Make menu items visible different user groups

guvenck

03-30-2007, 07:16 PM

Hello,

I have created a humble CMS sort of thing where I have users logging in and out. And there is of course me, the admin.

I am working on a menu system where I first create menus and then add menu items into them.

Here is my menuitems table:

CREATE TABLE `menuitems` (
`ID` int(11) NOT NULL auto_increment,
`name` varchar(255) NOT NULL default '',
`menu` int(11) NOT NULL default '0',
`target` varchar(16) NOT NULL default '',
`link_type` enum('0','1','2') NOT NULL default '0',
`link_page` int(11) NOT NULL default '0',
`link_module` int(11) NOT NULL default '0',
`link_url` varchar(255) NOT NULL default '',
`rank` varchar(2) default NULL,
`active` enum('0','1') NOT NULL default '0',
`deleted` enum('0','1') NOT NULL default '0',
`access` char(1) NOT NULL default '',
PRIMARY KEY (`ID`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

and this is how I generate the menu:

function GenerateMenu($menu_id,$style) {
include("db.php");
$result = mysql_query("SELECT name,target,link_type,link_page,link_module,link_url,access FROM menuitems WHERE menu='$menu_id' AND active='1' AND deleted='0' ORDER BY rank") or die(mysql_error());
$menu = '<div id="' . $style . '">';
$menu .= '<ul>';
while($row = mysql_fetch_array($result)) {
if($row['link_type'] == 0) { // page
$link = GetPageURL($row['link_page']);
}
if($row['link_type'] == 1) { // module
$link = GetModuleURL($row['link_module']);
}
if($row['link_type'] == 2) { // url
$link = $row['link_url'];
}
$menu .= '<li><a href="' . $link . '" target="' . $row['target'] . '">' . $row['name'] . '</a></li>';
}
$menu .= '</ul>';
$menu .= '</div>';
echo $menu;
}

Now the question:

I would like some menu items available to logged-in users only (such as Log Out) and some menu items available to visitors only (such as Log-In), some to Admin only (Administration Menu) etc...

Therefore I created an access field in menuitems table. Upon login, I could add users group variable into a $_SESSION['usergroup'] and compare this with the access field and if it equals then print it, if not, not print it.

What can be the code to do this?

iLLin

03-30-2007, 07:38 PM

Take your CMS up a notch! Setup permissions (profiles) that each user will get. For example, an admin profile, guest profile, standard profile... etc. Then when a user comes to your site:

//check if logged in... NO? your have a guest profile.
$_SESSION['profile'] == "guest";

//you are lodded in eh? OK well what profile do you have?
$_SESSION['profile'] == $logged_in_users_profile;

Then setup your permissions table to allow for certain actions to be preformed.

Then in your code:
if(logged_in_user(can_view_link) { show link }
if(logged_in_user(can_perform_action) { allow action }

etc... you get the idea.

guvenck

03-31-2007, 08:39 PM

I've been digging a little further and solved the problem using this code, may not be the best solution but anyway:

function GetPermissions($item,$ID) {
global $db_prefix;
include("db.php");
switch ($item) {
case "menuitem":
$q = "SELECT profile FROM " . $db_prefix . "permissions_menuitems WHERE miid='$ID'";
$r = mysql_query($q) or die(mysql_error());
$profiles = array();
while($ro = mysql_fetch_array($r)) {
$profiles[] = $ro['profile'];
}
break;
case "page":
// $q = "SELECT miid,profile FROM " . $db_prefix . "permissions_menuitems WHERE miid='$ID'";
break;
case "module":
// $q = "SELECT miid,profile FROM " . $db_prefix . "permissions_menuitems WHERE miid='$ID'";
break;
}
return $profiles;
}

function GenerateMenu($menu_id,$style) {
global $db_prefix;
$myprofile = $_SESSION['profile'];
include("db.php");
$result = mysql_query("SELECT ID,name,target,link_type,link_page,link_module,link_url,access FROM " . $db_prefix . "menuitems WHERE menu='$menu_id' AND active='1' AND deleted='0' ORDER BY rank") or die(mysql_error());
$menu = '<div id="' . $style . '">';
$menu .= '<ul>';
while($row = mysql_fetch_array($result)) {
// get the permissions for the menuitem in an array
$permissions = GetPermissions('menuitem',$row['ID']);
if(in_array($myprofile,$permissions)) {
if($row['link_type'] == 0) { // page
$link = GetPageURL($row['link_page']);
}
if($row['link_type'] == 1) { // module
$link = GetModuleURL($row['link_module']);
}
if($row['link_type'] == 2) { // url
$link = $row['link_url'];
}
$menu .= '<li><a href="' . $link . '" target="' . $row['target'] . '">' . $row['name'] . '</a></li>';
}
}
$menu .= '</ul>';
$menu .= '</div>';
echo $menu;
}

iLLin

04-01-2007, 01:00 AM

It's a good start!!! As you progress and come acrossed different situations with permissions, you will build onto this and add more fields, and do this, do that... This is a better way to do this and before you know it, you have a solid permissions setup :)