I tried to create ACL (access control list) but per user id, not by role because the client wants that same level but has different permission
how I can check if the user accessing a method or controller that don't have permission in database
here is table permissions structure
+------------------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------------------+--------------+------+-----+---------+----------------+
| permission_id | int(11) | NO | PRI | NULL | auto_increment |
| permission_name | varchar(255) | NO | | NULL | |
| permission_desc | text | YES | | NULL | |
| permission_created_at | datetime | YES | | NULL | |
| permission_modified_at | datetime | YES | | NULL | |
+------------------------+--------------+------+-----+---------+----------------+
then, permissions table has relation with permission_role table and here is permission_role 's structure
+--------------------+---------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------------+---------+------+-----+---------+----------------+
| permission_role_id | int(11) | NO | PRI | NULL | auto_increment |
| user_id | int(11) | NO | MUL | NULL | |
| permission_id | int(11) | NO | MUL | NULL | |
+--------------------+---------+------+-----+---------+----------------+
now, I am confused if the user accesses a controller that the user doesn't have permissions to access it, how I can check it? if check by route or URI but my database didn't save class controller ... Any solution please ?
Thank you, and sorry for my bad English
Assuming Branch
.etc. is the controller and view
, edit
are methods with your storage system you would have to do:
class Branch extends CI_Controller {
public function view {
$this->acl->can_access(6);
}
public function edit {
$this->acl->can_access(9);
}
}
Acl Model:
class Acl extends CI_Model {
public function can_access($permission_id = null) {
$uid = $this->session->userdata('user_id');
if (!is_null($uid) && !is_null($permission_id)) {
$this->db->where('user_id', $uid);
$this->db->where('permission_id', $permission_id);
$this->db->from('permissions_role');
if ($this->db->count_all_results() > 0) {
return;
}
}
show_error('Not allowed'); // function exits
}
}
If you refactored your db structure to contain both your controller/method in the permission
table you wouldn't have to include can_access
in every auth method and could just have your controllers extend a MY_Controller
with code that looks like:
class MY_Controller extends CI_Controller {
public function __construct() {
parent::__construct();
$this->can_access();
}
private function can_access() {
$controller = $this->router->class;
$method = $this->router->method;
$curr_user = $this->session->userdata('user_id');
// do join between permissions and permissions role...
// check if num_rows > 0 for current user given the controller/method
// if num_rows is not greater than 0 (user doesn't have permission)
// then show error. otherwise do nothing (user has permission)
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.