Role based user permission system for Admin Panel

Question

Hello guys I've built an admin panel which now I have to protect based on which user try to access it. I need something in php and mySQL so that I can check in the middle of my code if the user (with $_SESSION['thisUser']) has permission to modify or only view something. I'd need it easy cos I'm not good at building php classes.. don't know something that I can call like

if( $user->hasPermission('write-news') ) 
   // write news

Any help? thanks in advance!

Answer 1

Ok I think I found an easier way to perform it.

I just made few tables (users, roles, permissions and role_perm that connects the two). Then I made a php file (included right after the db-settings.php file) that retrieves all permissions of the logged users and saves them inside an array (taking userId from $_SESSION[]) and with a function hasPermission($Permission) { that checks the given permission in the array and returns true or false. This way each time I need to check for a specific permission I call it like

if(hasPermission("write-news")) {
    // let him write it
} else {
    // "you do not have permission, bye bye"
}

Maybe this isn't the proper way to set up a role based permission system or w/e it is, but It's simple and works for what I need it to. Unfortunately I really don't have time to spend learning how better systems works. If you have some suggestions about it, I'd be interested to read it.

Answer 2

Well, if you are attempting to go with an object oriented approach then certainly you can, but you need to make sure you will be having a class file where your hasPermission() for $user member variable(most probably of user class) is defined which fetches the values from database by hitting a query specifically on $user.

PS: This will make sense if you are aware frameworked PHP approach.