[eluser]bretticus[/eluser]
[quote author="hjeffg" date="1251318647"]As I said, I've done all the checks where only an admin should be allowed (only a small percentage of the methods). Now I have the choice of adding a call to is_restricted() in ALL the methods (and there are MANY), or some kind of pre-filter that only allows 2 methods (out of around 50).
The reason I don't stick all the methods into one controller is because I've nicely broken the app into many controllers, each dealing with a different aspect of the application.
What I'm trying to do is learn what's the best way to make this a general approach. It may take too long to find out so I'll go ahead and sprinkle in is_restricted() in all the methods, for now. BUt, I still would like to know what we be a more general way to simply allow the 2 (or 3) methods and block all the others.
Thanks[/quote]
I suppose you could do some kind of role based authentication. For example, after the user has a session value stipulating privileges you could write a library that checks a config file against the allowed urls for that user level. That library could be called in your constructors. You might even call it in your pre-controller hook (although probably not necessary.)
You can get the current controller and method in your controller via the following:
Code:
echo "class:" . $this->router->class;
echo "method:" . $this->router->method;