MySQL和PHP-检查用户是否有权访问数据
[英]MySQL and PHP - Check if user has access to data
问题描述
I have a crossreference table owner_meeting_crossref with a column (owner_id) for owner IDs and column (meeting_id) for meeting IDs that the owner has access to. 
我有一个交叉引用表owner_meeting_crossref,其中一列(owner_id)用于所有者ID,一列(meeting_id)用于会议所有者可以访问的ID。
My php script is sent an array of meetings, and I know the current user ID is $current_user_id. 我的php脚本发送了一系列会议,我知道当前的用户ID是$ current_user_id。 How can I efficiently check that the user (owner) has access to the meeting IDs sent in? 如何有效地检查用户(所有者)是否有权访问发送的会议ID?
1 个解决方案
解决方案1
0 已采纳 2011-02-19 19:34:20
One option would be to fetch the meetings from the list that the user has access to, then calculate the difference. 一种选择是从用户有权访问的列表中获取会议,然后计算差额。
$meetingStr = implode(',', array_map('intval', $meetings));
$accessibleMeetingQuery = $db->prepare("
SELECT meeting_id
FROM owner_meeting_crossref
WHERE owner_id=:uid AND meeting_id IN ($meetingStr)
");
$accessibleMeetingQuery->execute(array(':uid' => $current_user_id));
$accessibleMeetings= $accessibleMeetingQuery->fetchAll(PDO::FETCH_COLUMN);
$inaccessibleMeetings = array_diff($meetings, $accessibleMeetings);
Another would be to do it all from SQL 另一个可能是通过SQL完成所有操作
SELECT m.id
FROM meetings AS m
LEFT JOIN owner_meeting_crossref AS om
ON m.id=om.meeting_id AND om.owner_id=:uid
WHERE m.id IN ($meetingStr)
AND om.meeting_id IS NULL
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.