.php

[i obviating html code, showing logic]

now, each option should visible groups , or users. example, group 1 has access options 1,2,5, group 2, options 2,4,5, group 3 options 1 , 6, usera options 3,4, userb options 4,6 , on.

i need have permission either single user or group give access, in other words, or condition, either group or user, not necesarily both.

i receive both user , group via $_session variable, can validate directly.

now, best way structure script validate each options permision?

i don't have option use databases store permisions, need within code (hard coded).

an idea have create several arrays, both each option, , in each store ids of each group , user have access it, example.

$option1_users[1,2,4,5]; $option1_groups[3,5]; $option2_users[2,5,7]; $option2_groups[1,6,12]; ...

... , on, , nest every link validation, like:

if( in_array($logged_user,$option1_users) || in_array($logged_group,$option1_groups){ echo option1.php; //the html option 1 link }

that way, each time option going echoed, verify if user/group has access it.

although work way, think dirty , lots of arrays (twice each option). there better way this? there "common" or standard way achieve it? else besides arrays , plain ifs use?

notes: -each user can belong several groups , each group can have several users (many many relationship), irrelevant, because can validate either in script.

-the main "menu.php" has database validation access it, based on group of user (if group doesn't have permissions, user cannot enter menu), works allow access menu itself, within it, need validate again specific options user/group can see.

-i need solution hardcoded (i know, dirty, need script validate on own, not depending on databases know permissions), if have solution involving databases , storing permissions there, feel free mention , , how implement it.

thanks.

this not great solution make code little cleaner

instead of making bunch of arrays each option make 1 master array.

$options = array(1 =>array('users' => array(1,2,3,4,5), 'groups'=>array(3,5)))) foreach($options $option=>$perms) {     if( in_array($logged_user,perms['users']) || in_array($logged_group,perms['groups']){         echo '<a href="option.'.$option.'.php">option '.$option.'</a>';     } }

like said before not ideal solution problem if have permissions coming form database handle other parts of menu should using , not create 2 section of permissions code. hard coding noted not ideal , may end causing headache sooner think.


Comments

Post a Comment

Popular posts from this blog

c++ - Creating new partition disk winapi -

-
i'am trying create new partition , mount volume new, thought createfile let me this, code : lpctstr lpfilename=l"\\\\.\\device\\harddisk0\\partition3"; handle handl=createfile( lpfilename, generic_read | generic_write, file_share_read | file_share_write, null, create_always, file_attribute_normal, null ); if (handl==invalid_handle_value) { qdebug()<<"handl invalid"<<" error"<<getlasterror();} bool success = definedosdevice(ddd_raw_target_path,l"i:",l"\\device\\harddisk0\\partition3"); if(!success) qdebug()<<" definedosdevice failed "<<getlasterror(); bflag = getvolumenameforvolumemountpoint( l"i:\\", // input volume mount point or directory /** u in dir
Read more

Android Prevent Bluetooth Pairing Dialog -

-
i'm developing internal application uses bluetooth printing. want bluetooth pairing occur without user input. have managed working trapping android.bluetooth.device.action.pairing_request broadcast. in broadcast receiver call setpin method, , pairing works ok, bluetoothpairingdialog displayed second or two, disappears - see link below. https://github.com/android/platform_packages_apps_settings/blob/master/src/com/android/settings/bluetooth/bluetoothpairingdialog.java since broadcast non-ordered, can't call abortbroadcast() , , wondering if there other way prevent pairing dialog appearing. can hook window manager in way? i haven't been able come way without modifying sdk. if you're oem, it's easy (i'm on 4.3): in packages/apps/settings/androidmanifest.xml, comment intent filter pairing dialog: <activity android:name=".bluetooth.bluetoothpairingdialog" android:label="@string/bluetooth_pairing_request"
Read more

php - joomla get content in onBeforeCompileHead function -

-
i'm developing joomla system plugin. need add javascript , css files if [myshortcode] shortcode found in content. how can content in onbeforecompilehead function function onbeforecompilehead() { $document = jfactory::getdocument(); //add scripts if shortcode found ... $document->addstylesheet($cssfile, 'text/css', null, array()); the $content = jresponse::getbody(); not work. thanks try this, for style sheet, $document = jfactory::getdocument(); $document->addstylesheet('http://domain.com/templates/css/style.css'); for javascript file $document = jfactory::getdocument(); $document->addscript('full url'); also can this, $document = jfactory::getdocument(); // add javascript $document->addscriptdeclaration(' window.event("domready", function() { alert("an inline javascript declaration"); }); '); // add styles $style = 'body {'
Read more