CodeIgniter Forums
Shield - Permission constraint? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Shield - Permission constraint? (/showthread.php?tid=91474)



Shield - Permission constraint? - christianberkman - 08-15-2024

Hi all,

currently my project is using a custom built authorization system. I am considering implementing Shield instead. However the way I need permissions is slightly different from Shield. I could summarize to say that I also need a constraint of some sort. Let me give an example.

Example permissions: child-basic:ch:r, child-sensitive:nh:w, ...

Permission structure:
  • name (child-basic)
  • constraint (ch) -- in this case the 'relation' attribute of a child entity
  • mode ® -- read, write, ...
Leaving out the constraint, I believe the Shield equivalent could be
child-basic.read, child-sensitive.write, etc...

I could, of course, generate a permission for every constraint like
child-basic.read-ch or so, but my relation Ids are somewhat dynamic. I could however update the list of permissons 

Then I would may be write my own can function:


PHP Code:
function customCan($permission$child): bool{
  // $permission: child.basic-read
  // $child: chil object  
  // Shield permissions: child.basic-read-*, child.basic-read-ch, child.basic-read-nh ...etc.
  return auth()->user()->can("{$permission}-{$child->relation_id}") || auth()->user()->can("{$permission}-*");


What would be your suggestions for the best practice?