Welcome Guest, Not a member yet? Register   Sign In
Roles and Permissions
#1

Please provide an example of Roles and Permissions in CI4 without using session and other external library.
Reply
#2

Best to take a look at CodeIgniter Sheild.

CodeIgniter Shield

Shield Documentation
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(This post was last modified: 06-04-2023, 05:01 AM by captain-sensible. Edit Reason: more )

I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.

The elements in an admin user are:

1) There is a hidden url , that admin will use . That URL will bring up a view , which has a form to log in .
2) The input fields are : i) admin user name
II) admin password
ii) Enter the captach symbols displayed
The form is procted in that 5 goes of someone trying to log in with failure will be a "brush off"

The admin table field is in a sqlitedatabase fields being :

Id, name, Password ( that has been encrypted before stroing) and role

So a typical entry would be : 1, AdminNAme, $2y$10$scmpB8B9o5k/yXVn66h8Xu/n.....etc, admin


the input from the form is processe by a controller.

The user name and password are encrypted and checked against the encrpyted in the db, the role is checked, the captcha is checked .


if everything OK I set a session like

Code:
    $_SESSION['role']="admin";


Thwen to control things what I do is have routes and filters comtrolling what can be accessed . The filter will check to see if a session has been set with role "admin" .
Checks can be made ad naseum

Typical urls that admin would want to go to would be /editBlogs , createBlog and such and such

II then have

Code:
    public $filters = [    'myfilter' => ['before' => ['removeProduct','editOneProduct','editProducts','addProduct','newblog','editBlogs','removeBlog','addGallery','delGallery','admin' ]]];


So basically to edit a blog admin would go to somedomain.com/editBlogs

You can't g othere to access it unless logged in as admin role in a session

at that url there is a form ,whith existing blog text etc and a submit. ON submission input goes to a controller to porcess. But unless your logged in with a session that yo uare admin you will nto be able to access that URL

So thats my crue approach. There may be better ways but m ystance is hey a Million users use WordPress and security has so many holes its like a pirce of Swiss cheese; meaning mine is superior .

Original poster, if yo ucome back and want to know more i can elaborate
CMS CI4     I use Arch Linux by the way 




Arch Book
Reply
#4

(This post was last modified: 06-09-2023, 09:21 AM by DeanE10. Edit Reason: Typo )

(06-04-2023, 04:59 AM)captain-sensible Wrote: I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.

The elements in an admin user are:

1) There is a hidden url , that admin will use . That URL will bring up a view , which has a form to log in .
2) The input fields are : i) admin user name
II) admin password
ii) Enter the captach symbols displayed
The form is procted in that 5 goes of someone trying to log in with failure will be a "brush off"

The admin table field is in a sqlitedatabase fields being :

Id, name, Password ( that has been encrypted before stroing) and role

So a typical entry would be : 1, AdminNAme, $2y$10$scmpB8B9o5k/yXVn66h8Xu/n.....etc, admin


the input from the form is processe by a controller.

The user name and password are encrypted and checked against the encrpyted in the db, the role is checked, the captcha is checked .


if everything OK I set a session like

Code:
    $_SESSION['role']="admin";


Thwen to control things what I do is have routes and filters comtrolling what can be accessed . The filter will check to see if a session has been set with role "admin" .
Checks can be made ad naseum

Typical urls that admin would want to go to would be /editBlogs , createBlog and such and such

II then have

Code:
    public $filters = [    'myfilter' => ['before' => ['removeProduct','editOneProduct','editProducts','addProduct','newblog','editBlogs','removeBlog','addGallery','delGallery','admin' ]]];


So basically to edit a blog admin would go to somedomain.com/editBlogs

You can't g othere to access it unless logged in as admin role in a session

at that url there is a form ,whith existing blog text etc and a submit. ON submission input goes to a controller to porcess. But unless your logged in with a session that yo uare admin you will nto be able to access that URL

So thats my crue approach. There may be better ways but m ystance is hey a Million users use WordPress and security has so many holes its like a pirce of Swiss cheese; meaning mine is superior .

Original poster, if yo ucome back and want to know more i can elaborate

So you're giving a basic explanation of how Shield works however "Single Admin" is a bit incorrect... Shield has Groups which users are assigned with Group Level Permissions and you can add Permissions to an individual user as you wish Smile
Reply
#5

(This post was last modified: 06-11-2023, 07:22 AM by Corsari.)

Sure the administrator must be one and only, then you will set an administrators group where eventually add those profiles which will have administrator's privileges

Though I have kindly suggested to add to the Shield Documentation a tutorial for this basic and popular need, since there are three guides but they are pretty particular

for the moment I got no feedbacks , the team is too busy on the project itself I suppose.
Reply
#6

Is the original question a joke?
Reply
#7

(This post was last modified: 06-12-2023, 04:12 AM by Corsari.)

(06-11-2023, 11:51 AM)JustJohnQ Wrote: Is the original question a joke?
I think it isn't

I'm a newbie or at this point it is better to say that I'm by no means an expert on Codeigniter, for the simple reason that my work is not coding, so I'm in  a permanent learning stage

that looks a typical newbie question, I did similar ones at the begin

Now I know where to search the various topics and I understand those difficulties , I have still some :-) and I always thank so much all the experts that with lot of patience find the time to give hints, help and tips

(06-04-2023, 04:59 AM)captain-sensible Wrote: I don't use shield for my CMS ; thats because basically its aimed at a single admin user. The advantage of writting code youself is that you can tailor make it for your own requirments, you know exactly what the code does its requirmemts , the way it works and you are in a position to update it to your needs.
hello
this is the part that I mean
https://codeigniter4.github.io/shield/qu...to-a-group
Reply
#8

(This post was last modified: 12-26-2023, 01:53 AM by pippuccio76.)

(06-02-2023, 04:15 AM)mayurkoshti Wrote: Please provide an example of Roles and Permissions in CI4 without using session and other external library.

sorry for my poor enghlish , i try to learn shield , documentation is not complete for my own opinion.

but you must first of all add your permission to config->Authgroups :

Code:
    public array $permissions = [
        'admin.access'              => 'Can access the sites admin area',
        'admin.settings'            => 'Can access the main site settings',
        'users.access'              => 'Can access the sites user area',
        'users.create'              => 'Can create new non-admin users',
        'users.edit'                => 'Can edit existing non-admin users',
        'users.delete'              => 'Can delete existing non-admin users',

        'users.singing_in_the_rain'            => 'Can sing in the rain',

        'beta.access'              => 'Can access beta-level features',
    ];

now you must assign the permission


Code:
    public function permit_to_sing_in_the_rain($id_user){

        $users = auth()->getProvider();

        $user = $users->findById($id_user);

        $res = $user->addPermission('users.singing_in_the_rain');

        if($res){

            echo 'Permission added';

        }else{

            echo 'Add permission problem';
        }

    }

a new row is inserted on auth_permissions_users table .


Now you must simply control if user can sing in the rain for example in user controller ( or implement filter) :


Code:
    public function sing_in_the_rain()
    {
        $user = auth()->user(); //get user logged


        if ($user->can('users.singing_in_the_rain')) {

            echo 'Sing in the rain';
       
        }else{

            echo 'go Home!!!';
        }

    }
Reply




Theme © iAndrew 2016 - Forum software by © MyBB