我想基于SQL数据库中的值授予用户权限。我目前将用户权限存储在$_SESSION['Userpermissions']数组中,但是当我检查这些权限时,in_array总是返回false。
我已经尝试使用isset方法和array_search方法。
这里是login.php
function loginById($user_id)
{
global $conn;
$sql = "SELECT u.id, u.role_id, u.username, r.name as role FROM users u LEFT JOIN roles r ON u.role_id=r.id WHERE u.id=? LIMIT 1";
$user = getSingleRecord($sql, 'i', [$user_id]);
if (!empty($user)) {
// put logged in user into session array
$_SESSION['user'] = $user;
$_SESSION['success_msg'] = "You are now logged in";
// if user is admin, redirect to dashboard, otherwise to homepage
if (isAdmin($user_id)) {
$permissionsSql = "SELECT p.name as permission_name FROM permissions as p
JOIN permission_role as pr ON p.id=pr.permission_id
WHERE pr.role_id=?";
$userPermissions = getMultipleRecords($permissionsSql, "i", [$user['role_id']]);
$_SESSION['userPermissions'] = $userPermissions;
header('location: ' . BASE_URL . 'admin/dashboard.php');
} else {
header('location: ' . BASE_URL . 'index.php');
}
exit(0);
}
}
这里是检查权限的功能
function canDeletePost() {
if(in_array('delete-post', $_SESSION['userPermissions'])){
return true;
} else {
return false;
}
}
这是print_r的输出:
Array
(
[0] => Array
(
[permission_name] => delete-user
)
[1] => Array
(
[permission_name] => create-user
)
)
这是我用来测试的代码
<?php if (canDeleteUser()){
echo "CAN DELETE USER";
}else{
echo "CANT DELETE USER";
}?>
结果始终为“无法删除用户”
答案 0 :(得分:2)
您要搜索$_SESSION['userPermissions']中的值,但这些是数组,而不是字符串。而是使用array_column从数组中获取权限值:
in_array('delete-post', array_column($_SESSION['userPermissions'], 'permission_name'))