The session stores the value of the user profile type. You need to substitute this value in all SQL queries as a WHERE clause.

For example: WHERE userType = $_SESSION['type']

The problem is that there are about a hundred such requests in the project, each has its own field name to which this condition should be applied.

What can be simplified in this case?

Update

In more detail, you can say this:
Information from different countries is added to the site. Added entries by a user from Austria will automatically be tagged with a country tag in the database (Austria). Suppose a user from Russia changes the country where the site is viewed, the ID of the selected country (Austria) is entered into the session. Now the Russian, looking through the site, will see only information from Australia. Those. for all SQL queries, the value is Austria.

  • Wang, that if you describe the problem wider, there will be very sensible and non-hemorrhoid sentences - etki

3 answers 3

It is not possible to do this with an automatic machine at all, because never 100% of calls to the database will contain a call to a table of countries, and the rest will be 10% of hemorrhoids, to which a separate approach will be needed than to all the others. How would I solve this problem (I do not know CI, an example on Yii).

  • Enter the CountrySelectionAwareModelInterface interface, which consists of literally a couple of methods: setCountryId() , getCountryColumnName() , you can add setCountryIds() to the extension. setCountryId() assigns the ID of the country of interest to the interface implementing the object, getCountryColumnName() ensures that the name of the corresponding field in the table is retrieved.
  • We implement this interface directly in the intermediate class of the model, from which other models will be inherited.
  • We implement the behavior or filter in the intermediate class, which will pull up this data and process the request, adding a new condition to it. (in Yii, by the way, this would be defautScope() simply via defautScope() ).
  • That which has not taken off is dealt with by hands.

    Most likely, queries go through some kind of wrapper for mysql - something like (DB::select()) . So why not just bring all this logic into this wrapper, then the queries will not have to be rewritten, they can be changed inside the wrapper. In any case, I do not know how you did it there, and I can only guess.

      Make a procedure that will take the field name and session, filter there for the wrong session and return, and in general there should be an appropriate architecture of your project that would simplify your work 100%.

      • If you go back to architecture - for the future. Which option is possible? - Jony
      • @Oleg Ponomarchuk, on the current task to say nothing - Manitikyl
      • I do not understand you, nothing or nothing? - Jony
      • @Oleg Ponomarchuk, we do not know the current architecture to talk about the future. Most likely, some RBAC solution will be suitable there, but it is impossible to talk about it in the abstract project. - etki
      • Edited the question - Jony