Welcome Guest, Not a member yet? Register   Sign In
What's the best way to create 'hooks' between the database and application?
#1

[eluser]charlieD[/eluser]
For example, you have 3 user types:

User type table:
Code:
id | name
===================
1  | Visitor
2  | Paying member
3  | Administrator

You have a piece of code that runs only for the admin user type.

You don't want to reference the ID or name directly in the code. (IDs don't make the code easy to read and names can change for editorial reasons).

What's the best approach for creating a hook to the data so you can check the user type in an ifblock for example?

1. Do you create a config file and use constants that refer to the ID, e.g.:
Code:
<?php
define('USER_VISITOR', 1);
define('USER_MEMBER', 2);
define('USER_ADMIN', 3);

if ($user->getTypeId() == USER_ADMIN) {
    //Do stuff
}

2. Or, do you add something like a 'slug' column to the database, that doesn't change:
Code:
id | name          | slug
=============================
1  | Visitor       | visitor
2  | Paying member | member
3  | Administrator | admin

And then access it in the code like this:
Code:
<?php
if ($user->getTypeSlug() == 'admin') {
    //Do stuff
}

The first method seems more programmatically correct and is probably slightly faster as it works directly with IDs, but the second method prevents you from having to define loads of constants and keeps everything in the database. Plus it can be used for prettier URLs because you're using a word instead of a number, which could be beneficial in some situations.

Or are there other much better ways of doing this (without enums)?
#2

[eluser]xzela[/eluser]
Interesting question.
What I did was created an Authentication library which tests to see what kind of user is looking at the website. Based on what's in their cookie/session I display different features...

Each registered user has a role assigned to them (all stored in the DB). Based on that role, they can see/do different things. When a user is logged in I store a limited copy of their profile in the session/cookie. When the user is trying to access a restricted page, I look in their profile to see what kind of role they have been assigned to. If they have the proper access I let them in otherwise I kick 'em to the curb.

It works but I'm sure there is another(better?) way to do it.

This is just what I do.
#3

[eluser]jedd[/eluser]
That's very close to what I did, and I gather it's pretty common (well, variants of this approach).

Testing of Visitor .v. visitor is a bit too subtle to be worth the bother of making the distinction, I think.

In my MY_Controller, I have a few functions for basic things like 'is_logged_in' and 'is_admin', but I also experimented with having these as functions in the standard helper that I load on all my pages. 6 of one, I suspect, as both code chunks get loaded on every page. Oh, both functions check session data, I hasten to add - I don't do further db calls for this stuff once I've authenticated.

Some Controllers, where every method available requires a certain level of permissions (or at least to be logged in) can then easily be vetoed with a simple is_logged_in() followed by a redirect() in the constructor.

If you have just three types of user levels, and don't expect any further complexification of that hierarchy, then I reckon the same approach would serve you well.




Theme © iAndrew 2016 - Forum software by © MyBB