CodeIgniter Forums

Full Version: How to implement Access Control List?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have a client model, a specialist model and a wholesaler model. I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list. How do I implement role based authorization such as this using CI?
If a client can only belong to one specialist, then you'll want to add a specialist_id to the clients table.

If a client can belong to multiple specialists, then you'll want a mapping table:

client_id | specialist_id

Then on your CRUD pages before you let them edit anything, you can check your tables to make sure that the client actually belongs to the specialist.

PHP Code:
if( $this->specialist_model->has_client$client_id ) {
    // show form
else {
  // show error