My Blog
My WordPress Blog
My Blog

Prestashop: users, profiles, permissions, and profile_permissions.

In PrestaShop, the relationship between users, profiles, permissions, and profile_permissions can be understood through their data model and how they interact with each other. Here’s a detailed explanation of each component and their relationships:

1. Users (Employees)

In PrestaShop, users who access the back office are referred to as employees. Each employee is associated with a specific profile.

ps_employee Table

  • id_employee: Primary key, unique identifier for each employee.
  • id_profile: Foreign key linking to the ps_profile table.
  • Other fields include firstname, lastname, email, passwd, etc.

2. Profiles

Profiles define roles with specific sets of permissions. Each profile can be associated with multiple employees.

ps_profile Table

  • id_profile: Primary key, unique identifier for each profile.
  • name: Name of the profile (e.g., Administrator, Manager, Employee).

3. Permissions (Access)

Permissions are associated with profiles to define what actions can be performed on various back office tabs (sections).

ps_access Table

  • id_profile: Foreign key linking to the ps_profile table.
  • id_authorization_role: Foreign key linking to the ps_authorization_role table.

ps_authorization_role Table

  • id_authorization_role: Primary key, unique identifier for each authorization role.
  • slug: A unique identifier for each role and action combination, formatted as ROLE_MODULE_CONTROLLER_ACTION.

4. Profile Permissions (Access Management)

This table links profiles with permissions, defining the specific actions (view, add, edit, delete) that a profile can perform on different tabs.

ps_access Table (Permissions Details)

  • id_profile: Foreign key linking to the ps_profile table.
  • id_authorization_role: Foreign key linking to the ps_authorization_role table.
  • Each profile’s permission for each action is stored in a separate row.

Data Model Relationships

  1. One-to-Many Relationship between ps_profile and ps_employee: Each profile can be assigned to many employees, but each employee has only one profile.
  2. Many-to-Many Relationship between ps_profile and ps_authorization_role through ps_access: Each profile can have multiple permissions, and each permission can be assigned to multiple profiles.

Example Data Model in SQL

sqlCopy code-- Employees (Users) Table
CREATE TABLE ps_employee (
    id_employee INT PRIMARY KEY,
    id_profile INT,
    firstname VARCHAR(50),
    lastname VARCHAR(50),
    email VARCHAR(100),
    passwd VARCHAR(255),
    FOREIGN KEY (id_profile) REFERENCES ps_profile(id_profile)
);

-- Profiles Table
CREATE TABLE ps_profile (
    id_profile INT PRIMARY KEY,
    name VARCHAR(50) UNIQUE NOT NULL
);

-- Authorization Roles Table
CREATE TABLE ps_authorization_role (
    id_authorization_role INT PRIMARY KEY,
    slug VARCHAR(255) UNIQUE NOT NULL
);

-- Access Table (Permissions Details)
CREATE TABLE ps_access (
    id_profile INT,
    id_authorization_role INT,
    PRIMARY KEY (id_profile, id_authorization_role),
    FOREIGN KEY (id_profile) REFERENCES ps_profile(id_profile),
    FOREIGN KEY (id_authorization_role) REFERENCES ps_authorization_role(id_authorization_role)
);

How It Works

  1. Assigning Profiles to Employees: When creating or managing employees, you assign them a profile by setting the id_profile field in the ps_employee table.
  2. Defining Permissions for Profiles: Permissions are managed by linking ps_profile to ps_authorization_role through the ps_access table. This table records which profiles have which permissions.
  3. Checking Permissions: When an employee tries to perform an action, PrestaShop checks the ps_access table to see if the profile associated with the employee has the necessary permission.

Example Workflow

  1. Creating a New Profile:
    • Insert a new row in the ps_profile table with the profile name.
  2. Assigning Permissions to a Profile:
    • Insert rows in the ps_access table linking the profile’s id_profile to the appropriate id_authorization_role entries for the desired actions.
  3. Assigning a Profile to an Employee:
    • Update the id_profile field of the employee in the ps_employee table to the new profile’s id_profile.

By understanding these relationships and how they interact, you can effectively manage user roles and permissions in PrestaShop, ensuring that employees have the appropriate access to perform their tasks.