Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Role Management
Role Management
  • El Forum
    Guest
  •  
#1
10-20-2009, 06:51 AM

[eluser]sYnr[/eluser]
Hi all,

I'm developing a role-based application and I don't know which is the best way to manage what actions can each role perform.

I have three different ideas and I wish you could help me choose one of them, or otherwise recommend me another one.

Explanation:
The main problem is that in some views depending on the role the user can perform different actions. For example, clicking a "item", if you are administrator you should be redirected to the "Edit Item" view, if your are not, to the "View Item" view or just you can't click the item, i mean, there is no anchor displayed, only the text.

#1 Idea - Linker Controller
Quote:I'm trying creating a Linker Controller, it has a Parser Method, so all the links go throug it.
Code:
echo anchor("Linker/Parser/Link/Item/1",$item->name);

The Parser method get the $action, $model, $id, then depending on the session roleit would be redirected to:
Admin -> $ModelControler/Edit/$id
User -> $ModelControler/View/$id

This controller is supposed to act as a router for all the links in the website.

Advantages: All the logic is in one single method.
Disadvantages: There is always a Link, you cant hide it without hardcoding.


#Idea 2- Diferrent Views/Controllers
Quote: This is simple, one Controller for each role and different views depending on it. It could be implemented with only controller.

Advantages: More customization depending on the role.
Disadvantages: More difficult maintenance. You have to change a lot of views/controllers if you make a change.

#Idea 3 - Hardcoded
Quote: The obvious one. Inside each view using switch/if you show one or other thing.

Advantages: The most flexible.
Disadvantages: Too much code and hard maintenance.

#Idea 4 - External Library
Quote:I don't know any one that offers thins functionality, they only offers internal role functions, not View related ones, as far I know.


I hope I have explained clearly, now please, could you please help me choosing the right one?.

Another question. Are Session the best way to manage authentification?. I have always used them, maybe there is a safer way.

Maybe I have writtend down some nonsense, I've only been working for three days with CodeIgniter.

Thanks you all!
  • El Forum
    Guest
  •  
#2
10-20-2009, 07:16 AM

[eluser]n0xie[/eluser]
You could just check the role in the controller and serve a different view based on their role.

Someone clicks on a link, controller gets loaded, checks the userrole, serves the view appropriate to that role.
  • El Forum
    Guest
  •  
#3
10-20-2009, 08:17 AM

[eluser]sYnr[/eluser]
That would be the standard/simplest solution I think. You shoud have a different view for each role, and all the controllers would have a lot of role-management rubish.

Thanks for your opinion, I know there are a lot of possible solutions, but what I'm looking for is the cleanest, easiest maintenable and the safest one. Will we found it? Tongue

Thanks again Smile
  • El Forum
    Guest
  •  
#4
10-20-2009, 03:58 PM

[eluser]InsiteFX[/eluser]
Place your code in a MY_controller, when a user logins in check there roles and rights then assignb this to a session now you can do all your checking by the session variable.

Enjoy
InsiteFX
  • El Forum
    Guest
  •  
#5
10-20-2009, 04:17 PM

[eluser]BrianDHall[/eluser]
[quote author="InsiteFX" date="1256093923"]Place your code in a MY_controller, when a user logins in check there roles and rights then assignb this to a session now you can do all your checking by the session variable.

Enjoy
InsiteFX[/quote]

I'm a fan of just storing little more than a username in session, then use that to populate a class variable in the my_controller (or regular controller if you only have one) such as $this->user - which has all the user info updated on each access. This also allows instant, automatic updating of user rights and permissions on every page access.

I've found a $this->user set of data much easier to use than worrying about populating, and unpopulating, session variables. And with ORM it's even easier, but you don't have to use it.
  • El Forum
    Guest
  •  
#6
10-20-2009, 04:50 PM

[eluser]sYnr[/eluser]
Hi, thanks for your answer, I didn't know about that, that will help !


Anyway if have been trying to make it run, but CI doesn't find my controllers. I'm using Modular Extensions, but I think that it's not the problem because If i rename the ME Controller.php it also crashes. I guess i have to modify something to point to the root path, but i have no clue.

I also tried placing the Auth.php in the default controllers folder but it crashes too.

This is the error Sad

Quote:An Error Was Encountered
Unable to load the requested file: Auth.php

Auth.php is my default controller. I tried with an empty controller like this:

Code:
<?php

class MY_Controller extends Controller {

    
}
?>



Thanks!
  • El Forum
    Guest
  •  
#7
10-20-2009, 09:21 PM

[eluser]InsiteFX[/eluser]
You need to assign the constructor in the MY_Controller see the user guide

Enjoy
InsiteFX
  • El Forum
    Guest
  •  
#8
10-21-2009, 01:48 AM

[eluser]sYnr[/eluser]
I also tried that before posting, but it doesn't seem to work, same error...

Sad
  • El Forum
    Guest
  •  
#9
10-21-2009, 01:52 AM

[eluser]n0xie[/eluser]
You can't use MY_Controller if you are using Modular Extentions. You need to use MX_Controller.
  • El Forum
    Guest
  •  
#10
10-21-2009, 02:10 AM

[eluser]sYnr[/eluser]
ouch! I'm sorry, another thing I didn't know about, i've tried to read everything, but it's difficult to retain everything Sad

I'll try it later! I hope it works!
[edit] no error now Big Grin

Another question, in wich Controller method would you place the role logic? and why?

[edit]I have tried with function Controller(){echo "hi all";} and it seems that the method it's not executed Sad

Thanks!




Theme © iAndrew 2016 - Forum software by © MyBB