Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Roles and Permissions
Roles and Permissions
  • Offline DeanE10
    Newbie
  • *
  • Posts: 8
    Threads: 4
    Joined: May 2023
    Reputation: 2
#4
06-09-2023, 09:20 AM
(This post was last modified: 06-09-2023, 09:21 AM by DeanE10. Edit Reason: Typo )

(06-04-2023, 04:59 AM)captain-sensible Wrote: I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.

The elements in an admin user are:

1) There is a hidden url , that admin will use . That URL will bring up a view , which has a form to log in .
2) The input fields are : i) admin user name
II) admin password
ii) Enter the captach symbols displayed
The form is procted in that 5 goes of someone trying to log in with failure will be a "brush off"

The admin table field is in a sqlitedatabase fields being :

Id, name, Password ( that has been encrypted before stroing) and role

So a typical entry would be : 1, AdminNAme, $2y$10$scmpB8B9o5k/yXVn66h8Xu/n.....etc, admin


the input from the form is processe by a controller.

The user name and password are encrypted and checked against the encrpyted in the db, the role is checked, the captcha is checked .


if everything OK I set a session like

Code:
    $_SESSION['role']="admin";


Thwen to control things what I do is have routes and filters comtrolling what can be accessed . The filter will check to see if a session has been set with role "admin" .
Checks can be made ad naseum

Typical urls that admin would want to go to would be /editBlogs , createBlog and such and such

II then have

Code:
    public $filters = [    'myfilter' => ['before' => ['removeProduct','editOneProduct','editProducts','addProduct','newblog','editBlogs','removeBlog','addGallery','delGallery','admin' ]]];


So basically to edit a blog admin would go to somedomain.com/editBlogs

You can't g othere to access it unless logged in as admin role in a session

at that url there is a form ,whith existing blog text etc and a submit. ON submission input goes to a controller to porcess. But unless your logged in with a session that yo uare admin you will nto be able to access that URL

So thats my crue approach. There may be better ways but m ystance is hey a Million users use WordPress and security has so many holes its like a pirce of Swiss cheese; meaning mine is superior .

Original poster, if yo ucome back and want to know more i can elaborate

So you're giving a basic explanation of how Shield works however "Single Admin" is a bit incorrect... Shield has Groups which users are assigned with Group Level Permissions and you can add Permissions to an individual user as you wish Smile
Reply


Messages In This Thread
Roles and Permissions - by mayurkoshti - 06-02-2023, 04:15 AM
RE: Roles and Permissions - by InsiteFX - 06-02-2023, 09:51 PM
RE: Roles and Permissions - by captain-sensible - 06-04-2023, 04:59 AM
RE: Roles and Permissions - by DeanE10 - 06-09-2023, 09:20 AM
RE: Roles and Permissions - by Corsari - 06-11-2023, 07:20 AM
RE: Roles and Permissions - by JustJohnQ - 06-11-2023, 11:51 AM
RE: Roles and Permissions - by Corsari - 06-12-2023, 04:08 AM
RE: Roles and Permissions - by pippuccio76 - 12-26-2023, 01:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB