User Tools

Site Tools


Security Levels and Staff Roles

Managing who can access a page can be easily be done by using Security Levels and Staff Roles in the `wtkUsers` data table.

Security Levels

In many cases you want to simply define a levels of access based on Security Level within a company. This can be done using the `wtkUsers`.`SecurityLevel` data column which is a smallint and defaults to 1.

So at the top of each page you can set a minimum security level required to access using this one line of code:

$pgSecurityLevel = 90;

Then any person that has not logged in will be required to log in before seeing the page. Once they have logged in, if their `SecurityLevel` is not 90 or higher, they will see an error like this:

This is handled via the wtkLogin.php page before the code ever gets to the actual PHP you have coded.

Choosing Security Levels

These are defined in the WTK back office which you can find by going to your /admin/ folder. In the top-menu under “Site Management” in “Lookups”, do a search on “SecurityLevel”. When you initially install Wizard's Toolkit the data is set up as such:

INSERT INTO `wtkLookups` (`LookupType`, `LookupValue`, `LookupDisplay`)
   ('SecurityLevel', '1', 'Customer'),
   ('SecurityLevel', '25', 'Staff'),
   ('SecurityLevel', '30', 'Manager'),
   ('SecurityLevel', '95', 'Owner'),
   ('SecurityLevel', '99', 'Programmer');

The the premise being Customer's can access the bare minimum on the website, staff should be able to access a lot more, Managers can see analytic reports and everything that staff or customers can see. Sometimes Owners will want to have a few Invoice Analytic reports that only they can see. And of course the Programmer is all-powerful and needs access to everything.

Of course you can modify and add additional security levels as needed. You can also change the security levels on pre-made pages in the Wizard's Toolkit by simply changing the $pgSecurityLevel = 90; at the top of the page to any level you prefer.

Staff Roles

In the `wtkUsers` is also a column named `StaffRole` which is a varchar(4). This also uses the wtkLookups data table with initial data as such:

INSERT INTO `wtkLookups` (`LookupType`, `LookupValue`, `LookupDisplay`)
   ('StaffRole', 'Mgr', 'Manager'),
   ('StaffRole', 'Emp', 'Customer Service'),
   ('StaffRole', 'Tech', 'Tech Support');

You can of course edit the roles using the back office similar to how you update SecurityLevels.

Then within web pages you can check to see what the StaffRole is of the logged-in user by adding code to the wtkLogin.php page or by checking directly in PHP pages where you need that information using code like this:

$pgStaffRole = wtkSqlGetOneResult('SELECT `StaffRole` FROM `wtkUsers` WHERE `UID` = ?', [$gloUserUID]);

This works because $gloUserUID as a PHP variable contains the wtkUsers.UID value of the person that is currently logged in.

security_levels_and_staff_roles.txt · Last modified: 2022/07/18 01:14 by wtkadmin