Welcome Guest, Not a member yet? Register   Sign In
User Roles and Permissions
#1

(This post was last modified: 12-28-2017, 12:11 AM by danangeloalcanar.)

Hi Community, 


I am having a challenge with user permissions and roles. Would you help me with this? Smile
I want to limit user access to different modules.

Here's what I have done so far.

I have created the following tables.

tbl_user - contains user information and the role_id



tbl_user_roles - the header table of user roles. contains role name
tbl_user_roles_detail - the detail table of user roles. here you can add what modules a role can access.
 
tbl_user_modules - list of modules. includes module name and routes. (example: delivery/summary, delivery/detailed)

*I will attached a screenshot of how the tables look like when joined together.


Now here's what I want to do, i want to run a function in every page. to check if the user_id, contains access to the current module/route.
How can I do this? Should I add the function in every page? I am thinking of calling the function from the core so it is automatically called.

I hope I explained myself well. Hope you can help me with this.

Any suggestion would be appreciated. Thanks!

Attached Files Thumbnail(s)
   
Reply
#2

You can create two tables

tbl_users
tbl_permissions

In tbl_permissions table you can store all permission for access and banned any section for your.

In tbl_users table you can add one field extra for users permissions.

In controller and view file you can easily manage permission for users 


Attendance Controller 

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Attendance extends CI_Controller {     
function __construct()
{

    parent::__construct();
}

function index()
{
$this->common_model->checkUserPermission(14);
$output['left_menu'] = 'Attendance';
$output['left_submenu'] = 'Attendance';
$this->load->view('default/includes/header',$output);
$this->load->view('default/attendance/index');
$this->load->view('default/includes/footer');
}
}

In Attendance controller you can view "$this->common_model->checkUserPermission(14);" line 

common_model
function checkUserPermission($permission_id,$no_return = true)
{
if(in_array($permission_id, $this->config->item('user_permissions')))
{
return true;
}
else
{
if($no_return)
{
if($this->input->is_ajax_request())
{
$data['success'] = false;
$data['message_title'] = 'Permissions Denied';
$data['message'] = 'Sorry You are now allowed to access this feature';
$data['error_type'] = 'auth';
echo json_encode($data); die;
}
else
{
echo '<h1 align="center">Sorry You are now allowed to access this feature</h1>die;
}
}
else
{
return false;
}
}
}
Reply
#3

For security reasons, it's better to use one of the proven authentication libraries for CI, like Ion Auth or Community Auth.
You autoload the library, so every controller has access to the functions in it.
I use Ion Auth. In a controller where I want to give access only to users with certain permissions, I check the permissions of the current user in the controller's constructor:

PHP Code:
public function __construct()
{
 
  if (! $this->ion_auth->in_group(array('permission_A','permission_B'))) {
 
     $this->no_access();
 
  }


The $this->no_access() method is a method in my MY_Controller, which all my controllers are based on.

Of course, you can build your own authentication system, but what's the point if you can easily use an existing one that is well documented and supported?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB