Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Read Only User?
Read Only User?
  • Offline trunky
    Junior Member
  • **
  • Posts: 21
    Threads: 9
    Joined: Aug 2023
    Reputation: 0
#1
08-27-2024, 09:53 AM

Hey everyone,
I have a small website running with Codeigniter 4 and Shield installed, users have a login system. So one of them shouldn't be able to actually write/change data in the database.
My idea was to make a beforeupdate, beforeinsert and beforedelete callback to check for the user id, so this function looks like this
PHP Code:
protected function checkWritePermission(array $data)
    {
        $session = \Config\Services::session();

        $id auth()->id();

        if ($id === 173) return [];
        return $data;
    
but... as you experts probably see on the first glance, it doesn't work, like for updates:
CodeIgniter\Database\Exceptions\DatabaseException

You must use the "set" method to update an entry.

Is there any different way to achieve this?
Reply
  • Offline datamweb
    I'm interested in programming
  • ***
  • Posts: 209
    Threads: 15
    Joined: Jun 2015
    Reputation: 27
#2
08-27-2024, 12:12 PM

Hello,

Please note that Shield is not only for authentication but also provides authorization capabilities. You can leverage Shield's authorization system to create the necessary restrictions for users, such as preventing the user with ID 173 from modifying or writing data to the database.

Before making any further changes, I recommend reading the following link to understand how to utilize Shield's authorization features:

https://shield.codeigniter.com/quick_sta...orization/
shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule
Reply
  • Offline trunky
    Junior Member
  • **
  • Posts: 21
    Threads: 9
    Joined: Aug 2023
    Reputation: 0
#3
08-27-2024, 12:52 PM

I use the groups for admin and users, but I don't see how this one can protect all database changes?

Background is, we need a read-only admin, that can see everything but not change anything.
Reply
  • Offline datamweb
    I'm interested in programming
  • ***
  • Posts: 209
    Threads: 15
    Joined: Jun 2015
    Reputation: 27
#4
08-27-2024, 05:43 PM

Step 1: Add a New Permission
Update your permissions configuration file to include the new permission

PHP Code:
/**
* --------------------------------------------------------------------
* Permissions
* --------------------------------------------------------------------
* The available permissions in the system.
*
* If a permission is not listed here it cannot be used.
*/
public array $permissions = [
    'admin.access'        => 'Can access the site\'s admin area',
    'admin.readonly'      => 'Has read-only access to the admin area'// New read-only permission
]; 

Step 2: Assign the New Permission to a User
To assign the new permission to a user, use the following code:
PHP Code:
// Retrieve the user with ID 173
$user auth()->getProvider()->findById(173);

// Add the new "admin.readonly" permission to the user
if ($user) {
    $user->addPermission('admin.readonly');


Step 3: Restrict Access in the Controller
In your controller, check if the user has the admin.readonly permission before performing the edit operation. If they have the permission, redirect them back with an error message:

PHP Code:
public function update(Request $request$id)
{
    // Check if the user has "admin.readonly" permission
    if (auth()->user()->can('admin.readonly')) {
        return redirect()->back()->with('error''You do not have permissions to edit that info.');
    }

    // The code for performing the edit goes here

shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule
Reply
  • Offline trunky
    Junior Member
  • **
  • Posts: 21
    Threads: 9
    Joined: Aug 2023
    Reputation: 0
#5
08-29-2024, 04:37 AM

my original plan was not to touch the controllers as it's pretty dangerous to oversee one piece, so I thought model would be the better place. But I did ask for help and I appreaciate your help. I've adapted the code and use it similar. Thank you.
Reply
  • Offline datamweb
    I'm interested in programming
  • ***
  • Posts: 209
    Threads: 15
    Joined: Jun 2015
    Reputation: 27
#6
08-29-2024, 06:53 AM

If you're determined to use the model for any reason, I suggest instead of using the  beforeupdate, beforeinsert and beforedelete, you Creating Custom Rules using:

PHP Code:
auth()->user()->can('admin.readonly'

Then apply this rule in your model. This way, you can handle the errors more effectively and provide a clearer message to the user.

Controller:

PHP Code:
        
$MyModel model('MyModel');
// Validate and insert the data
if ($MyModel->validate($inputData)) {
$ticketID $ticketModel->insert($inputData);

// Redirect back with success message
return redirect()->back()->with('success''submitted successfully!');
}

// Validation failed, return with errors and input data
return redirect()->back()->withInput()->with('errors'$MyModel->errors()); 
shield-oauth | CodeIgniter SMS Rocket | CodeIgniter DEA Rule
Reply




Theme © iAndrew 2016 - Forum software by © MyBB