Coding own authorization library

[eluser]Jacob W.[/eluser]
Hi there!
I'm new to CI and love it already. My first project is a rather large group calendar/task management system and I'm starting off by getting the user authentication and authorization to work.

I searched for solutions, but failed to find anything good in particular. I'm wondering which approach would be best here. The only requirement I have is advanced ACL support - I will set access for the different tasks in calendar individually, depending on the users permissions. So I need something quite robust. Can you help me out by pointing me in the right direction? Thanks!
/Jacob

[eluser]TheFuzzy0ne[/eluser]
Welcome to the CodeIgniter forums. I'm really glad your enjoying CodeIgniter.

There are a lot of ACLs out there, it all depends on your needs. Perhaps [url="http://framework.zend.com/manual/en/zend.acl.html"]Zend ACL[/url] library might do the trick? I haven't used it before, but I've seen lots of ACLs that just don't ever seem to be what I'm looking for, so I thought I'd give it a go at some point. It's quite easy to load Zend libraries from within CodeIgniter. [url="http://www.cmjackson.net/2009/02/17/php-codeigniter-and-lucene/"]This article[/url] demonstrates how to do it with Zend_Search_Lucene, I'd imagine the same principles apply to Zend ACL.

[eluser]Colin Williams[/eluser]
Here's roughly what database tables I use for users/acl

Code:

user (uid|email|pass|salt|status)
role (rid|name|description)
user_role (rid|uid)
role_permission (rid|permission)
user_permission (uid|permission)

I think you could extrapolate from that to get a sense of how to build it. Don't know if you've sketched anything out for it, but it's quite simple. (Note: I store permissions in config and can add dynamically if needed)

The crux is an access() method that sees if the current user has the permission explicitly (in user_permission) or via his role (in role_permission).

[eluser]Jacob W.[/eluser]
Thank you! And I'm really happy to have found such a great product and supportive community!

I searched further and found a couple of articles that I will take a look at. For example, this one incorporates the technique talk about so I'll definitively give it a go.

Although I must admit it feels kind of weird to use Zend Framework now when I chose CI. But perhaps there's nothing wrong with that.

[eluser]TheFuzzy0ne[/eluser]
[quote author="Jacob W." date="1243884543"]Although I must admit it feels kind of weird to use Zend Framework now when I chose CI. But perhaps there's nothing wrong with that. [/quote]

I don't see why not. It's not about loyalty, it's about productivity. If something needs to be improved upon or changed, for the most part you can do that. Zend ACL is pretty much a library, just like any other library. That's pretty much what the 'libraries' directory is for.

[eluser]Jacob W.[/eluser]
[quote author="Colin Williams" date="1243884221"]Here's roughly what database tables I use for users/acl

Code:

user (uid|email|pass|salt|status)
role (rid|name|description)
user_role (rid|uid)
role_permission (rid|permission)
user_permission (uid|permission)

I think you could extrapolate from that to get a sense of how to build it. Don't know if you've sketched anything out for it, but it's quite simple. (Note: I store permissions in config and can add dynamically if needed)

The crux is an access() method that sees if the current user has the permission explicitly (in user_permission) or via his role (in role_permission).[/quote]
Thanks for the ideas, I still haven't decided on if I'll go with Zend's ACL Library or a hand-coded one and your post gives some input on the first option which I'll consider. BTW, I followed the link in your signature and think I'll use Template Library in my project. I just have one off-topic question: is it possible to - depending on user - display different information in the regions of Template? I guess it is, just wanna be sure.