We would like all users regardless of access levels to login in with valid credentials. Why is my code failing?

Question

Our site has 5 pages. Only one group of users with access level 3 are allowed to view all sites.

Those without access level 3 have less priviledges.

table1 has a list of all users with access level 3

The structure is thus:

table1 
table1Id
access_level
userid

Then there is table2 with rest of users

table2
table2Id
userId
username
password

All users in table1 also belong to table2. That's why they are able to see all pages.

userId is the relationship between table1 and table2.

What I would like to accomplish with this query below is ensure that ALL users, both on table1 and table2 are accounted for.

In other words, they all have the ability to login in successfully.

Part two of my task is to ensure that only users with access level 3 get to see all pages while those without it, see limited pages.

This part is not part of this question.

My question is, how do I ensure that all users have the ability to successfully log in as long as their credentials can be authenticated?

Below is code and thank you in advance for your help.

select username, 
       password, 
       isnull(access_level,0) access_level 
from table2 e 
left join table1 m on e.userid = m.userid
where username is not null

This query is producing only 0s (zeros).

There are a total of 589 records with access_level 3 and overall total of 7,209.

This is for SQL Server

Answer 1

Always include CREATE TABLE and INSERT statements in your questions. These are minimal, and just educated guesswork.

create table table2 (
  table2Id integer primary key,
  userId integer not null unique,
  username varchar(20) not null unique,
  password varchar(15) not null
);

create table table1 (
  table1Id integer primary key,
  access_level integer not null,
  userid integer not null references table2 (userId)
);
insert into table2 values (1, 1, 'a', 'a');
insert into table1 values (1, 3, 1);
insert into table2 values (2, 2, 'b', 'b');

IMHO, table1.access_level and table2.username should be declared NOT NULL. I edited your query with that in mind.

select e.username, 
       e.password, 
       coalesce(m.access_level, 0) as access_level
from table2 e 
left join table1 m on e.userid = m.userid

username  password  access_level
--
a         a         3
b         b         0

Now, what you need to do with that in order to manage access and authentication is a different issue.

Answer 2

The key is to match a user is in level 3 or not and do the proper validation.

I would go for a query with an UNION clause, and on the WHERE clause I would write something like that (I'm not sure about all your table or rules of validation, but try to get the ideia):

WHERE (access_level = 3 || username = ? AND password = ?)