[eluser]codex[/eluser]
Rick, thanks for your reply.
[quote author="Rick Jolly" date="1208331793"]Yes, very fine grained control using a white list. Here are a few things that I'd consider though:
1. Put the access check in the constructor, or better yet, put the check in a parent controller. Use the Router class to get the class and method names and compare with the database for the logged in user's role.
[/quote]
Hmm, could you elaborate on this a bit? I'm not sure on how to get the class and method with the Router class (but I'm gonna dive into it as soon as I finish this post!).
EDIT: I think you're referring to
Code:
$this->uri->router->class;
$this->uri->router->method;
But this doesn't seem to work (anymore)?
EDIT2:
Code:
$RTR =& load_class('Router');
$RTR->class
will do the trick.
Quote:2. Consider the Zend ACL or Neophyte's KhaosACL which makes use of inheritance which can save you having to map every method to a role. For example, Zend ACL allows role and resource inheritance. With role inheritance, an admin could extend a moderator and inherit all their permissions. Then you'd have to add less entries for the admin. Also, if a role has access to all controller methods but a couple, with Zend ACL you can grant permission to the entire controller, then selectively deny a couple methods.
I looked at KhaosACL, but to be honest I have a hard time getting my head around its working and implementation. When I use something I like to understand how it all works. And maybe it's also a bit too much for my needs.
Quote:3. Maybe if any role is allowed complete access to a controller, you could leave the method empty instead of typing in all methods of the controller for that role.
Yeah, that's what I figured too while making a test environment :-)