Jump to content
MakeWebGames

Staff Rank/Permissions - complete overhaul


Magictallguy
 Share

Recommended Posts

I present to you: manageable permission-based staff ranks

In the old system, they're hard-coded in.
Any time you want to give a player/staff member access to something new, you must edit the code.

In my new system, you simply edit their Staff Rank in the staff panel and access is granted/denied based on exactly what you want.
Screenshots of how this works are available further down in another post (due to original site death).

All it uses is 1 SQL table, an addition to the (grpg)users table, and a self-caching function to check staff permissions.
I'm open to offers and comes with full installation, custom to your design

  • Like 1
Link to comment
Share on other sites

  • 1 month later...

Curious, seems a long way round adding it manually to each page, why not just add in URL's? So in globals it reads the current file name, checks the users session or db and check for access?

Link to comment
Share on other sites

Curious, seems a long way round adding it manually to each page, why not just add in URL's? So in globals it reads the current file name, checks the users session or db and check for access?

I would be curious to see what you mean exactly???

from what I can see with this is that it's similar to what you have done with your MCC API that you created with your `canAccess()` method (sorry if it's the incorrect name). Something like this:

public function canAccess($col) {
   global $db;
   $sql = "select {$col} from <insert table name here> where userid = {$this->id}";
   $r = $db->query($sql);
   if($db->fetch_row($r) == "yes") {
       return true;
   }
   else {
       return false;
   }
}
Link to comment
Share on other sites

What if you was to do something like this so you dont end up with 100 columns in your database

Table User Permissions

- ID int
- levelName varchar(128)
- access varchar(128)

sample data

1, "staff", 1111111111111111
2, "moderator", 1101000110000010
3, "user", 0000000000000000

function checkAccess($pageID, $userID) {

   global $db;
   if (!ctype_digit($userID)) {
       return false;
   }

   $query = $db->query("SELECT access FROM `userTable` INNER JOIN `userPermissions` ON (`userTable`.`userLevel` = `userPermissions`.`id`) WHERE `userTable`.`id` = ".$userID);

   if ($db->fetch_assoc($query)["access"][$pageID] == "1") {
       return true;
   } else {
       return false;
   }

}
Link to comment
Share on other sites

I would be curious to see what you mean exactly???

from what I can see with this is that it's similar to what you have done with your MCC API that you created with your `canAccess()` method (sorry if it's the incorrect name). Something like this:

public function canAccess($col) {
   global $db;
   $sql = "select {$col} from <insert table name here> where userid = {$this->id}";
   $r = $db->query($sql);
   if($db->fetch_row($r) == "yes") {
       return true;
   }
   else {
       return false;
   }
}

canView();

And that takes into account an array from the module in question. If I was to implement something across the whole of MCC there would be 2 ways I would do it;

- Either take file out the url and check against the DB

- Or serialise a whole bunch of permissions, then unserialise and put them in a session, however you would need to add code in tons of places.

Link to comment
Share on other sites

I'd totally just route every page request through some form of access control file. Determine which URL is trying to be accessed, and then check to see if the current user is allowed to access that URL.

This wouldn't work if the user was allowed to change certain things but not others. Would take much less time then editing all of the files though.

Link to comment
Share on other sites

I wouldnt recommend anyone to buy it since a dmca can be sent for using it....

And if mods needs a proof i can provide one happily, just trying to keep you guys safe not trshing the thread , no hard feelings mtg...

Sorry what?

Link to comment
Share on other sites

I wouldnt recommend anyone to buy it since a dmca can be sent for using it....

And if mods needs a proof i can provide one happily, just trying to keep you guys safe not trshing the thread , no hard feelings mtg...

A DMCA for use my mod that I've allowed? Get a grip of yourself, there's plenty of hard feelings Ibraheem..

 

Still selling this?

Yes.

 

What if you was to do something like this so you dont end up with 100 columns in your database

Table User Permissions

- ID int
- levelName varchar(128)
- access varchar(128)

sample data

1, "staff", 1111111111111111
2, "moderator", 1101000110000010
3, "user", 0000000000000000

 

function checkAccess($pageID, $userID) {

   global $db;
   if (!ctype_digit($userID)) {
       return false;
   }

   $query = $db->query("SELECT access FROM `userTable` INNER JOIN `userPermissions` ON (`userTable`.`userLevel` = `userPermissions`.`id`) WHERE `userTable`.`id` = ".$userID);

   if ($db->fetch_assoc($query)["access"][$pageID] == "1") {
       return true;
   } else {
       return false;
   }

}

The way I've done it uses its own table with only 1 addition to the (grpg)users table.

The reason I've not routed it through an access file is due to a security flaw that would arise by using encrypted URLs - you simply can't beat hard-coded methods when it comes to things like that.

Link to comment
Share on other sites

  • 5 years later...

That domain is no longer registered, nor do I have the original screenshots.
Here's a couple of screenshots from a game where it's been extensively implemented.

Ranks: Index
image.thumb.png.2ae113db380cfec8b51aacfece80512f.png

Ranks: Add New (1)
image.thumb.png.6c51bf08154077a4afa9368de142b6f6.png

Ranks: Add New (2)

image.thumb.png.877312312e36b19c9edd81ab18e201bc.png


Ranks: View (1)

image.thumb.png.095bc847271eedc38b842713092dfcaa.png

Ranks: View (2)

image.thumb.png.728d0380d5f783e355e6bbc1b9603999.png


Ranks: Edit (1)

image.thumb.png.c91a2bd301dd05d7b9baf215351c653d.png


Ranks: Edit (2)
image.thumb.png.1a33b62a71cc98f9c6fb0a737436235c.png

Deletion has an interstitial confirm dialog then redirects back to Rank Index upon confirmation/cancellation.

  • Like 4
Link to comment
Share on other sites

8 hours ago, Magictallguy said:

That domain is no longer registered, nor do I have the original screenshots.
Here's a couple of screenshots from a game where it's been extensively implemented.

Ranks: Index
image.thumb.png.2ae113db380cfec8b51aacfece80512f.png

Ranks: Add New (1)
image.thumb.png.6c51bf08154077a4afa9368de142b6f6.png

Ranks: Add New (2)

image.thumb.png.877312312e36b19c9edd81ab18e201bc.png


Ranks: View (1)

image.thumb.png.095bc847271eedc38b842713092dfcaa.png

Ranks: View (2)

image.thumb.png.728d0380d5f783e355e6bbc1b9603999.png


Ranks: Edit (1)

image.thumb.png.c91a2bd301dd05d7b9baf215351c653d.png


Ranks: Edit (2)
image.thumb.png.1a33b62a71cc98f9c6fb0a737436235c.png

Deletion has an interstitial confirm dialog then redirects back to Rank Index upon confirmation/cancellation.

Nice job hon.. Thank you for the screenshots.

Link to comment
Share on other sites

  • 2 years later...
On 3/3/2014 at 11:21 AM, Magictallguy said:

I present to you: manageable permission-based staff ranks

In the old system, they're hard-coded in.
Any time you want to give a player/staff member access to something new, you must edit the code.

In my new system, you simply edit their Staff Rank in the staff panel and access is granted/denied based on exactly what you want.
Screenshots of how this works are available further down in another post (due to original site death).

All it uses is 1 SQL table, an addition to the (grpg)users table, and a self-caching function to check staff permissions.
I'm open to offers and comes with full installation, custom to your design

its not here anymore any chance you still have it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...