Jump to content
Larry Ullman's Book Forums

Multiple User Roles With Multiple User Portals


Recommended Posts

i just purchased the yii book, and just started developing an application with yii.

 

the application calls for multiple user account types, and multiple user portals. the basic account types would be admin, seller, buyer.

 

i am looking for the best way (best practice) to set this up. i was thinking there would be one users table, and then a seller table and a buyer table. the reason for separate tables would be that we would be storing different information about the users and the buyers. this then makes users have a 1:1 relationship with either buyer or seller table. so im still undecided here, because my understanding is that 1:1 relationships shouldnt exist. then this made me wonder if the account info should just be stored in buyer/seller table accordingly.

 

now, relating back to yii, would i want a model for user, and then models for buyer and seller and extend the user class that i create, or would i want separate classes for buyer and seller and skip the user model all together.

 

the catch is that i want to use one login form and one registration form for both with a radio button or something to that nature, but depending on which account type you are making, different information would be collected upon registration, and different views would exist when logged in.

 

im a total yii NOOb, so any help or insight anyone has would be GREATLY appreciated. at least help me going in the right direction

Link to post
Share on other sites

Hello! Sounds like a good and ambitious project. Yes, generally 1:1 relationships aren't necessary, but it doesn't mean they are all bad.  Just to confirm, before I answer in any more detail, a buyer could NEVER be a seller and vice versa?

Link to post
Share on other sites

Okay. My inclination is that buyers and sellers are very different here, and have very different experiences, so having separate login forms (areas) would make sense. And the underlying database/models would have separate buyer and seller types. This would also be easiest for you to implement. Although we haven't really talked about how admins play into this.

 

On a client's project I'm consulting on now, there are two user types and users can change from one type to the other, and the experience is relatively similar, so that projects has one users table with two specific subtables. But from what you described, that would be the right choice here.

Link to post
Share on other sites

thanks for the quick response and all the help so far larry!

 

just to clarify, you believe i should have a buy table, with a buyer model and also a seller table with a seller model?

 

if this is the case, how would i organize the authentication process? i would need to make sure "/seller/profile/update is denied to guests (easy) and someone logged in as a buyer? i know there are isGuest() and a corresponding function for authenticated. how do i handle this with two separate tables and models? can i have two separate classes for authenticating, one for each?

 

for the "admins" i was thinking about trying to have a area that is locked down, and completely separate, similar to what wordpress does. i like securing my admin areas with extra layers of security (ip address restriction and un/pw with .htaccess). i saw a post somewhere (may not have been here) where a person created backend.php and mimicked index.php. i was wondering if it is possible to have a second yii application exist in a subdirectory eg. "/adminpanel" and access the same database and just function very very differently.

 

thanks,

 

erik

Link to post
Share on other sites

thanks for the quick response and all the help so far larry!

 

just to clarify, you believe i should have a buy table, with a buyer model and also a seller table with a seller model?

 

Yes, that would be my inclination. Mostly because the buyers and sellers are so different and would have different experiences.

 

if this is the case, how would i organize the authentication process? i would need to make sure "/seller/profile/update is denied to guests (easy) and someone logged in as a buyer? i know there are isGuest() and a corresponding function for authenticated. how do i handle this with two separate tables and models? can i have two separate classes for authenticating, one for each?

 

I would create separate modules. So you'd have the base site, common to all. You'd have a buyers module. And you'd have a sellers module. And you'd have an admin module. Then you could do authentication within each. This is not beginners stuff, by the way (as you may have realized).

 

for the "admins" i was thinking about trying to have a area that is locked down, and completely separate, similar to what wordpress does. i like securing my admin areas with extra layers of security (ip address restriction and un/pw with .htaccess). i saw a post somewhere (may not have been here) where a person created backend.php and mimicked index.php. i was wondering if it is possible to have a second yii application exist in a subdirectory eg. "/adminpanel" and access the same database and just function very very differently.

 

That's the right idea, and that's what a module is: a separate Yii application in a subdirectory.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...