Welcome Guest, Not a member yet? Register   Sign In
Roles Navigation and Permissions
#1

[eluser]xtremer360[/eluser]
I'm stuck on knowing what is the most efficient method of performing the following:

I have a CMS with different types of users. All users have access to the same CMS however the links in the sidebar(navigation) would be comprised of what the user has permission to access.

I'm trying to figure out how I should go about putting this together. I have an Admin_Controller that might be useful to put the logic into but need some help on figuring out how to do so.

To further explain what I want I have the following user's table and navigation set up. Lets say the first user (1) is a guest so they may only be able to view the dashboard and nothing else as that role. Maybe users with a role of 2 can view the dashboard and 2 more menu's. Admins can access all menus. Something else to ponder is what if say a user can have access only 2 of the three links from under Menu 2.

Here is an example of what I"m talking about.

Users Table
Code:
user_id   username    status_id    role_id
-------------------------------------------
1         testuser1   1 (active)   1 (guest)
2         testuser2   1            2 (user)
3         testuser3   1            3 (editor)
4         testuser4   1            4 (admin)

Navigation

Code:
<ul>
    <li class="current">
    <a class="current" href="&lt;?php echo base_url(); ?&gt;dashboard" data-toggle="tooltip" data-placement="right" title="" data-original-title="Dashboard"> <i class="fa fa-home"></i> </a>
    </li>
    <li>
        <a href="#" data-toggle="tooltip" data-placement="right" title="" data-original-title="Menu 1"> <i class="fa fa-user"></i> </a>
        <ul>
            <li><a>Test Link 1</a></li>
            <li><a>Test Link 2</a></li>
            <li><a>Test Link 3</a></li>
        </ul>                
    </li>
    <li>
        <a href="#" data-toggle="tooltip" data-placement="right" title="" data-original-title="Menu 2"> <i class="fa fa-pencil"></i> </a>
        <ul>
            <li><a>Test Link 1</a></li>
            <li><a>Test Link 2</a></li>
            <li><a>Test Link 3</a></li>
        </ul>  
    </li>
    <li>
        <a href="#" data-toggle="tooltip" data-placement="right" title="" data-original-title="Menu 3"> <i class="fa fa-calendar"></i> </a>
        <ul>
            <li><a>Test Link 1</a></li>
            <li><a>Test Link 2</a></li>
            <li><a>Test Link 3</a></li>
        </ul>  
    </li>
    <li>
        <a href="#" data-toggle="tooltip" data-placement="right" title="" data-original-title="Menu 4"> <i class="fa fa-users"></i> </a>
    </li>
    <li>
        <a href="#" data-toggle="tooltip" data-placement="right" title="" data-original-title="Menu 5"> <i class="fa fa-briefcase"></i> </a>
    </li>
    <li>
        <a href="#" data-toggle="tooltip" data-placement="right" title="" data-original-title="Menu 6"> <i class="fa fa-sitemap"></i> </a>
    </li>
</ul>


Admin Controller

Code:
&lt;?php
if (!defined('BASEPATH'))
    exit('No direct script access allowed');
class Admin_Controller extends MY_Controller {
    protected $data;
    public function __construct() {
        parent::__construct();
        $this -> has_access();
        $this -> template -> set_theme('saturn') -> set_layout('default', 'admin') -> set_partial('header', 'admin/partials/header') -> set_partial('navigation', 'admin/partials/navigation');
        //if (logged_in()) {
            $menu_items = array();
            $this -> template -> menu_items = $menu_items;
        //}
    }

    public function has_access() {
        $public_access = array('login', 'registration');
        $current_class = $this -> router -> fetch_method();
        $user_id = $this -> session -> userdata('user_id');
        if ($user_id == FALSE) {
            if (!in_array($current_class, $public_access)) {
                redirect('login', 'refresh');
            }
        }
        else {
            if ((!is_numeric($user_id)) || (strlen($user_id) < 5)) {
                $this -> session -> unset_userdata('user_id');
                $this -> session -> sess_destroy();
                redirect('login', 'refresh');
            }
            else {
                $this -> load -> model('user_model', 'user');
                $current_user = $this -> user -> get($user_id);
                if (!is_object($current_user)) {
                    $this -> session -> unset_userdata('user_id');
                    $this -> session -> sess_destroy();
                    redirect('login', 'refresh');
                }
                else {
                    // Make all controllers like roster, match_types, etc have access to the $current_user object.
                    $this -> data['current_user'] = $current_user;
                }
                if (in_array($current_class, $public_access)) {
                    redirect('dashboard', 'refresh');
                }
            }
        }
    }
}

#2

[eluser]CroNiX[/eluser]
Let the menu subview determine who sees what based on current logged in level/permissions.

Code:
//Show dashboard link if admin
&lt;?php if ($this->user->is('admin'): ?&gt;
<a class="current" href="&lt;?php echo base_url(); ?&gt;dashboard" data-toggle="tooltip" data-placement="right" title="" data-original-title="Dashboard"> <i class="fa fa-home"></i> </a>
&lt;?php endif; ?&gt;
#3

[eluser]xtremer360[/eluser]
So your saying I should have 10 different if statements on the view?
#4

[eluser]CroNiX[/eluser]
Why not? Is it cleaner to have 10 different views depending on the user level, or combinations of user levels/permissions?
#5

[eluser]boltsabre[/eluser]
If statements sound fine to me!

But I'd use int's, not names, so let's say you have a link the level 3 and 4 (editor & admin) can view it'd just be like this:

Code:
&lt;?php if ($user_permission > 2): ?&gt;
<a class="current" href="&lt;?php echo base_url(); ?&gt;dashboard" data-toggle="tooltip" data-placement="right" title="" data-original-title="Dashboard"> <i class="fa fa-home"></i> </a>
&lt;?php endif; ?&gt;

I'd be checking the user login status (and redirecting them if not logged in) and getting the user permission and assigning it to the $data variable in MY_Controller, that way you you're not calling class methods every time you want to check something in a view, you're just doing a greater than comparison. It's a bit quicker, and in my opinion a bit neater to have all this stuff hidden away in MY_Controller.

Another advantage is now in all your controllers you can also easily check the user permission and redirect them (or throw a 404 page) if they try to access a controller that they are not allowed to access.





Theme © iAndrew 2016 - Forum software by © MyBB