How to define and use a site level "User Privilege Level" variable with Javascript / PHP / MySQL

Question

I usually tend towards specific technical questions however this is a fairly open one, but still within the confines of Q&A rather than discussion.

It regards best implementation of a user level privilege to regulate what can and cannot be done within the web application.

I'll start with an example. I want to delete a part from the database. I am logged in as Jon Doe. Jon Doe has access privilege level 1 (column in the sql database) so cannot delete parts. I would be using javascript (jQuery) to trigger the ajax PHP function to carry out the delete.

So, I have come up with a few options but I'm sure there is something better.

1. I could set a PHP "user-level" session variable at login, evaluate in the Ajax PHP delete request and return to success function to let the user know that access is denied.

   PROS: fast to access, simple

   CONS: i have to run the PHP request and mess about evaluating success

2. I could run a PHP predefined function that queries mySQL for user privilege within the Ajax PHP delete request and return to the success function and let the user know access is denied.

   PROS: evaluates in real-time (not necessarily critical but would allow privilege to change while user remains logged in)

   CONS: i have to run the PHP request and mess about evaluating successs

3. I could create a global "user-level" javascript variable (attached to window?) during the Ajax Javascript / PHP login process that I query prior to running the Ajax PHP delete request.

   PROS: stops unnecessary ajax request, very neat and easy

   CONS: seems like it could be vulnerable

I'm looking to evaluate user privilege a fair amount throughout the application so I'd appreciate any advice on what the experts have done to solve what I imagine to be a fairly common issue. I've probably missed something obvious.

Thanks.

** IN RESPONSE **

Ah, that is interesting. Yes, have a single load template interface and each content panel is loaded via ajax. I hadn't really considered just disabling or removing the interface buttons as a "pre-emptive strike". I like the idea of doing a javascript check first as well, whilst backing it up with checks on the PHP side. This would avoid me having to perform an unnecessary Ajax call if the user had already failed to reach the access level required.

Answer 1

For security and usability, handle this from the PHP side, utilizing a session to store the user's ID. Have PHP provide a link to delete if and only if the user has delete privileges. When a delete request is received, check again to see that the user has delete privileges. This makes sure that if the user loses privileges after receiving the delete link, he/she won't be able to delete. If you're using AJAX heavily in your application and the interface is only loaded once, you should have some sort of state variable sent to the browser when any request is received if the user's privileges have been augmented. This state variable should trigger a UI reload so that the appropriate links/buttons/features are now enabled. This isn't the easiest solution, but it's the most robust and allows for everything it sounds like you're looking for.