• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to implement Access Control List?

#1
Hi,

I have a client model, a specialist model and a wholesaler model. I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list. How do I implement role based authorization such as this using CI?
Reply

#2
(11-21-2014, 04:19 PM)sid@webdbapps.net Wrote: Hi,

I have a client model, a specialist model and a wholesaler model.  I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list.  How do I implement role based authorization such as this using CI?

I would do a model function specific to specialists with a query that joins the table containing client/specialist assignation information and only return results where the client is assigned to the specialist.

In your controller, you could check the user's role and call the model function that returns all clients if they are an admin, or calls the function that only returns assigned clients if they are a specialist.  You might be able to use the same view in both cases.

That is just one of many ways you could do it.

The Auth system (AppuntoAuth) I posted in the Addins section does have an ACL. If you were to use this, you could do different controller functions for each role and assign them to the roles through the admin interface. Or you could use the library hasPermission() function within the controller to call the appropriate model function.
Reply

#3
(11-21-2014, 07:30 PM)bclinton Wrote:
(11-21-2014, 04:19 PM)sid@webdbapps.net Wrote: Hi,

I have a client model, a specialist model and a wholesaler model.  I need to setup CRUD actions but need to ensure that only clients assigned to a specific specialist are visible on that specialist's login list.  How do I implement role based authorization such as this using CI?

I would do a model function specific to specialists with a query that joins the table containing client/specialist assignation information and only return results where the client is assigned to the specialist.

That is just one of many ways you could do it.

The Auth system (AppuntoAuth) I posted in the Addins section does have an ACL.  If you were to use this, you could do different controller functions for each role and assign them to the roles through the admin interface.  Or you could use the library hasPermission() function within the controller to call the appropriate model function.

Thank you! I'll have a look at AppuntoAuth.
Reply

#4
(11-23-2014, 08:21 PM)sid@webdbapps.net Wrote: Thank you!  I'll have a look at AppuntoAuth.

Great! I'd love to get some feedback.

If it's not what you are looking for, Ion Auth ( http://benedmunds.com/ion_auth/  ) has groups which may fit what you are trying to do.
Reply

#5
You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#6
(09-02-2018, 08:59 AM)InsiteFX Wrote: You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

Thread is from 4 years ago. *redacted-since-post-was-deleted* is a spammer that resurrected the thread to insert his bologna.
Reply

#7
(09-02-2018, 09:08 AM)skunkbad Wrote:
(09-02-2018, 08:59 AM)InsiteFX Wrote: You can create your own method called restrict and call it from your constructor
to check who is allowed to use it.

Thread is from 4 years ago. *redacted-since-post-was-deleted* is a spammer that resurrected the thread to insert his bologna.

Thanks, did not see that.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.