Login

sid_ · 11-21-2014, 04:19 PM

Hi,

I have a client model, a specialist model and a wholesaler model. I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list. How do I implement role based authorization such as this using CI?

bclinton · 11-21-2014, 07:30 PM

(11-21-2014, 04:19 PM)[email protected] Wrote: Hi,

I have a client model, a specialist model and a wholesaler model. I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list. How do I implement role based authorization such as this using CI?

I would do a model function specific to specialists with a query that joins the table containing client/specialist assignation information and only return results where the client is assigned to the specialist.

In your controller, you could check the user's role and call the model function that returns all clients if they are an admin, or calls the function that only returns assigned clients if they are a specialist. You might be able to use the same view in both cases.

That is just one of many ways you could do it.

The Auth system (AppuntoAuth) I posted in the Addins section does have an ACL. If you were to use this, you could do different controller functions for each role and assign them to the roles through the admin interface. Or you could use the library hasPermission() function within the controller to call the appropriate model function.

sid_ · 11-23-2014, 08:21 PM

(11-21-2014, 07:30 PM)bclinton Wrote:
(11-21-2014, 04:19 PM)[email protected] Wrote: Hi,

I have a client model, a specialist model and a wholesaler model. I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list. How do I implement role based authorization such as this using CI?

I would do a model function specific to specialists with a query that joins the table containing client/specialist assignation information and only return results where the client is assigned to the specialist.

That is just one of many ways you could do it.

The Auth system (AppuntoAuth) I posted in the Addins section does have an ACL. If you were to use this, you could do different controller functions for each role and assign them to the roles through the admin interface. Or you could use the library hasPermission() function within the controller to call the appropriate model function.

Thank you! I'll have a look at AppuntoAuth.

bclinton · 11-24-2014, 08:51 AM

(11-23-2014, 08:21 PM)[email protected] Wrote: Thank you! I'll have a look at AppuntoAuth.

Great! I'd love to get some feedback.

If it's not what you are looking for, Ion Auth ( http://benedmunds.com/ion_auth/ ) has groups which may fit what you are trying to do.

**InsiteFX** · 09-02-2018, 08:59 AM

You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

skunkbad · 09-02-2018, 09:08 AM

(09-02-2018, 08:59 AM)InsiteFX Wrote: You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

Thread is from 4 years ago. *redacted-since-post-was-deleted* is a spammer that resurrected the thread to insert his bologna.

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3

**InsiteFX** · 09-03-2018, 09:07 AM

(09-02-2018, 09:08 AM)skunkbad Wrote:
(09-02-2018, 08:59 AM)InsiteFX Wrote: You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

Thread is from 4 years ago. *redacted-since-post-was-deleted* is a spammer that resurrected the thread to insert his bologna.

Thanks, did not see that.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )