Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers help with role based authentication
help with role based authentication
  • El Forum
    Guest
  •  
#8
01-12-2010, 08:34 AM

[eluser]jbreitweiser[/eluser]
A workflow can represent anything. So a workflow could be view document. In the controller for that document you check if the user has the workflow to view that document. It could also be an action. Say search for a user. Before running the search function you check that the logged in user has the search user workflow. That is what I mean by you can restrict access by anything. It is up to you to decide what a workflow represents.

Think of it as adding a layer to the idea of a role. Instead of always checking what role they have to see if they can do something, you check if they have the workflow to do it. The upside of this approach is you can create various roles with overlaping functions without having to go back and touch the code that checks your permission. Here is an example.

You have a search page for users. A role is defined called search.users. This allows you to access the user search page and search for a user. then in the results list you can edit or delete a user. Those two other actions that have their own workflows. edit.user and delete.user. If the delete button is clicked it will post back to the search page controller and call the delete function. The delete function will check that you have the workflow to do this action. If you click the edit button it will take you to the edit.user controller which will again check that you have the workflow to go to that page and redirect you back to another page if you do not. (As a side note you should check if a user can perform the action before you write the buttons for that action to the form.)

Now lets say you have 2 users. One is allowed to search for and edit a user. The other is the admin and can edit and delete a user. This is where having roles and workflows really helps. The lower permissioned user will only have search.user and edit.user. If he tries to delete the user he will get an error. The admin will have all three workflows.

As for implementation you would need at minimum 5 tables. Workflows, roles, roles_workflows, user_roles, and users. Then make a model that allows you to get a list of workflows for a user and call it when needed.


Messages In This Thread
help with role based authentication - by El Forum - 01-09-2010, 09:24 AM
help with role based authentication - by El Forum - 01-09-2010, 10:30 AM
help with role based authentication - by El Forum - 01-09-2010, 11:06 AM
help with role based authentication - by El Forum - 01-09-2010, 11:09 AM
help with role based authentication - by El Forum - 01-09-2010, 11:21 AM
help with role based authentication - by El Forum - 01-11-2010, 02:15 PM
help with role based authentication - by El Forum - 01-11-2010, 02:33 PM
help with role based authentication - by El Forum - 01-12-2010, 08:34 AM
help with role based authentication - by El Forum - 01-12-2010, 10:25 AM
help with role based authentication - by El Forum - 01-12-2010, 10:47 AM
help with role based authentication - by El Forum - 01-12-2010, 12:14 PM
help with role based authentication - by El Forum - 01-12-2010, 12:43 PM



Theme © iAndrew 2016 - Forum software by © MyBB