ErkanaAuth: A non-invasive user authentication library |
[eluser]xwero[/eluser]
[quote author="walesmd" date="1193282829"] Quote:The try login snippet needs array() around the array content I assume you are referring to this line: Code: $query = $this->CI->db->getwhere('users', $condition, 1, 0); No i was refering to your blog post where you added an example of the try_login method Code: try_login('username'=>'test','password'=>'hello') [quote author="walesmd" date="1193282829"] The helpers are there so getRole() and getField() can be used in a view - saves on typing a little.[/quote] Ok i wasn't sure about that. I will not use the helper i rather type than debug. [quote author="walesmd" date="1193282829"] The multiple role situation is one I am aware of and I intend to correct that in the future (it will be a new method that accepts a string (or an array, I haven't decided) of user roles. If the user has one of those roles it will return TRUE.[/quote] The way i do this is creating an action/pagepart entry and attach the roles to it then compare the actions roles with the current role. It requires extra tables. view_object : id,name view_object_roles : view_object_id, roles_id Code: function enableViewObject($view_object_id)
[eluser]imzyos[/eluser]
Quote:The multiple role situation is one I am aware of and I intend to correct that in the future (it will be a new method that accepts a string (or an array, I haven’t decided) of user roles. If the user has one of those roles it will return TRUE. STRING like Code: $a = 'role1|role2|role3';
[eluser]12vunion[/eluser]
I’m very much a fan of ErkanaAuth. I’ve tried some of the other authentication libraries and none of them seem to fit well with CodeIgniter. This is the only one so far that seems to fit in with the style and philosophy. I really like where it’s headed. If there’s something to be improved, it would be the user role management. It doesn’t scale well for a big project that needs more robust permissions. In any event, I’ve written my own system that adds onto ErkanaAuth. It allows user’s to be in groups and groups to have as many permissions for whatever you should choose to set permissions on. In my case, I’m using it to set view, create, edit, and delete permissions for my content types (news, articles, research, pages, etc...). So you have the choice to either check for a user’s group, or check to see if they have the required permissions. I’ve only just thrown it together. So it’s a bit ugly. But I’m sure if it’s useful, someone will clean it up. For the Erkanauth.php library: Code: /** For the Erkanaauth_helper.php helper: Code: // Calls the getGroup method of the library And that’s that. You can call hasPermissions() with either the content_type name, or ID. And you can set the required permissions as either a single permission ("view", or “can_view"), “all” (meaning must have all permissions) or as an array of strings (["can_view", “delete”, “edit” ...]). I allow it to use “view” or prefixed with “can_” because that’s what the field is in the database. Code: if($this->erkanaauth->hasPermissions("article", array("edit", "can_view")) == true){
[eluser]12vunion[/eluser]
And here's what my SQL looks like: Code: CREATE TABLE `content_types` (
[eluser]jaume[/eluser]
I use a different approach on multiple roles subject. I tried to explain it in this thread: http://ellislab.com/forums/viewthread/64469/ Do you think the approach is so weird? I mean, for example, instead of using different roles related to the news section being "news_editor" or "news_admin" or "news_whatever", just using a "news" role with a numeric level assigned to it so it becomes "news=3" to grant you a "level 3" access in the news section. When you have many different areas, assigned to a single role each, you shorten the roles list by a factor of 3 or 4 depending on the main levels you assign to the areas... Being the levels 1-admin. 2-supervisor, 3-editor, 4- writer they also allow syntax like "editor or higher" when talking about permissions. I've used it in portals where different users were allowed to work on different sections of the whole portal, and did work fine to me... how would you approach it? Jaume.
[eluser]12vunion[/eluser]
That's pretty interesting. I've used something like that before. I've also done something similar to that, but more like a chmod. Your approach works pretty well for a smaller project where you're in control of every user. But for the sake of manageability, you need to abstract it by an extra layer. In your approach, you have to set every permission for every user. Where as in mine, you setup permissions and assign them into groups. Then you can simply set what group the user belongs to and they get all the inherited permissions.
[eluser]jaume[/eluser]
@12vunion You sent your messages while I was writing mine! :-) Just a third point of view!
[eluser]jaume[/eluser]
@12vunion Yes, but if you have one user taking care of one area, you would end having as many groups as users and no inheritance in levels at all. In my app you start setting default permissions to true just to change his own password any assign only the permissions needed for that user. If you have enough users to group them in groups then I agree with you, but it still lacks inheritance to say "editor or higher in this area", how would you mix both approaches? Or do you focus more on explicit permissions like "can_do_x"? How whould you apply it in a per area basis more like saying "can_read in news_area"?
[eluser]12vunion[/eluser]
Either you use it like I am and say content_type = "news_area" can_read = "1", or you'd need a table with a ton of rules "can_read_news", "can_edit_news", etc. And then create an in between table that pairs user ids with permission ids (see my groups_to_roles_join table). Granted, my roles table is going to get pretty big as well. |
Welcome Guest, Not a member yet? Register Sign In |