My "official" ACL plugin for CI - Now with [some] documentation

[eluser]bkirkman[/eluser]
I've been familiarizing myself with the plug-in as I incorporate it into a project. Would it be possible/beneficial to pass an array of role_ids to user_has_role() and group_has_role() instead of just a single role_id? I'm guessing many times in a project, access would be given based on a handful of roles. (Of course we could just use OR statements.) I'm also guessing a hierarchy or ranking of roles is often used for ACLs. There also might be other class methods where passing an array to it might be beneficial. Just a couple of thoughts.

[eluser]Dean Rantala[/eluser]
[quote author="bkirkman" date="1267249266"]I've been familiarizing myself with the plug-in as I incorporate it into a project. Would it be possible/beneficial to pass an array of role_ids to user_has_role() and group_has_role() instead of just a single role_id? I'm guessing many times in a project, access would be given based on a handful of roles. (Of course we could just use OR statements.) I'm also guessing a hierarchy or ranking of roles is often used for ACLs. There also might be other class methods where passing an array to it might be beneficial. Just a couple of thoughts.[/quote]

That sounds like a great idea, however.

The thinking was database optimization. I could implement this, but I would not recommend it unless using it on an ACL user/group/role objects: i.e.:

Code:

$user = $acl->get_user('10',TRUE);
$user->has_role('3');

The reason is: when you return a user object one of the options is to auto hydrate (or not). The default [when returning ACL users, groups, and roles] is NOT to hydrate.

When you auto hydrate, the ACL user/group/role objects pre-polulate [load] all the relating info into variables. This way, multiple tests are only comparing variables rather than making repetitive database calls.

Ideally, when a user is logged in, you would instantly create a ACL user object that represents that user.

In the case of the ACL class, you would not (even from a logical programmatic standpoint) have auto hydration going on in the parent ACL object level. So bottom line is: passing arrays for checking can be implemented at both the core ACL level AND ACL user/group/role levels - but only advisable to use this feature at the user/group/role levels. This way, auto hydration makes it easy and much more practical from a performance standpoint.

I will work on integrating this into the classes sometime this next couple weeks unless someone wants to pitch in ;-)

[eluser]bkirkman[/eluser]
Aha, thanks. That makes sense. Have you been successful at storing the user object as a session object? I haven't tried yet. There seems to be quite the shake-up regarding session objects here.
http://ellislab.com/forums/viewthread/95690/

[eluser]masrodjie[/eluser]
Thanks for your plugin. I has been tried and it's look good.
But it have small bug. When you try :

Code:

$this->acl->add_role_to_user(2, 1);

it generate error. In acl.php line 654:

Code:

$this->db->insert($this->db_table['user_roles'],$data);

it should be:

Code:

$this->db->insert($this->_table['user_roles'],$data);

[eluser]North2Alaska[/eluser]
Is this plug-in still being developed/supported? I find it interesting and would like to work at converting it to CI 2.x and PHP 5.3.x.

[eluser]North2Alaska[/eluser]
Anybody???

[eluser]Kevin Phillips[/eluser]
I've created a simple Role Base ACL and User Login system that does not require a database setup.

You can download it from my personal blog

http://www.kevinphillips.co.nz

or from github

https://github.com/dollardad/CI-ACL

I look forward to your feed back

[eluser]Unknown[/eluser]
sorry guys, i can't to download the file.

Pls advise give me how to?

[eluser]Unknown[/eluser]
Helo...

I'm very interested with this ACL, unfortunately. The link is dead. Can you have some new link? Many thanks...