cake-php@googlegroups.com
[Top] [All Lists]

Re: Is this too complicated ?

Subject: Re: Is this too complicated ?
From: GerarD
Date: Tue, 10 Apr 2012 06:30:21 -0700 PDT
Well, I needed something with role and access for a system I was working on. 
 
What I did was to create a field called Access in the DB to control access to each Module of the system, and another field called Actions to control wich "actions" they could performe.
So I have 2 Modules, one called Distributors, and one called Personals.

By the moment I create a user that could access Distributors, I saved that controllers name in the field Access as a string. But I don't want him to edit the info of the Distributors, just view and search. Well, I save a string as "view; search" in Actions. 

Then, in app/appController:

public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => '', 'action' => 'index'), 
            'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
            'authorize' => array('Controller') // I want to check every controller the user Access.
        )
    );
 
and, as I can read the info from the Auth method in the appController:

public function isAuthorized($user) {
   if(isset($user['role']) && $user['role'] === 'admin') { // admin can access all actions
       return true; 
   }
if(in_array($this->action, array('index', 'view', 'search', 'add')){ 
$controller = $this->params['controller'];
$action = "">
$allow_controllers = explode('; ', $user['Access']); //list of controllers in Access
$allow_actions = explode('; ', $user['Actions']); //list of actions in Actions
                        
//Now we check if this user has access to the Controller and the Action his trying to see.
if(in_array($controller, $user['Access']) && in_array($action, $user['Actions'])){
return true; //he can
}
}
return false; /he can't. Sorry.
}

And that's it. It's very simple but it works for me =). Now you can add as many controllers as you need in the future, and you won't have to rewrite the code. Just give access to the users you want in your Users Module. Hope it helps...

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@xxxxxxxxxxxxxxxx For more options, visit this group at http://groups.google.com/group/cake-php
<Prev in Thread] Current Thread [Next in Thread>