Welcome Guest, Not a member yet? Register   Sign In
Resource Control approach...

Howdy people!

My name is Joe and I'm a newbie with this Framework thing, but damn... I'm hooked! O.o

My question is not so related to CI itself, it's more a question about good practices.

I'm developing an application that requires basic ACL, so people will have access to certain resources or "modules" depending on their permissions.

What in your opinion is a better approach?

1 - Offer a login screen and on login success show a "custom menu" showing the available modules for that account.
2 - Offer a module-selection menu first, and then request AUTH when trying to go inside a module (like OpenTaps does)

I'm using CI 1.6.3


[eluser]Pascal Kriete[/eluser]
Without touching on the implementation of either approach, from a user point of view I would not want to see modules I cannot access. At least have them grayed out or disabled in some way (which means you have to check anyways).

So I would go with #1 .

Welcome to CodeIgniter.

Yeah, that makes sense!

I hope other members will give their opinions about that Smile

Option 1 definitely.

If you're having users login to your system, store their ID/permissions in the session and use them to gray out the modules they can't see.

If you're listing the modules on a public page (i.e where non-logged in users could also see them), then you should categorize them on user permission levels. I.e Basic members: Show the least restricted modules here here. Plus members: Show some more here. Deluxe members: More here. etc.

That way a basic member will already know he can't access the modules under Plus members level and so on.

Thanks for the replies, votes, hints and ideas guys!

Here's the strategy I've started implementing based on your recommendations:

1 - The user is presented with a login screen
2 - The user logs in
-- 2.a - if the user/password combination is wrong, return to login screen and say "Wrong user/pass!"
-- 2.b - if the user/pass combo is right but he has NO permissions, return to login screen and say "Sorry! Nobody loves you!"
-- 2.c - if the user/pass combo is right and he has at least one permission, store user info and his permissions using an array in the session var "user_credentials" and redirect to "dashboard"
3 - Once in the dashboard, the modules menu gets built on-the-fly based on the "user_credentials" session vars array. If the user is NOT entitled to use a module, the module is not listed in the menu.

Wish me luck!

PS - This CI thing is so cool! I've been coding this for a few hours and I'm done with "step 2"!!!

Sounds like a good design. I'm curious about what type of modules these are. If the user has to pay to get access to them, I would suggest you show those modules he cannot see but gray them out, so he is tempted to pay for them.

Also, perhaps you could show them a screen for requesting permissions instead of sending back to login screen?

Thanks @li

The software is a billing / invoicing / product catalog / shipping management/ etc / etc / software and it will be used intranet only (locally, that is) and it will have a super-user that can give or take privileges and is the only who can decide on giving them, also is the only one who can create/edit/delete users.

All the users will be in the same building and in this case, and each of them won't have a reason to access areas of the software that don't belong to his job.

The worker who oversees "Product Returns" will only see "Create Product Return Entry" and related modules in his "Dashboard".

IF the super-user decides that he needs the same worker to also access the "Office Bathroom Cleaning Log", he will add that privilege to the user and THEN pick up the phone, dial "John's" extension and say "John, I have good news, and bad news", and John on his next login (if he doesn't quit) he'll see the "Office Bathroom Cleaning Log" in his menu.

Makes sense?

PS - Apologies if my english is a little cryptic, it's not my native language.

Theme © iAndrew 2016 - Forum software by © MyBB