Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Auth Group & Roles
  • Hi, 

    I am having an issue trying to determine difference between group and roles as far as naming goes. I understand how they work. 

    Basically a group is a group of users assigned to specific group such as Users, Admin, Staff.. etc.

    and Roles are what you can allow each user to do in their own group, so this would use same name as Users, Admin, Staff? 

    I am slightly confused how these are set up and named. 

  • I think I want to set up my Admin as following if my understanding is correct. 

    Groups: Admin, Staff, Users
    Roles: Administrator, WebDevelopment, Marketing, Sales, Client

    So when I create a user, assign the user to a group, then assign roles to the user 

    ClientUser --> Users --> Client
    ManagerUser --> Admin --> Administrator, WebDevelopment, Marketing, Sales, Client
    WebDeveloperUser --> Staff --> WebDevelopment
    MarketingUser --> Staff --> Marketing
    SalesUser --> Staff --> Sales
    HybridUser --> Staff --> WebDevelopment, Marketing

    or something like that?

    As far as setting up the permissions, there are basically 4 basic things that they can do such as Create, Read, Update and Delete, correct? 

    Thank you
  • HarroHarro
    Accepted Answer
    In general, a role is (related to) a job or a task a person performs. You are an Administrator, a Moderator, a Teacher, a Student, a Paymaster, a Financial controller, a Machine Operator, etc.

    A group is an arbitrary collection of users. Users, Guests, Banned users, members of project X, People that work on Thursday, Students of class 1B6, etc.

    So yes, I could live with your definition of groups and roles.

    Since most people don't have applications that have the need for multiple groups, it currently isn't implemented in Auth. A group may have some permissions (you may want a revoke-all on banned users for example), permissions are normally assigned to roles.

    As to permissions, a permission is a combination of a permission, an area, and actions.

    Both area and permission are just strings, so you can pick any system you want. Some use controller and action, some use a more functional approach (like invoices and details) which could span multiple controllers or actions.

    Then with the actions you can define more fine-grained access control. You can for example define that "invoice.details" has as possible actions: "view", "print", "email", "change", "pay", "create" and "delete". This is stored as a serialized indexed array.

    When you assign the permission, you can assign a selection of these possible actions. So you can say a role has this permission, and only the actions "print" and "email". This is stored as a serialized array too, this time with the index values. So in this example array(1,2).
  • This is the part where I keep getting confused 

    "Since most people don't have applications that have the need for multiple groups, it currently isn't implemented in Auth."

    Can you clarify that? There is a section in the simpleauth.php that has groups that lists such as you just listed above, Users, Guests, Banned users, etc.. 

    Isn't that considered as multiple groups?
  • Both for Simpleauth and Ormauth, the user table has a group id column. Which means a user can only belong to one group (at any given time).

    If you want to assign the user to multiple groups, you would need a many-to-many relation, which isn't implemented.
  • I don't want to assign the user to multiple groups, I only want to assign multiple roles to the user, which is implemented correct?
  • Yes. User -> Roles is a many-to-many relation.

    The best thing you can do is to go through the code for the different Auth models, so you'll know which relations are available, and of which type they are.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion