Sign up ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.

I am building an app that currently allows the users to have 3 different roles:

  1. Consumer
  2. Merchant
  3. Admin

I have three tables:

  1. user (Name, email, password etc with a status=0/1)
  2. user_role (The list of roles available)
  3. user_user_role (The table joining users to user roles in a many to many relationship. Also a status column indicating if the role is disabled for the user.)

But only two models:

  1. User_model
  2. User_role_model

In my User_model:

/**
 * @param $user_data
 * @param array $roles
 * @return bool|object
 */
function insert( $user_data, $roles = [] ){
    // Hash password
    if ( isset( $user_data['password'] ) ) {
        $user_data['password'] = password_hash($user_data['password'], PASSWORD_DEFAULT);
    }
    if ( $user_id = $this->db->insert( $this->table_name, $user_data ) ) {

        // Add user roles
        if (count($roles)) {
            foreach ($roles as $role_id) {
                $this->add_role($user_id, $role_id);
            }
        }

        return $user_id;

    } else {
        return FALSE;
    }
}

/**
 * Add role to user
 * @param $user_id
 * @param $role_id
 */
function add_role( $user_id, $role_id ){
    $this->db->insert(self::User_user_role_table_name, [
        'user_id' => $user_id,
        'user_role_id' => $role_id,
        'status' => self::Status_active,
        'created_on' => NULL,
        'modified_on' => NULL
    ]);
}

My questions:

  1. Is my database schema ideal? (Each role has access to a specific area with each area's controller extended from a core controller. i.e. Dashboard extends Admin_controller - which extends from a global controller. I don't foresee a need to have complex permissions in a typical RBAC.)
  2. Should I have 1 model instead of 2?
  3. Should I have the roles parameter in my insert function?
share|improve this question

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.