[co2015tickets] New Permissions System
- From: "Chris" <chris@xxxxxxxxxxxxxxx>
- To: <co2015tickets@xxxxxxxxxxxxx>
- Date: Fri, 24 Apr 2009 22:36:30 +0100
Hi all,
I've just finished coding a new permissions system for the site.
I have created 4 roles:
clerk
medicalstudent
doctor
admin
and 4 users to test those roles (username and password are identical):
clerk
student
doctor
admin
The users are already associated with their roles, but I haven't finished
assigning permissions yet.
The list of possible permissions are:
managepatients - create, view, and edit patient data
messaging
assesscase
viewowncases
takeexam
assessvirtualcase
viewkb
feedbackexams
feedbackcases
viewallcases
manageexams
manageusers
managekb
managepermissions
Hopefully the names are self-explanatory, but I will add descriptions into
the permissions table of the database.
To use these permissions you use:
$this->usermodel->checkUserPermissions($user,$permission)
Where $user is the username of the current user (you can use
$this-usermodel-getCurrentUser() to get this)
And $permission is the name of the permission (from the list above) you wish
to check for.
If the user has that permission it will return true, otherwise it will
return false.
You can use this in an if statement to prevent users accessing operations in
the vths that certain roles shouldn't be able to access (e.g. only doctors
should be able to view all cases, only admins can manage users, all roles
can use messaging and manage patients, and all roles except clerk can assess
cases)
Any problems, just let me know,
Chris
Other related posts:
