Roles and Permissions |
Please provide an example of Roles and Permissions in CI4 without using session and other external library.
Best to take a look at CodeIgniter Sheild.
CodeIgniter Shield Shield Documentation What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
06-04-2023, 04:59 AM
(This post was last modified: 06-04-2023, 05:01 AM by captain-sensible. Edit Reason: more )
I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.
The elements in an admin user are: 1) There is a hidden url , that admin will use . That URL will bring up a view , which has a form to log in . 2) The input fields are : i) admin user name II) admin password ii) Enter the captach symbols displayed The form is procted in that 5 goes of someone trying to log in with failure will be a "brush off" The admin table field is in a sqlitedatabase fields being : Id, name, Password ( that has been encrypted before stroing) and role So a typical entry would be : 1, AdminNAme, $2y$10$scmpB8B9o5k/yXVn66h8Xu/n.....etc, admin the input from the form is processe by a controller. The user name and password are encrypted and checked against the encrpyted in the db, the role is checked, the captcha is checked . if everything OK I set a session like Code: $_SESSION['role']="admin"; Thwen to control things what I do is have routes and filters comtrolling what can be accessed . The filter will check to see if a session has been set with role "admin" . Checks can be made ad naseum Typical urls that admin would want to go to would be /editBlogs , createBlog and such and such II then have Code: public $filters = [ 'myfilter' => ['before' => ['removeProduct','editOneProduct','editProducts','addProduct','newblog','editBlogs','removeBlog','addGallery','delGallery','admin' ]]]; So basically to edit a blog admin would go to somedomain.com/editBlogs You can't g othere to access it unless logged in as admin role in a session at that url there is a form ,whith existing blog text etc and a submit. ON submission input goes to a controller to porcess. But unless your logged in with a session that yo uare admin you will nto be able to access that URL So thats my crue approach. There may be better ways but m ystance is hey a Million users use WordPress and security has so many holes its like a pirce of Swiss cheese; meaning mine is superior . Original poster, if yo ucome back and want to know more i can elaborate
06-09-2023, 09:20 AM
(This post was last modified: 06-09-2023, 09:21 AM by DeanE10. Edit Reason: Typo ) (06-04-2023, 04:59 AM)captain-sensible Wrote: I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs. So you're giving a basic explanation of how Shield works however "Single Admin" is a bit incorrect... Shield has Groups which users are assigned with Group Level Permissions and you can add Permissions to an individual user as you wish
Sure the administrator must be one and only, then you will set an administrators group where eventually add those profiles which will have administrator's privileges
Though I have kindly suggested to add to the Shield Documentation a tutorial for this basic and popular need, since there are three guides but they are pretty particular for the moment I got no feedbacks , the team is too busy on the project itself I suppose. (06-11-2023, 11:51 AM)JustJohnQ Wrote: Is the original question a joke?I think it isn't I'm a newbie or at this point it is better to say that I'm by no means an expert on Codeigniter, for the simple reason that my work is not coding, so I'm in a permanent learning stage that looks a typical newbie question, I did similar ones at the begin Now I know where to search the various topics and I understand those difficulties , I have still some :-) and I always thank so much all the experts that with lot of patience find the time to give hints, help and tips (06-04-2023, 04:59 AM)captain-sensible Wrote: I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.hello this is the part that I mean https://codeigniter4.github.io/shield/qu...to-a-group
(06-02-2023, 04:15 AM)mayurkoshti Wrote: Please provide an example of Roles and Permissions in CI4 without using session and other external library. sorry for my poor enghlish , i try to learn shield , documentation is not complete for my own opinion. but you must first of all add your permission to config->Authgroups : Code: public array $permissions = [ now you must assign the permission Code: public function permit_to_sing_in_the_rain($id_user){ a new row is inserted on auth_permissions_users table . Now you must simply control if user can sing in the rain for example in user controller ( or implement filter) : Code: public function sing_in_the_rain() |
Welcome Guest, Not a member yet? Register Sign In |