PHPDevShell Security with groups and roles
2010-01-25 22:55:32   来源:   评论:0 点击:

Roles - Giving access to executing scripts first.

We need to create a role using the GUI, lets call it "school classes", we then assign Sally and Harry to "school classes" role using the GUI. Good now we can restrict to allow only these two teachers to access the student list script from many other school scripts.

Groups - Giving access to certain data inside a script, in this case classes.

Now we have a problem, or do we? Sally needs to see only students from Maths, and Harry only students from Science. This is what groups are for, we handle data access with groups and some easy to use functions. First thing we can do from within the GUI is create a group, and some child groups, like this;

(id1)School Classes (Principle)
(id2)|___ Maths (Sally)
(id3)|___ Science (Harry)

School Classes are the parent of both Maths and Science. Now, using the GUI we can assign the Principle to School Classes cause he should see all students, we then assign Sally to Maths and Harry to Science. This is quickly done using the GUI, and very flexible it is.

The Coding.


To limit users from the coding perspective in the script is quite simple, we simply need to add the following line at the top of each script:

(is_object($security)) ? $security->load_security() : exit('Access Denied!');

Now using the setting in the GUI PHPDevShell will limit users only given access to the roles appointed to this script access.


Groups are just as simple to manage on the coding side of things. Lets look at a simple table with students and classes.

id | student_name | class_group

Obviously the class_group column contains the group id's as assigned by the system when you created the School Classes groups. All information about a user is contained within the array $configuration to make it easier for developers to get crucial user data like user id, group id, role id etc. So how do we find out what user belongs to what groups or group? Simple a single command! Looking at the diagram again;

(id1)School Classes (Principle)
(id2)|___ Maths (Sally)
(id3)|___ Science (Harry)
$get_groups = $db->get_groups();

When the principles is logged in, we will get group id: 1,2,3 because he is assigned to the parent group which is School Classes. However with Sallys ID only group id 2 will be returned, this is the only group she belongs to, poor girl.

Wow this is simple then, lets look at how the query will look like!

SELECT student_name FROM classes WHERE class_group IN ($get_groups);

Now we can list only the names of students that belongs to certain groups to certain users! There are many more advanced methods that developers can use to control groups and roles, have a look at the API documentation and also plugin examples, especially the plugin PHPDevShell itself!

// Call all groups from database.
$select_user_group = $db->new_query
		user_group_id, shop_name
		{$db->set_group_query("WHERE user_group_id IN ({$db->get_groups()})", 
                "[If you want a specific query for the root group as well you can set it here]")}

The problem with above solution is the fact that when you dont want your root group to be included in the query, he normally needs to see everything! But there is a solution to this problem as well, see example below;

As you can see in above example, the query will include "WHERE user_group_id IN..." if the user is not a root user, else if user is a root user it will skip the query completely or will run second arguments query if user is a root group. Please note their is an exact method for roles to achieve the same effect.

Please note that both group functions checks for children in a tree automatically.

Other useful methods.

Please refer to the section describing the db class in the Reference Guide.

More documentation will follow soon

  • ->security
    • post_validation ()
    • user_ip ()
    • encrypt ($string)
    • decrypt ($string)
    • is_root ($user_id = false)
    • is_logged_in ()
    • access_menu ($menu_id, $type = 'menu_id')


上一篇:Installation of PHPDevShell is extremely easy (For V 2.8.0 and newer);
下一篇:PHPDevShell Database access

分享到: 收藏