Best practices for simple viewing permissions |
[eluser]mact1079[/eluser]
I've got a small web app and the users table structure below. I've been reading up on ACL vs RBAC and while I think RBAC is the way I want to go I'm also getting a bit overwhelmed because I'm not sure if it's too much for me. I'm trying to build a solid prototype that a more advanced developer can build off of once the product/concept has been tested in the market place. For the protoype I have users and business users that need to view different pages. 1. How would you recommend me structuring my user table? Should I have a usertype field in there or is this asking for trouble? If not what is the best structure for a table(s)? Do I need to do the whole roles, permissions tables that RBAC utilizes? 2. Once I've set up user types (however I ultimately do) whats the best way of configuring my controllers so certain users can only see certain pages? Do I simply check the permissions on each controller method or do I need to do anything else in the views and models? 3. What about login functionality? Do I need to have separate login pages for each user type or should business users use the same one as regular users? Thanks for any guidance on this. I've come a long way in building this app using CI for the first time but am feeling a little overwhelmed here. Maybe it's not so complicated...? BTW, I'm using SimpleLoginSecure for auth. https://github.com/DaBourz/SimpleLoginSecure Code: -- |
Welcome Guest, Not a member yet? Register Sign In |