CodeIgniter Forums

Full Version: Block access to models from loaded views
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]Brad Martin[/eluser]
Im creating an app that allows site templates to be added to the folder

Code:
./views/site/

The views will then be loaded from the application to display the site.

My problem is that i want to be able to block the views for being able to access any models by way of calling the following from the view itself

Code:
$this->load->model('modelName');

or

Code:
$this->modelName->action();

I want to do this so that i can controller what data they have access to for security purposes.

I do however still want them to be able to access all of the other functions within codeigniter just don't want them to be able to gain access to data.

Once I'm able to block out the models from being called i will create a helper functions for them to use that will permit access to only data i wish them to access.

Any help would be much appreciated. Thanks

El Forum

[eluser]TWP Marketing[/eluser]
Form the User Guide under Controllers:

Quote:...
Private Functions

In some cases you may want certain functions hidden from public access. To make a function private, simply add an underscore as the name prefix and it will not be served via a URL request. For example, if you were to have a function like this:
private function _utility()
{
// some code
}

Trying to access it via the URL, like this, will not work:
example.com/index.php/blog/_utility/
...

I'm wondering how your users could gain access to a model function from the command line or URL?
It seems not possible since the CI URL does accept a reference to model functions.

I believe this holds for the model classes as well

El Forum

[eluser]Brad Martin[/eluser]
Thanks for your reply but my question is a little different then that sorry i didn't explain better.

In the views folder there will be a site folder e.g. ./application/views/site/ In that folder a site template will be place by third parties or by the user of the software to put their own website.

Then the controller I've setup will load the view files from that directory for example if a user requested the url http://example.com/users then the controller would load the view.

Code:
$this->load->view('site/users.php');

The users.php file would then have access to all of code igniters features including the ability to run model functions.

For example the user.php file could have this:

Code:
$this->load->model('m_users');
print_r($this->m_users->listUsers());

And would have access to the data.

I could load the files external to codeigniter which would fix this but then they would not have any access to the other codeigniter features.

My goal is to be able to just block out the model functions for any view files that are loaded from the ./application/views/site/ directory