I am creating a simple app to control user access.
I have one database table which have all user information and I need to create different privilege for different user group. For example, the manager can search all people, the Team leader can only list all team members.
I would like to know how I can approach this.
Authenticate based on session via cookie, or an authentication token.
For example: /api/userinfo?api_key={insert key here}
.
In your back end (Sudo code):
<?php
$user = $db->query("SELECT * FROM users where api_key = `{$_GET[api_key]}`");
if ( $user is manager ) {
$results = $db->query("RUN THIS QUERY, because user is a manager, and return results");
} else {
$results = $db->query("RUN THIS QUERY, because user is normal users, and return results");
}
echo json_parse($results);