+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Restricted area (/showthread.php?tid=50360)
Restricted area - El Forum - 03-23-2012
[eluser]Mauricio de Abreu Antunes[/eluser]
I created a validation to check if the user is admin type.
I wanted to automate this checking in the admin pages.
My administration pages look like: www.example.com / admin / controller / function
Maybe I can pick up the thread and see if it is "admin", if I call to check. Any better ideas? And for other levels of security? What would you do?
Thx! :-)
Restricted area - El Forum - 03-23-2012
[eluser]InsiteFX[/eluser]
You could create a restrict method in your library and then restrict the controller to
groups, admin etc. this way you could restrict different controllers to different groups etc.
Restricted area - El Forum - 03-23-2012
[eluser]code137[/eluser]
I've only been working with codeigniter for the past few days, but what I ended up doing was creating custom core controllers for different levels of access. So I now just extends Admin_Controller in all of my regular controllers than provide admin functions. Then in the Admin_Controller's constructor I do all of the session checking. I saw this post about it http://philsturgeon.co.uk/blog/2010/02/CodeIgniter-Base-Classes-Keeping-it-DRY
Restricted area - El Forum - 03-23-2012
[eluser]solid9[/eluser]
As far as I know.
The common way is to create a table called users_groups and groups.
You can use the GROUPs table as reference
Code:
ID | Name | Description
-----------------------------
1 | Admin | Administrator
2 | Normal | Ordinary member
3 | Gold | Gold memberAnd you can use the users_groups table as junction table.
As InsiteFX said you can create a method to restrict a user.
Restricted area - El Forum - 03-24-2012
[eluser]kr1pt[/eluser]
ACL.
Restricted area - El Forum - 03-24-2012
[eluser]Mauricio de Abreu Antunes[/eluser]
Thanks for the tips! I was going for this. :-)
Restricted area - El Forum - 03-25-2012
[eluser]Mauricio de Abreu Antunes[/eluser]
Ok,
I was coding some ideas and i have one question: i don't wanna check if the user is admin, premium member or common user in all controller.
My admin pages are indexed in http://www.example.com/admin/controller/function
Any idea?
Restricted area - El Forum - 03-25-2012
[eluser]kr1pt[/eluser]
Simplest to do is just create a folder 'admin' inside controllers folder, and make every controller in 'admin' extend MY_Controller, not CI_Controller.
Code:
<?php if (! defined('BASEPATH')) exit('No direct script access allowed');
// application/core/MY_Controller.php
class MY_Controller extends CI_Controller
{
public function __construct()
{
parent::__construct();
$user_level = $this->user_model->get_level('some_user_id');
if ($user_level != 'admin')
{
redirect();
show_error();
die();
exit();
echo '';
$this->load->view();
// use anything you want, but make sure to kill application
}
}
}You can also do this from the modules.
