Permissions - How to only allow the owner(or admin) of post to edit/delete?

[eluser]MT206[/eluser]
Thanks for the reply Buso. Tank Auth is a very nice authentication library but it doesn't actually provide for any roles based access control. I just extended it to add that functionality. I found some great posts on this forum that helped in that respect immensely.

You're right that checking the role is often times not as good as checking the resource. I don't think I explained it as well as I should have but I do have the option to do both(unless I am misunderstanding what you are explaining). I use the permissions tables to deal with limiting access to various functions such as edit, delete, view, etc.
For certain pages such as an admin page I think that it would be fine to use roles but like you said it becomes cumbersome to deal with when you have quite a few roles. Because of this I have heard of people using numerical values for the roles such as Admin is 100, User is 5, and Visitor is 0. With this you could say if role > 50 you can access this page, etc. The only thing is that many forum posts I have read talk about the inflexibility that this introduces when you don't properly accommodate for new roles.
Currently the function that I use to retreive roles and check against them(taken directly from the Tank_Auth forum post(pg25)) is:

Code:

function get_user_roles($user_id)
    {
            $query = $this->db->query("SELECT *
                                       FROM users_roles
                                       INNER JOIN roles ON users_roles.rolesID=roles.rolesID
                                       WHERE userID = ".$user_id);

            $roles = null;

            foreach ($query->result() as $row)
            {
                $roles = ($roles."%".$row->name);
            }

            return $roles;
    }