(11-21-2014, 04:19 PM)[email protected] Wrote: Hi,

I have a client model, a specialist model and a wholesaler model.  I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list.  How do I implement role based authorization such as this using CI?

(11-21-2014, 07:30 PM)bclinton Wrote:

(11-21-2014, 04:19 PM)[email protected] Wrote: Hi,

I have a client model, a specialist model and a wholesaler model.  I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list.  How do I implement role based authorization such as this using CI?

I would do a model function specific to specialists with a query that joins the table containing client/specialist assignation information and only return results where the client is assigned to the specialist.

That is just one of many ways you could do it.

The Auth system (AppuntoAuth) I posted in the Addins section does have an ACL.  If you were to use this, you could do different controller functions for each role and assign them to the roles through the admin interface.  Or you could use the library hasPermission() function within the controller to call the appropriate model function.

(11-23-2014, 08:21 PM)[email protected] Wrote: Thank you!  I'll have a look at AppuntoAuth.

(09-02-2018, 08:59 AM)InsiteFX Wrote: You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

(09-02-2018, 09:08 AM)skunkbad Wrote:

(09-02-2018, 08:59 AM)InsiteFX Wrote: You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

Thread is from 4 years ago. *redacted-since-post-was-deleted* is a spammer that resurrected the thread to insert his bologna.