{"id":28737,"date":"2024-04-17T15:02:59","date_gmt":"2024-04-17T14:02:59","guid":{"rendered":"https:\/\/nelkodev.com\/blog\/implementando-control-de-acceso-basado-en-roles-con-php\/"},"modified":"2024-06-03T18:39:18","modified_gmt":"2024-06-03T17:39:18","slug":"implementando-control-de-acceso-basado-en-roles-con-php","status":"publish","type":"post","link":"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/","title":{"rendered":"Implementing Role-Based Access Control with PHP"},"content":{"rendered":"<p>In the world of web development, ensuring that users access only the parts of the application that correspond to them is crucial to the security and operational efficiency of any platform. PHP, one of the most popular server-side programming languages, offers multiple ways to implement access control systems. Among these methods, Role Based Access Control (RBAC) stands out for its flexibility and ease of management. In this article, I will guide you through the practical steps to implement RBAC in PHP.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#%C2%BFQue_es_RBAC\" >What is RBAC?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Configurando_el_entorno_de_desarrollo\" >Setting up the development environment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Paso_1_Disenar_la_Base_de_Datos\" >Step 1: Design the Database<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Tabla_usuarios\" >Users table<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Tabla_roles\" >Roles table<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Tabla_permisos\" >Permissions table<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Tabla_rol_permiso\" >Permission_role table<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Script_SQL\" >SQL script:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Paso_2_Implementacion_de_la_Logica_de_RBAC_en_PHP\" >Step 2: Implementation of RBAC Logic in PHP<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Creando_la_clase_RBAC\" >Creating the RBAC class<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Uso_de_la_clase_RBAC\" >Using the RBAC class<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Paso_3_Integracion_y_Pruebas\" >Step 3: Integration and Testing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/nelkodev.com\/en\/blog\/implementing-role-based-access-control-with-php\/#Conclusiones\" >Conclusions<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%C2%BFQue_es_RBAC\"><\/span>What is RBAC?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>RBAC is a method of restricting system access to users based on the roles they are assigned within an organization. In this model, access rights are assigned to roles rather than individual users, which simplifies managing permissions as users change roles or new permissions are added.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Configurando_el_entorno_de_desarrollo\"><\/span>Setting up the development environment<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Before you begin deployment, make sure you have a development environment that can run PHP and a database management system like MySQL. This example uses:<\/p>\n<ul>\n<li>PHP 7.4 or higher<\/li>\n<li>MySQL 5.7 or higher<\/li>\n<li>Apache or Nginx server<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Paso_1_Disenar_la_Base_de_Datos\"><\/span>Step 1: Design the Database<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Database structure is critical to the success of an RBAC implementation. You will need at least three tables: <code>users<\/code>, <code>roles<\/code> y <code>permissions<\/code>. Here is how these tables could be structured:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tabla_usuarios\"><\/span>Board <code>users<\/code><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><code>id<\/code> (INT, PRIMARY KEY, AUTO_INCREMENT)<\/li>\n<li><code>name<\/code> (VARCHAR)<\/li>\n<li><code>e-mail<\/code> (VARCHAR, UNIQUE)<\/li>\n<li><code>role_id<\/code> (INT, FOREIGN KEY references roles(id))<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Tabla_roles\"><\/span>Board <code>roles<\/code><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><code>id<\/code> (INT, PRIMARY KEY, AUTO_INCREMENT)<\/li>\n<li><code>role_name<\/code> (VARCHAR)<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Tabla_permisos\"><\/span>Board <code>permissions<\/code><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><code>id<\/code> (INT, PRIMARY KEY, AUTO_INCREMENT)<\/li>\n<li><code>permission_name<\/code> (VARCHAR)<\/li>\n<li><code>description<\/code> (TEXT)<\/li>\n<\/ul>\n<p>You will need an additional table to relate roles to permissions, which could be called <code>permission_role<\/code>:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tabla_rol_permiso\"><\/span>Board <code>permission_role<\/code><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><code>role_id<\/code> (INT, FOREIGN KEY references roles(id))<\/li>\n<li><code>permission_id<\/code> (INT, FOREIGN KEY references permissions(id))<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Script_SQL\"><\/span>SQL script:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre><code class=\"&quot;language-sql&quot;\">CREATE TABLE roles ( id INT AUTO_INCREMENT, role_name VARCHAR(255), PRIMARY KEY (id) ); CREATE TABLE permissions ( id INT AUTO_INCREMENT, permission_name VARCHAR(255), description TEXT, PRIMARY KEY (id) ); CREATE TABLE users ( id INT AUTO_INCREMENT, name VARCHAR(255), email VARCHAR(255) UNIQUE, role_id INT, PRIMARY KEY (id), FOREIGN KEY (role_id) REFERENCES roles(id) ); CREATE TABLE permission_role ( role_id INT, permission_id INT, FOREIGN KEY (role_id) REFERENCES roles(id), FOREIGN KEY (permission_id) REFERENCES permissions(id) );<\/code><\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Paso_2_Implementacion_de_la_Logica_de_RBAC_en_PHP\"><\/span>Step 2: Implementation of RBAC Logic in PHP<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>With the database configured, the next step is to write the logic in PHP to drive the RBAC system. A basic approach involves checking the current user&#039;s permissions before allowing access to specific functionality.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Creando_la_clase_RBAC\"><\/span>Creating the RBAC class<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre><code class=\"&quot;language-php&quot;\">class RBAC { protected $pdo; public function __construct($pdo) { $this-&gt;pdo = $pdo; } public function getRolePermissions($roleId) { $stmt = $this-&gt;pdo-&gt;prepare(&quot;SELECT p.permission_name FROM permissions p INNER JOIN permission_role rp ON p.id = rp.permission_id WHERE rp.role_id = ?&quot;); $stmt-&gt;execute([$roleId]); return $stmt-&gt;fetchAll(PDO::FETCH_COLUMN); } public function checkPermission($userId, $permission) { $stmt = $this-&gt;pdo-&gt;prepare(&quot;SELECT r.id FROM roles r INNER JOIN users u ON r.id = u.rol_id WHERE u.id = ?&quot;); $stmt-&gt;execute([$userId]); $roleId = $stmt-&gt;fetchColumn(); $permissions = $this-&gt;getRolePermissions($roleId); return in_array($permission, $permissions); } }<\/code><\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Uso_de_la_clase_RBAC\"><\/span>Using the RBAC class<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre><code class=\"&quot;language-php&quot;\">\/\/ Assuming $pdo is an already configured PDO instance $rbac = new RBAC($pdo); \/\/ Check if the user with ID 1 has permission to &quot;edit_article&quot; if ($rbac-&gt;checkPermission(1, &#039;edit_article&#039;)) { echo &quot;Permission granted. You can edit this article.&quot;; } else { echo &quot;Access is denied. You do not have permission to edit articles.&quot;; }<\/code><\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Paso_3_Integracion_y_Pruebas\"><\/span>Step 3: Integration and Testing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Integrate the RBAC system into your PHP application, making sure to test each component thoroughly. Create different roles and permissions, assign these roles to some users and check if the permissions logic works as expected.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusiones\"><\/span>Conclusions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Implementing an RBAC system with PHP may seem challenging, but by following these steps and with careful planning, you can significantly improve the security and manageability of your application. Remember that security is a continuous process and you should always be attentive to possible improvements and updates to your methodologies.<\/p>\n<p>For any questions or queries, do not hesitate to visit <a href=\"https:\/\/nelkodev.com\/en\/contact\/\">my contact page<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>In the world of web development, ensuring that users access only the parts of the application that correspond to them is crucial to the security and operational efficiency of any platform. PHP, one of the most popular server-side programming languages, offers multiple ways to implement control systems [\u2026]<\/p>","protected":false},"author":1,"featured_media":28738,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[420,2206,1907],"tags":[1915,1914,205,90,330,929,15,1008,1916,18],"class_list":["post-28737","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-php","category-pruebas-de-seguridad","tag-acceso","tag-basado","tag-blog","tag-con","tag-control","tag-implementando","tag-php","tag-pruebas","tag-roles","tag-seguridad"],"_links":{"self":[{"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/posts\/28737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/comments?post=28737"}],"version-history":[{"count":0,"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/posts\/28737\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/media\/28738"}],"wp:attachment":[{"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/media?parent=28737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/categories?post=28737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nelkodev.com\/en\/wp-json\/wp\/v2\/tags?post=28737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}