PHP / MYSQL

bagends · 03-24-2008, 09:36 AM

Hey guys, I need some advice on the best way to set this up. The project is being done in mysql and php. It's a really simple question, but I can't decide.

I need to have a user system where employees and customers can log in. Both groups need to have different restrictions based on what they can do / view on the site. Each customer will also be able to set up "sub-customers", their employees, with access to anything in which they (the "top-level" customer) are currently granted access. Also, unlike employees, customers will only be able to access files directly related to that customer.

I was considering a mysql database setup something like this:

PHP Code:



[employee.table] 
  employee-id 
  employee-name 
  etc... 
 
## Example Data 
1, Brenda Jones, ... 
 
[customer.table] 
  customer-id 
  customer-company 
  customer-code 
 
## Example Data 
1, Widgets R Us, C001 
2, Widgets Co, D005 
 
[user.table] 
  user-id 
  user-name 
  user-pass 
  user-type 
  user-restriction 
 
## Example Data 
1, John Smith, ***, customer, C001 
2, Brenda Jones, ***, employee, '' 
 
[userperm.table] 
  user-id 
  program 
  perm 
 
## Example Data 
1, users, edit 
2, user, view

Of course, this isn't the exact way, just a rough idea. I know I'll need some way to link employees in the user table to the employ table.
I'm trying to keep it simple, avoid data redundancy, etc...
I don't know what the best way to accomplish this would be, even considered two seperate user tables (customer-users and employee-users.) Another requirement is that any action done needs to be associated with the user that did it (e.g. if a user is added, who did it?)

Any ideas? Thank you.

chrism01 · 03-24-2008, 07:49 PM

sounds like you need a parent_id column on the customer table, contains the id of the customer that created the 'sub-customer'.
For a 'top-level' customer, possibly use a special value eg zero, or add a row for admin user and use their id for top-customers. (of course you'll need to add zero for the admins parent_id).
In SQL terms, that's prob simpler than having top-level customers have their own id as their parent id.
It does sound like separate table for actual employees would be a good idea.
You can have audit tables for tracking actions ie cols for who/what/when etc.
If you've got 5.0 or better, you may be able to use a DB trigger.

BrianK · 03-24-2008, 08:18 PM

Not sure if I follow the question... it sounds like you want one user table but then be able to determine if a user is an employee or not. is that right?

if that's the case, then you could have one user table with a tinyint (or bool) column "is_employee".
you could also have an enum column "user_type" with values "EMPLOYEE,CUSTOMER"
you could also have a user table with general user info, then an employee column with specific employee data, one field of which will be a reference to the user_id, so you can do something like :

SELECT empoyee_spefic_thing, user_general_thing, <other_fields> FROM user,employee WHERE empoyee_user_ref = user_id AND employee_name = "Bob Smith";

does that help?

bagends · 03-26-2008, 09:09 AM

Thanks guys, I appreciate the good advice. It does help a bit. Sorry it took me so long to respond back.

--Bagends