Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Konrad Pilch
Konrad Pilch
2,435 Points
Posted by Konrad Pilch
Konrad Pilch
2,435 Points

How to make permissions

HI,

So I'm making a webapp with PHP OOP and so far i can log in, and have display the user name. As well as CRUD and one thing that bothers me is, how can i make restricted rights?

SO when i log in, with any member, everyone can delete users, everyone can add pictures that that will merge.

How do i make so when a user register he becomes subscriber with his own posts that he can change, butu can't change others?

Would it be stored in the session? umm confused.

2 Answers

rhysadams
rhysadams
4,847 Points

So to plan it out for you, your post table will look something like this:

PostID UserID PostContent PostDate PostTime

We'll then display the post as you usually do, at the settings part we'll have a if else statement something like this:

if($_SESSION['ID'] == $DBUserID){ // Comment, Edit or delete? }else{ // Comment? }

Hopefully that makes some sense?

Konrad Pilch
Konrad Pilch
2,435 Points
Konrad Pilch
Konrad Pilch
2,435 Points

So i should have a new table for post right? because how would i then select the specific user and get it inot the database posts into UserID?

but im getting a better picture.

rhysadams
rhysadams
4,847 Points

Yes. You'd created a new table called something like: user_posts and have different fields in there like I mentioned in the previous answer.

rhysadams
rhysadams
4,847 Points
rhysadams
rhysadams
4,847 Points

You'd do this by setting up another field in your member database called userLevel for example and perhaps having it so when any member signs up they automatically get a minimal access user level.

If you wanted, you could set another session variable with the user level and then you could restrict them from your page by using a parent constructor for example.

public function __construct(){ if($_SESSION['userlevel'] =! 'admin'){ header("location: /"); } }

Please remember this is a rough dirty method just to get you to understand.

Hope this helps.

Konrad Pilch
Konrad Pilch
2,435 Points
Konrad Pilch
Konrad Pilch
2,435 Points

Hmmm,

So if im looking for posts, then i would find by id, and the session would automatically get the specific usre post like it gets the name? so when i write the code to display the post, i woudl need to display the user permission for it or soemthing?

It's a big vague to see how the code woudl look like in my head, but im new to it too : p and i though login system was something! It's nothing compared to permission, permission level. lol