Codeigniter Simple ACL

A simple Role Based Access Control List that dosen’t require a database.

Users can have multiple roles, and roles have access permissions.

I’ve based this on the Drupal ACL which I very much like.

A configuration file called acl.php which needs to be stored in applications/config folder

A library file called acl.php which needs to stored in the applications/libraries folder

Inside the config file is the config array which has two arrays

$config[ ‘permission’ ] = array();

and

$config[ ‘roles’ ] = array();

 

To setup roles simply add role names, any names you like but you must have ‘admin’ as your main website owner/administrator

ie

$config[ ‘roles’ ] = array( ‘user’, ‘blogger’, ‘editor’, ‘umpire’, ‘admin’ );

now set up the permission (which I tend to do on a controller basis);

$config[ 'permission' ] = array(
    'users' => array(
        'add' => array( 'admin' ),
        'edit own' => array( 'blogger', 'editor', 'admin' ),
        'edit all' => array( 'editor', 'admin' ),
        'delete own' => array( 'blogger', 'editor', 'admin' ),
        'delete all' => array( 'editor', 'admin' ),
    ),
    'umpires' => array(
        'add' => array( 'admin' ),
        'edit own' => array( 'umpire', 'admin' ),
        'edit all' => array( 'admin' ),
        'delete own' => array( 'umpire', 'admin' ),
        'delete all' => array( 'admin' ),
    ),
    'cricket' => array(
        'add' => array( 'umpire', 'admin' ),
        'edit own' => array(), // not applicable
        'edit all' => array( 'umpire', 'admin' ),
        'delete own' => array( ), // not applicable
        'delete all' => array( 'umpire', 'admin' ),
    ),
);

 

Now your login process needs to add

$this->session->set_userdata('uid' = $uid);  // !important that you use uid for session name
$roles = array('user', 'blogger');
// If you are using a database to store users I would create a field called roles and save roles as either json or serialize
Then  $roles = unserialize($user->roles);
$this->session->set_userdata('role' = $roles);  // !important that you use uid for session name
To set permissions on controllers or functions
$this->load->library('acl');
//has_permission( The Controller, The min permission)
has_permission('cricket','add');
or for editing own post
//has_permission( The Controller, The permission, The post ID );
has_permission( 'posts', 'edit own', 234 );
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s