What you are looking for is often refered to as AC (access control). One of the most popular is an RBAC (role based access control) because it allows you to group your users/accounts into groups and give those groups certain privileges.
Let's go through the design steps of a minimal setup:
Basically what you are saying is, that you have some sort of accounts already for your users (except Guest, because that is a not-logged-in-user)
Now what the roles in RBA are, are basically groups that have or don't have certain privileges.
So that results in the following Relations:
- Zero to many Accounts belong to zero to many Roles (->group e.g. "Admin", "Manager", etc.)
- Zero to many Roles have zero to many privileges / rights (e.g. "Access the manager section" or "Update this record")
Now let's move on, what data for what part of that system you need to have in order to implement it
- Typically you have an ID on your account table for each account.
- Roles typically have an ID and a name.
- Privileges typically have at least a constant-like identifier (which should be the primary key, so that it's unique --- for example ACCESS_MANAGER - You can see why this is usefull in my code example below. It can be used to lookup ) and a name
That leads to the following tables:
Account(AccountID (PK), ...)
Account_Role(AccountID (PK, FK), RoleID (PK, FK))
Role(RoleID (PK), name)
Role_Privilege(RoleID (PK, FK), PrivilegeID (PK, FK));
Privilege(identify (PK), name)
Now you can manage roles and privileges these roles have.
If you want to check, if the current user has a specific privilege you can ask your DB, for example.
if(
$this
->getCurrentUser() //would return a dummy guest user with no roles assigned if no user is logged in
->hasPrivilege('ACCESS_MANAGER') //joins account via account_role to role to role_privilege and finally to privilege
) { /*display only links a manager would see*/ }
if($this->getCurrentUser()->hasPrivilege('ACCESS_ADMIN')) { /*display only links an admin would see*/ }
PS: The wiki articles provided are very theoretical. You might want to just google for queries like "php access control system" or similar to get you started with solutions others have come up with.