[This is theoretical at this point - No code is written for this]

On the project I am building (A forum of sorts) I will be the Admin: I will be the only person able to edit posts. Even the User, save for a 15-minute window (after posting), will not be able to edit their own post.

I need to understand how to set it up so that I have sole admin privileges, being able to post warnings to Users, edit their posts etc.

Thank you for any advice on this!


So, if you are going to be the only admin for this web application, then you shouldnt have to worry about implementing any type of roles component. What I would envision, based upon your description, is that when you log in, based on your userId or other unique piece of information related to your account, you determine that its you and you then store something to identify you as the "admin" either to a session variable or cookie.

Every time you visit a page, you check for this "admin" session/cookie value. If it exists, then show the controls on the page that allow you to edit. If it doesnt exist, show a read-only version of the page, do not allow edits.

You can simplify it some more...for example, if your UserId is "1" or "admin", whenever you visit a page, just check the userId. If it is equal to that specific value, then show the modify controls, if not show it as read only.

The more you hard-code into your application, the harder it is to make changes later if you decide to scale your application.

For this reason, you generally take more time and code for flexibility. An alternative method to the one I described is to create roles. You would also assign these roles to user accounts. When a user logs in, you get those roles and then through the incorporate some mechanism (some options I described above) to check for these roles prior to allowing someone from doing something, or showing something to the user (such as an edit button, or links on the page to admin pages, etc.., etc..).

Thank you, JorgeM.

This really further explains the situation to me.

You are always so helpful.

Thank you,

Glad to be of help.

Don't forget there are forum platforms already out there. This type of build isn't trivial.

Also to add what Jorge said in addition to checking the admin status you could opt for an entirely different form/view.

Eg if admin show admin view, if user show user view.

That way you won't have different tiers of logic in a single view. I believe this separation is preferred.