Welcome Guest, Not a member yet? Register   Sign In
ACL for CI ?
#1

[eluser]Lord_Jago[/eluser]
Hi everybody,

I'm looking for a convenient way to write a simple ACL with CI. Here is basically what I want :

* users belongs to groups
* groups have roles
* roles let access / edit / create or delete an object or a functionality

The main point is that I would like to avoid to call in every function of my controllers, a method which checks if the user can access or not to this part of the site.
I was thinking about writing a hook (post_controller_constructor), combined to a library.

Has anybody already build something like this ? Is it possible ? What is the best way to do it ? What should I avoid to do ?


Thanks,
Julien
#2

[eluser]Mischievous[/eluser]
Just extend the core_controller as MY_Controller and run all of your checks in there. Simple enough?
#3

[eluser]Lord_Jago[/eluser]
Thanks for your answer. And sorry for my slowness.

But what is the difference between writting a hook and extending the core ? What are the benefits / drawbacks of the 2 methods ?

Has anybody else ideas ?
#4

[eluser]Unknown[/eluser]
An alternative idea (perhaps less clean) is to borrow Zend's ACL class. You can either copy it and re-organize it to fit into CI (so you can employ $this->load->library('acl'); ) or just device another class loading method.

Either way, it's code already written for you that handles all three of your needs Big Grin

Docs: http://framework.zend.com/manual/en/zend.acl.html
And a tutorial on way way to cleanly implement Zend into CI: http://www.beyondcoding.com/2008/02/21/u...deigniter/


(be sure to read comments on those articles for Gotchas if you decide to try Zend out)
#5

[eluser]phpserver[/eluser]
Quoting some code straight from erkana auth that can be found here,i would say this is the closest you will come to not having to protect individual functions as of now.

Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed.');

class Transactions extends Controller {

  function Transactions() {
    parent::Controller();
    $this->erkana_auth->required();
  }

  // index()
  // List all a user's transactions
  function index() {
    $this->load->view('transactions');
  }

}

For permissions,groups and roles,dx auth is your best bet.Unless you want some super fine grained access control to require zend acl,then,dx auth is the way to go,or any other auth libs out there.Erkana auth is still in Alpha but the author has Skribit,you could pitch your idea.




Theme © iAndrew 2016 - Forum software by © MyBB