I'm developing a small project that I want to implement an "advanced" role system based on the page user visit. I have some trouble in processing the logic behind this scheme, since I want to be able to add and remove roles and permissions, I think in this way to do it. Hope you can share your suggestions with me.
I have my users table that beside the username, password, etc fields, it contains a userlevel field.
I'm planning to create the following scheme:
Roles table:
id - AI -> is referenced with **userlevel** field in users table
name - Role Name
description - Role Description Description
pages table:
id - AI
page_link -> saves the link of the page
description
permissions table:
id - AI
role_id -> referenced with **id** in roles table
page_id -> referenced with **id** in pages table
So my thought is:
Every page that is supposed to be protected in some way:
- read the userlevel from users table;
- Search if that role exists in roles table;
- If not, deny access, if exists, create an array of page_id for the role_id from users permissions;
- Create an array for pages_link from table pages based in the each page_id from table permissions;
- Read the URL and if page link in array, allow access, if not, deny access;
I have my links like: /add-user /remove-user/user_id
If I give permissions to page /remove-user, can a user delete an user? (Basically access to /remove-user/user_id)
Am I thinking this the right way? I'm getting really confused in creating such system. I would really like to have access to pages and features (for example, a moderador should be allowed to ban an user but not to delete it - if those features are on the same page, how can I achieve it?). Beside that I need another table for "functions" that allow the user do that or not and the create the code in the way?
For example table userfunctions
id
role_id
permission
If in this table there is a permission edit_users, then when rendering the page, if in array "feature", show or not button?
Can you kind please guide me in this way? There is a quicker way to do this without such theory? I can easily do this code, I'm just confused in the logic process behind a scheme like this.
Thanks