0

Possible Duplicate:
CodeIgniter authentication + user privileges

I had 5 user type and have permission table in which i give differnt permission to different user . permission like is_view,is_delete,is_add etc . User access the feature according to these permission.

I complete Database. I want to check the permission given to user on each page before the controller is called.

Community
  • 1
  • 1
user1737039
  • 1
  • 1
  • 1
  • Before calling controller?! Buthow are you going to check the user permission in db without a controller? – Bhuvan Rikka Oct 11 '12 at 06:35
  • 1
    @BhuvanRikka by making a common model . and check it every time before controller call . or by using hooks . is it possibe – user1737039 Oct 11 '12 at 06:38

3 Answers3

1

You should either place your auth-logic in the constructor of the controller

OR

in the constructor of a base-controller (more DRY as you don't have to repeat the logic in all controllers).

Johan André
  • 129
  • 3
1

I would create a new controller which extends the core controller. Place this file in application/core/

class MY_AuthController extends CI_Controller {
    public function __construct() {
        // Do your auth check in here, redirect if not logged in
    }
}

Then all the pages that need authentication you just inherit this new controller. This file you just place in your regular controller-folder

class Admin extends MY_AuthController {
    // All your controller goodness in here..
}
Niklas Modess
  • 2,521
  • 1
  • 20
  • 34
0

I advise you to read the following two articles:

1. Phil Sturgeon's post on Keeping It Dry.

Phil will introduce you to how to create parent controllers whose constructors will contain the session and potentially database logic. All controllers that you create thereafter should inherit from your custom controllers instead of the native CI_Controller.

Followed by....

2. Shane Pearson's CodeIgniter Base Classes Revisited.

Shane's article revamps Phil's technique and relocates your custom controllers from /core to /base and also utilizes a better __autoload()'er. This implementation allowed me, for instance, to use CodeIgniter's CLI class, whereas, Phil's bugged out.

To give you an idea - your code would look a little something like this once complete:

In /base/MY_In_Controller.php:

<?php
class MY_In_Controller extends CI_Controller{
    function __construct(){
        parent::__construct();
        //things like:
        //is the user even logged in? thank heavens I don't have to check this in every controller now. redirect if the session doesnt exist.
        //query the database and grab the permissions for the user. persist them with $this->load->vars();
        $this->data['perms'] = some_database_function();
        $this->load->vars($this->data);
    }
}

In controllers/manage.php:

<?php
class Manage extends MY_In_Controller{
    function __construct(){
        parent::__construct();
    }
    function index(){
        $this->load->view('manage');
        //and I can still access their permissions here and in the view.
        print_r($this->data['perms']);
    }
}
Jordan Arsenault
  • 7,100
  • 8
  • 53
  • 96