User Creation Permission

plb · 10-31-2016, 03:23 PM

Why try to tie the arbitrary id to the auth level? Why not create a new column in the permissions table 'access_level' or something? No need to change the form if you only have 5 rows - just edit it in the db directly (make sure the default for a new row has very little permissions - whether that is a low or a high number).

By using a separate column you don't have to worry about special meaning for certain id or whatever.

**Brandin** · 10-31-2016, 03:24 PM

So you recommend creating a permission level, how would you recall this information to ensure that a user cannot create accounts above their access?

**dan** · 10-31-2016, 04:07 PM

Sorry.... the arbitrary ID was not for the authorization level. It was to show which user created which. Kind of an auditing feature to find out how are yous are got in the database if someone does something malicious you can go through and quickly clear out all users that that user created if need be. The account owner field is already in the database but is not being used for anything else.

**Brandin** · 10-31-2016, 04:20 PM

Hmmm...what about some kind of WHERE command in the SQL request that takes the permission levels based on an IF function. So IF this level, allow to create blah blah, or what not...I gotta piece this together on paper more first.

**mudmin** · 10-31-2016, 04:36 PM

I'm not seeing why my solution posted above won't work. I ran the code and it only shows permission levels below that of the current user.

**Brandin** · 10-31-2016, 04:46 PM

Mudmin,

I didn't try that yet, I am sorry. I didn't realize that was your solution to my request. I apologize. I will try that here in a few minutes.

Thank you.

**mudmin** · 10-31-2016, 04:51 PM

No problem. Let me know if it works. I've tested the code enough to know that it at least brings back the right results, although you might want to implement it differently. The pastebin link is probably the one to use.

**Brandin** · 10-31-2016, 08:12 PM

So it worked for the most part, however we do have an issue. Lets use the following scenario:

I have a Supervisor that has access as a CSR and User Management but not Logs. However, when this person visits the adduser.php page, they are able to add someone as a CSR or Logs. They should be able to add CSR and User Management, but not logs. User Management is their level, but it is missing from the list.

Supervisor Permissions and should be able to create:
10. CSR
30 - User Management

Supervisor currently able to add:
10. CSR
30. Log Access

We also run into the fact that a System Administrator, level 20, can add any level except level 20, which an admin should be able to add any level.

Paste of the file:
http://pastebin.com/Xe9S2Gtm

Thank you.

**dan** · 10-31-2016, 08:28 PM

I think you are right that with only 5 levels you might want to eiter write a switch statement or 5 if statements. Or you can make a table with 3 columns... Id, permission id and can add. Then you run a query to get back the options.

If you just want to deal with the admin issues you could let them access the admin-users page and everyone else use the new page.

**Brandin** · 10-31-2016, 08:31 PM

Dan,

Thanks for your reply. I think a can_add column may be my best solution and run a SELECT and IF query. I could then integrate the can_add column to be populated when a user has a permission level added, and had it run a DELETE query when a permission level is removed. I will play around with it when I get home and into tomorrow and post my solution if I come to one.

Thank you.

Login




Remember me Lost Password?