User Permission Design

I have a user class in my project. It’s used to create membership users as well as set administrative permissions etc.

The way this works is I have a method called validateAccess which has a function integer passed in. This checks the database to see if the user has access and returns true or false.

All members, including admins user the same user class.

I use this validateAccess method to determine if someone should have access to a page etc.

I also have a “news” class. Where people can add news etc.

One of the user functions is “add-news” and has an ID of 12. This ID comes from a small DB table where I have ID and FunctionName columns.

What I want to be able to do is within the “add-news” method, check to see if the user calling this method has this permission.

So in a method of the news class, call a method on the users class.

My questions are..

1) To do this -> would I need to pass in the user each time a method is called? such as $News->addNews($thisUser) or is there another option? perhaps using a session or cookie?

2) This issue is have and see here is with so many methods over several class – is this the best way to do this?

Currently I have database table with function names such as add news. Is there a better way of doing this?

_Of note – not all methods in a class need permissions such as getNews($ID) will get this one article._

Also in #PHP _↴