1// check if a user has a specific role
2public function hasRole($role_name) {
3 return isset($this->roles[$role_name]);
4}
5
6// insert a new role permission association
7public static function insertPerm($role_id, $perm_id) {
8 $sql = "INSERT INTO role_perm (role_id, perm_id) VALUES (:role_id, :perm_id)";
9 $sth = $GLOBALS["DB"]->prepare($sql);
10 return $sth->execute(array(":role_id" => $role_id, ":perm_id" => $perm_id));
11}
12
13// delete ALL role permissions
14public static function deletePerms() {
15 $sql = "TRUNCATE role_perm";
16 $sth = $GLOBALS["DB"]->prepare($sql);
17 return $sth->execute();
18}
1<?php
2class PrivilegedUser extends User
3{
4 private $roles;
5
6 public function __construct() {
7 parent::__construct();
8 }
9
10 // override User method
11 public static function getByUsername($username) {
12 $sql = "SELECT * FROM users WHERE username = :username";
13 $sth = $GLOBALS["DB"]->prepare($sql);
14 $sth->execute(array(":username" => $username));
15 $result = $sth->fetchAll();
16
17 if (!empty($result)) {
18 $privUser = new PrivilegedUser();
19 $privUser->user_id = $result[0]["user_id"];
20 $privUser->username = $username;
21 $privUser->password = $result[0]["password"];
22 $privUser->email_addr = $result[0]["email_addr"];
23 $privUser->initRoles();
24 return $privUser;
25 } else {
26 return false;
27 }
28 }
29
30 // populate roles with their associated permissions
31 protected function initRoles() {
32 $this->roles = array();
33 $sql = "SELECT t1.role_id, t2.role_name FROM user_role as t1
34 JOIN roles as t2 ON t1.role_id = t2.role_id
35 WHERE t1.user_id = :user_id";
36 $sth = $GLOBALS["DB"]->prepare($sql);
37 $sth->execute(array(":user_id" => $this->user_id));
38
39 while($row = $sth->fetch(PDO::FETCH_ASSOC)) {
40 $this->roles[$row["role_name"]] = Role::getRolePerms($row["role_id"]);
41 }
42 }
43
44 // check if user has a specific privilege
45 public function hasPrivilege($perm) {
46 foreach ($this->roles as $role) {
47 if ($role->hasPerm($perm)) {
48 return true;
49 }
50 }
51 return false;
52 }
53}
1// insert a new role
2public static function insertRole($role_name) {
3 $sql = "INSERT INTO roles (role_name) VALUES (:role_name)";
4 $sth = $GLOBALS["DB"]->prepare($sql);
5 return $sth->execute(array(":role_name" => $role_name));
6}
7
8// insert array of roles for specified user id
9public static function insertUserRoles($user_id, $roles) {
10 $sql = "INSERT INTO user_role (user_id, role_id) VALUES (:user_id, :role_id)";
11 $sth = $GLOBALS["DB"]->prepare($sql);
12 $sth->bindParam(":user_id", $user_id, PDO::PARAM_STR);
13 $sth->bindParam(":role_id", $role_id, PDO::PARAM_INT);
14 foreach ($roles as $role_id) {
15 $sth->execute();
16 }
17 return true;
18}
19
20// delete array of roles, and all associations
21public static function deleteRoles($roles) {
22 $sql = "DELETE t1, t2, t3 FROM roles as t1
23 JOIN user_role as t2 on t1.role_id = t2.role_id
24 JOIN role_perm as t3 on t1.role_id = t3.role_id
25 WHERE t1.role_id = :role_id";
26 $sth = $GLOBALS["DB"]->prepare($sql);
27 $sth->bindParam(":role_id", $role_id, PDO::PARAM_INT);
28 foreach ($roles as $role_id) {
29 $sth->execute();
30 }
31 return true;
32}
33
34// delete ALL roles for specified user id
35public static function deleteUserRoles($user_id) {
36 $sql = "DELETE FROM user_role WHERE user_id = :user_id";
37 $sth = $GLOBALS["DB"]->prepare($sql);
38 return $sth->execute(array(":user_id" => $user_id));
39}
1CREATE TABLE roles (
2 role_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
3 role_name VARCHAR(50) NOT NULL,
4
5 PRIMARY KEY (role_id)
6);
7
8CREATE TABLE permissions (
9 perm_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
10 perm_desc VARCHAR(50) NOT NULL,
11
12 PRIMARY KEY (perm_id)
13);
14
15CREATE TABLE role_perm (
16 role_id INTEGER UNSIGNED NOT NULL,
17 perm_id INTEGER UNSIGNED NOT NULL,
18
19 FOREIGN KEY (role_id) REFERENCES roles(role_id),
20 FOREIGN KEY (perm_id) REFERENCES permissions(perm_id)
21);
22
23CREATE TABLE user_role (
24 user_id INTEGER UNSIGNED NOT NULL,
25 role_id INTEGER UNSIGNED NOT NULL,
26
27 FOREIGN KEY (user_id) REFERENCES users(user_id),
28 FOREIGN KEY (role_id) REFERENCES roles(role_id)
29);
1<?php
2require_once "Role.php";
3require_once "PrivilegedUser.php";
4
5// connect to database...
6// ...
7
8session_start();
9
10if (isset($_SESSION["loggedin"])) {
11 $u = PrivilegedUser::getByUsername($_SESSION["loggedin"]);
12}
13
14if ($u->hasPrivilege("thisPermission")) {
15 // do something
16}
1<?php
2class Role
3{
4 protected $permissions;
5
6 protected function __construct() {
7 $this->permissions = array();
8 }
9
10 // return a role object with associated permissions
11 public static function getRolePerms($role_id) {
12 $role = new Role();
13 $sql = "SELECT t2.perm_desc FROM role_perm as t1
14 JOIN permissions as t2 ON t1.perm_id = t2.perm_id
15 WHERE t1.role_id = :role_id";
16 $sth = $GLOBALS["DB"]->prepare($sql);
17 $sth->execute(array(":role_id" => $role_id));
18
19 while($row = $sth->fetch(PDO::FETCH_ASSOC)) {
20 $role->permissions[$row["perm_desc"]] = true;
21 }
22 return $role;
23 }
24
25 // check if a permission is set
26 public function hasPerm($permission) {
27 return isset($this->permissions[$permission]);
28 }
29}
1object(PrivilegedUser)#3 (2) {
2 ["roles":"PrivilegedUser":private]=>
3 array(1) {
4 ["Admin"]=>
5 object(Role)#5 (1) {
6 ["permissions":protected]=>
7 array(4) {
8 ["addUser"]=>bool(true)
9 ["editUser"]=>bool(true)
10 ["deleteUser"]=>bool(true)
11 ["editRoles"]=>bool(true)
12 }
13 }
14 }
15 ["fields":"User":private]=>
16 array(4) {
17 ["user_id"]=>string(1) "2"
18 ["username"]=>string(7) "mpsinas"
19 ["password"]=>bool(false)
20 ["email_addr"]=>string(0) ""
21 }
22}