[eluser]gon[/eluser]
Hi,
You should create a controller and a model for Users. Note that the model will probably be used in all the app, while the controller will be part of the admin section.
In the Users controller you would put a function for every operation:
- index (for a list of users)
- edit
- add
- delete
and so on.
The controller will validate the params, execute the corresponding model method, and show the result to the user.
Of course, some of the controller functions must take parameters from the url, while others not. For example you would take the user id when editing:
/users/edit/14
This way you can check if there is a user with ID=14 at the DB. If not, you could send a 404 or redirect to index.
To restrict access to controllers, I do this:
Make a base_controller. All restricted controllers will extend this one.
At the constructor, one of the things I do is to check if the user is logged, by loading an Auth class that when loaded checks the session cookie. It also loads the user data and checks what permissions or roles the user has.
At the base_controller, I write a _remap function, which, as the docs explain, is called before the controller action.
In this function I check what controller and action is being called by looking at the URI segments.
Then you check if the user has permissions for executing the action on the controller. In my case I have written a ACL library for doing this.
This is the _remap function that I use:
Code:
class Base_clovercms_controller extends Controller {
// here goes var initializations...
function __construct() {
......
$this->load->library("auth");
......
}
function _remap($action) {
if (!method_exists($this, $action))
show_404();
$segments = $this->uri->segment_array();
if (count($segments)<2)
show_404();
$controller = $segments[2];
$args = array_slice($segments, 3);
$this->current_controller = $controller;
// these can be overridden by some controllers
$this->current_menu_section = $controller;
$this->current_menu_action = $action;
$this->current_menu_arg = isset($args[0]) ? $args[0]:"";
$this->current_action = $action;
$this->args = $args;
$authorization = $this->cl_acl->getAuthorization($controller, $action);
if (!$authorization) {
show_404();
}
if (method_exists($this, $controller."_init")) {
call_user_func_array(array($this, $controller."_init"), array($action, $args));
}
call_user_func_array(array($this, $action), $args);
}
}
You can see how the _remap function checks the user permissions by calling $this->cl_acl->getAuthorization($controller, $action);. You don't need to pass the user because cl_acl library will get it from Auth library.
If the user has permission, the action is executed.
Hope this helps!!!