-
-
Save cbellgit/59645cfe9bc973d55996 to your computer and use it in GitHub Desktop.
PHP example file for http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$permissions = array( | |
"owner_read" => 256, | |
"owner_write" => 128, | |
"owner_delete" => 64, | |
"group_read" => 32, | |
"group_write" => 16, | |
"group_delete" => 8, | |
"other_read" => 4, | |
"other_write" => 2, | |
"other_delete" => 1 | |
); | |
$groups = array( | |
"root" => 1, | |
"officer" => 2, | |
"user" => 4, | |
"wheel" => 8 | |
); | |
$tbl = 't_event'; | |
$user_id = 2; | |
$user_groups = 4; | |
$query = " | |
select ac.c_title | |
from | |
t_action as ac | |
-- Privileges that apply to the table and grant the given action | |
-- Not an inner join because the action may be granted even if there is no | |
-- privilege granting it. For example, root users can take all actions. | |
left outer join t_privilege as pr | |
on pr.c_related_table = '$tbl' | |
and pr.c_action = ac.c_title | |
and pr.c_type = 'table' | |
where | |
-- The action must apply to tables (NOT apply to objects) | |
(ac.c_apply_object = 0) and ( | |
-- Members of the 'root' group are always allowed to do everything | |
($user_groups & $groups[root] <> 0) | |
-- user privileges | |
or (pr.c_role = 'user' and pr.c_who = $user_id) | |
-- group privileges | |
or (pr.c_role = 'group' and (pr.c_who & $user_groups <> 0))) | |
"; | |
echo $query; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment