[eluser]gidarren[/eluser]
Hey guys, I just created an authorization hook which is like less than a 100 lines of codes that uses models and provides a role based ACL system. I was wondering why people create extensive libraries or extend the main controller to achieve this? Basically my method works by:
1. Defining allowed folders (modules), controllers, and methods.
2. Checking against those.
3. Checking if the user is logged in, if not redirecting them to appropriate login area if module/controller/method isn't allowed.
4. If not logged in redirects them to allowed login controller and method.
5. If logged in checks their permissions against a database which checks if they have permissions for that page.
6. If they don't have permission redirects them to a specific page (e.g. dashboard).
What I cannot understand is why people are making complex solutions that extend the main controller. I can see if it was modular based (e.g. but still you can use folder checking), but I cannot see why it is necessary for an overall application.
Even if the sub folder requires its own authorization class at that level, wouldn't it be wiser to make it a separate application?
Just thinking guys, just thinking.