05-26-2016, 01:12 PM
That's where the relational part comes in.
Here's how I would tackle that part.
If you only need 1 godAdmin, you're already set. The user with the id of 1 can already view all pages regardless of what is setup in the database. Sneaky, I know.
The trick to all the stuff you're doing is at the sql queries at the top of the pages that fetch the "editable data." So, in other words, if each user has a companyID attached in the user table and a useradmin has the same companyID, then when you make your version of the "view all users" page, all you have to do is change the query from
$userQ = $db->query("SELECT * FROM users LEFT JOIN profiles ON users.id = user_id ");
to
$userQ = $db->query("SELECT * FROM users LEFT JOIN profiles ON users.id = user_id WHERE companyID = $user->data()->companyID");
Basically, because your companyID is coded into the user table related to that useradmin, any time you put "WHERE companyID = $user->data()->companyID" it is going to restrict that useradmin's access to only "their own" people/companies.
The same goes for creating a new user. The useradmin has their company id hard coded, so whenever you create a new user you would insert the company id of the admin in as the one of the newly created user.
Soooo, here's how I would tackle this problem.
The things that the godAdmin should be able to do should be controlled through the built in userspice functions. In other words, the only people who should be able to visit these broad reaching pages are the ones who have the access level of god-admin. They can even have a master list of company ids on the side so they can reference them when creating new groups/companies etc.
All of the useradmin stuff should be restricted by sql query (to the company id) AND by access level in userspice.
Does that make sense?
I look at this a lot like the Wordpress Multi site stuff. I know that there are people out there who want this and I'd love to roll out a version for it. In the mean time, I can definitely try to point you in the right direction. Hopefully you can share back how this stuff works for you.
Here's how I would tackle that part.
If you only need 1 godAdmin, you're already set. The user with the id of 1 can already view all pages regardless of what is setup in the database. Sneaky, I know.
The trick to all the stuff you're doing is at the sql queries at the top of the pages that fetch the "editable data." So, in other words, if each user has a companyID attached in the user table and a useradmin has the same companyID, then when you make your version of the "view all users" page, all you have to do is change the query from
$userQ = $db->query("SELECT * FROM users LEFT JOIN profiles ON users.id = user_id ");
to
$userQ = $db->query("SELECT * FROM users LEFT JOIN profiles ON users.id = user_id WHERE companyID = $user->data()->companyID");
Basically, because your companyID is coded into the user table related to that useradmin, any time you put "WHERE companyID = $user->data()->companyID" it is going to restrict that useradmin's access to only "their own" people/companies.
The same goes for creating a new user. The useradmin has their company id hard coded, so whenever you create a new user you would insert the company id of the admin in as the one of the newly created user.
Soooo, here's how I would tackle this problem.
The things that the godAdmin should be able to do should be controlled through the built in userspice functions. In other words, the only people who should be able to visit these broad reaching pages are the ones who have the access level of god-admin. They can even have a master list of company ids on the side so they can reference them when creating new groups/companies etc.
All of the useradmin stuff should be restricted by sql query (to the company id) AND by access level in userspice.
Does that make sense?
I look at this a lot like the Wordpress Multi site stuff. I know that there are people out there who want this and I'd love to roll out a version for it. In the mean time, I can definitely try to point you in the right direction. Hopefully you can share back how this stuff works for you.