Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Simple way to show admin links based on user permissions
Simple way to show admin links based on user permissions
  • El Forum
    Guest
  •  
#1
11-15-2012, 04:35 PM

[eluser]gwerner[/eluser]
I am putting together an admin section to a website. I'm looking for an easy way to build action links based on a users permission level. These links would be the standard view all, edit this, add new and a few custom links relative to each section.

My first thought is to store those links in a database and build thm where the users access level matches. I do this for the main menu, but this is because the menu items really don't change from section to section. The actions menus in these sections could be different in each section.

I've come up with a couple of ideas. Though I'm not sure if they are any good.

1. Store and manage each section menu in a database table and go from there.
2. Do if/then statements in the view and show the links that match the users level for that section
3. Try to do they same thing in option one, but create data arrays in the controller versus using a database.

Does anyone have any suggestions or solutions for this type of thing? I've looked into the access control based posts and they seem to more geared towards page restriction and not link restriction. Should I be applying the same principal. Thanks in advance.
  • El Forum
    Guest
  •  
#2
12-01-2012, 01:21 AM

[eluser]predat0r[/eluser]
Why reinvent the wheel? Use Bitauth, has multilevel permission system, and lot more..

https://github.com/danmontgomery/codeigniter-bitauth
  • El Forum
    Guest
  •  
#3
12-01-2012, 01:55 PM

[eluser]cartalot[/eluser]
the sooner you determine what level the user is, the easier it will be. the best is to do it in the constructor, and then its clear what methods the user has access to. if you have a read only user, you might want to have that in a separate class to simplify things.

i'm going to assume that the links are not changing often - otherwise having them in a table is obvious. doing if/then in the view would be quick to set up. the problem is then you will need to do an if/then for everything! lots of ways to deal with the nav bar links - one is to put them into different arrays in a site config file. then - based on the user level which is already known - call the nav links you need. the difference is that you aren't asking - is this person an admin?

another way - make different view files that have the relevant tool bar. this might not sound dry but sometimes its the most pragmatic - its then very simple to include the correct set of links based on role, you can style it easily, and you dont have to deal with rebuilding the links from a config or db table.
  • El Forum
    Guest
  •  
#4
12-01-2012, 03:54 PM

[eluser]CroNiX[/eluser]
2 things.
1) In views, use if/then to show links to people according to their userlevel (or hide)
2) in the controller, make sure those controllers/methods are secured in that only a logged in user can access them, AND they have to have the correct access

So, if someone somehow knew a link that they shouldn't know about, if they tried to follow it they still wouldn't be allowed.

Code:
//only show the link to administrators and editors
<?php if ($this->user->has_role('admin', 'editor')): ?>
<a href="/admin/some_controller/some_method/some_article_id">Edit Article</a>
&lt;?php endif; ?&gt;
Of course, the above would totally depend on whatever your authentication allows...Its just an example.




Theme © iAndrew 2016 - Forum software by © MyBB