Acl Library

[eluser]Steffen Brem[/eluser]
Hello,

My name is Steffen Brem and I would like to introduce you my Acl library for CodeIgniter.

This library allows you to:

- Add roles and inherit from other roles
- Add resources to a role
- Deny resources for a role

When implementing this ACL library in your project, make sure you have a MY_Controller class that you use in your controllers. You will "build" your ACL in the MY_Controller class.


Tutorial

Adding roles
If you want to add roles to your access control list, you use the addRole() method. You can also inherit from other roles. See the example below:

Code:

$this->acl->addRole('guest');
$this->acl->addRole('user', 'guest'); // User inherits from the guest role
$this->acl->addRole('staff', 'user'); // Staff inherits from the user role which inherits form the guest role
$this->acl->addRole('admin');

Allow resources
You can see every page (controller action) as a resource. Below I will show you how to allow resources to a role.

Code:

$this->acl->allow('guest', 'info', 'index'); // Allow the guest role to access info/index
// Note: user inherits from guest and staff inherits from user, so they will have access to this resource too
$this->acl->allow('user', 'profile', array('index', 'view', 'edit'));

Deny resources
You can also deny resources for a role. This can sometimes be very handy. It works almost the same like the allow() method, but only reverse. (Note: inheritance will not take place when denying resources)

Code:

$this->acl->deny('user', 'auth', 'login');

Dynamic roles
If you have a lot of roles, it can be annoying to change all the role names. This trick can help you avoid this problem (we just simply put the role in a variable).

Code:

$guest = $this->acl->addRole('guest');
$user  = $this->acl->addRole('user', 'guest'); // User inherits from the guest role
$admin = $this->acl->addRole('admin'); // We do not need to inherit from a role, because we gonna give admin access to everything

// Now we can use the variables as role names
$this->acl->allow($guest, 'info', 'index');
$this->acl->allow($guest, 'forum', array('index', 'view'));

// ...

NULL
If you want a role to access the index action in ALL controllers. You can simply set the
controller argument to "NULL" (Note: datatype NULL).

Example:

Code:

$this->acl->allow('guest', null, 'index');

The same you can do with the action argument.


Checking the Acl
Okay, now you know how to create your ACL, it's a good idea to also know how to check this. This is very easy and I will show you a basic example below (Note: put this code below everything that creates your ACL).

Code:

$role = ( $this->session->userdata('role_id') )
    ? $this->session->userdata('role_id')
    : $this->acl->getDefaultRole();

if ( $this->acl->isAllowed($role, $controller, $action) )
{
    show_error('You are not allowed to view this page!');
}
else
{
    // Role can access this resource, do some things here...
}

Code hinting
CodeIgniter does not have code hinting by default. If you want to use code hinting (which
is really handy when writing programs) include the file "ci_codehinting.php" from the download as an include path to your project (tested in NetBeans 7.0.1).



I hope this is enough information to help you getting started. If you have any questions, i will do my best to answer them asap.

<h2>Download Library!</h2>

[eluser]Noobigniter[/eluser]
hello,

Thank you.
I have not tested it yet, but I will.
I leave this little message anyway, waiting to give back, because I know how it feels when you post something and no answer ^^

[eluser]somenet[/eluser]
Please provide complete example to understand.

[eluser]Steffen Brem[/eluser]
somenet, can you explain me which part you don't understand?

Note: in the download, there is also an example MY_Controller.php file. This is the only file you need to set up your ACL! If you do not know what MY_Controller is. It is in the simplest way your application bootstrap file which is called BEFORE your controller file is being called. For more information about this, search the forums.

[eluser]somenet[/eluser]
Steffen Please implement this library in complete codeigniter framework.

[eluser]Steffen Brem[/eluser]
Somenet, the only thing you need to do is copy the following files in "application/libraries" of your CodeIgniter project:

- Acl.php
- acl (folder)
- MY_Controller.php

The file ci_codehinting.php does not belong in your application libraries folder (same for the README.txt)

If you still don't understand this, I will make a video for you.

[eluser]Fons Vandamme[/eluser]
Is it possible to make an example using a database.. I think I understand how it works but not sure how to figure this out when you use different DB tables for the different roles you use in ACL.

Thanks in advance!

[eluser]Steffen Brem[/eluser]
This ACL is currently ment to be hard-coded inside your MY_Controller.php file. However, you CAN use a database, but you will have to write this yourself.

Here is a simple example:

Code:

$roles = $this->db->get('roles')->result_array();

// Add the roles
foreach ( $roles as $role )
{
    if ( $role['inheritor'] )
    {
        $this->acl->add_role($role['name'], $role['inheritor']);
    }
    else
    {
        $this->acl->add_role($role['name']);
    }
  
   $this->db->where('role', $role['name']); // Just use role as primary key...
   $permissions = $this->db->get('permissions')->result_array();

   // Loop trough the permissions of this role
   foreach ( $permissions as $permission )
   {
       $this->acl->allow($role['name'], $permission['controller'], $permission['actions']);
   }

   // You will get the idea :P
}

[eluser]Fons Vandamme[/eluser]
Thanks for the information! I have found this post: http://www.tastybytes.net/blog/simple-ac...odeigniter

Here they already use the DB for an ACL implementation so I will try to work it out this way first! thanks anyway!

[eluser]Steffen Brem[/eluser]
No problem! In the future this ACL library will have DB support too. So check back later if your not satisfied