Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Can I control role of users and permission using ormauth?
  • I would like to know does it control the role of user and permission with ormauth. If can we do like that may i know how can i solve that problem.
  • Sorry, I don't understand the question.
  • i want to control role of user and permission with ormauth.

    for example, 
     (1) admin role can do all of permission such as edit,view,delete and so on.
    (2) user role can do identified permission such as only edit, delete.
  • aungphyohtwe it is simple,

    use phpmyadmin or oil or write some code to create some permissions, for example use this code to add a new permission:

    <span class="variable">$perm</span> = \Model\Auth_Permission::forge();<br>$perm-&gt;area = 'tg'; // <code data-result="[object Object]" class="php">name_of_application
    $perm->permission = 'blog';
    $perm->actions = ['add' , 'edit' , 'save' , ... ];

    then create some users ,

    <span class="variable">$user</span> = \Model\Auth_User::forge();<br>$user-&gt;username = 'user01';<br>$user-&gt;password = 'password';<br>$user-&gt;email = '';<br>$user-&gt;group = 3; // for normal user<br>$user-&gt;group = 5; // for admin user

    now you can use has_access function for checking if current user has permission to do something or not,

    <span class="keyword">if</span> (Auth::has_access(<span class="string">'[add,edit]'</span>))
    <span class="comment">// yes, the user has access</span>

    it is simple, and all code you need is in Auth section of docs.

  • thank you Mr.nasserman and Mr.Harro Verton for comments.

    And then,I tried to create database table  using oil command as the following;

    $ oil refine migrate --package=auth

    can only create migrate file into packages/auth/migrations/001_auth_create_usertables.php ...

    but can't create database table in my mysql database.

    what wrong in my command? 

    what should i need to do more?
  • HarroHarro
    Accepted Answer
    Configure your database config file, and configure auth (= copy the auth.php config from the package to your app/config folder and configure it) before you run the migrations.

    Auth migrations adapt to how you have configured it.
  • i copied packages/auth/config/auth.php to app/config/

    and then, i configured app/config/auth.php as the following:

    return array(
    'driver' =>  'Ormauth',
    'verify_multiple_logins' => false,
    'salt' =>  'put_your_salt_here',
    'iterations' =>  10000,

    After that , i run oil command as the following:

    $oil r migrate --package=auth

    but, i get the answer as the following:

    " Already on the latest migration for app:default. "

    i tried to run this command again but i get the same answer

    what should i need to do?
  • philipptempelphilipptempel
    Accepted Answer
    First of all, the option must be  `--packages=auth`. Furthermore, now you will need to revert the migrations for the 'auth' package before you can re-apply them with the proper config. Have a look at `$php oil refine migrate:help` to see how that will work
  • Thank you Mr.philipptempel for your comment.
  • Now i can be created the database table using oil command as the following:

    $ oil r migrate --packages=auth

    many tables come out as the following:


    i would like to know which tables i need to use for manage role of user and permission?
  • users_permissions contain the permissions themselfs.

    users_role_permission relates roles to permissions, users_user_permissions relates users to permissions, users_group_permissions relates groups to permissions. All of them are many-many relations.

    Auth contains ORM models for all these tables and relations, so if use these, everything goes automatically.
  • p.s. providers, scopes, sessions, and session scopes are OpAuth tables, the will only be used if you use Opauth (social media logins).
  • Thank you Mr.Harro Verton.

    Can i create permission like the following:

    public function action_create()

    if (\Input::method() == 'POST')
    $perm= \Model\Auth_Permission::forge();
    $perm->area= \Input::post('area');
    $perm->permission= \Input::post('permission');
    $perm->description= \Input::post('description');
    $perm->actions= \Input::post('actions');

    if ($perm->save())
    \Session::set_flash('success', e('Added permission'));


    \Session::set_flash('error', e('Could not save permission.'));

  • Yes, why not?

    Note that this only creates the permission record, it does not assign it to anything (user, group or role).

    Also, permissions are only useful when checked in the application. Unless that is going to be dynamic (i.e. the user can add data and assign a custom permission to it), it is not really useful to have the ability to add permissions if your code only contains hard-coded has_access() calls...
  • I want to create for custom permission for normal user.

    Admin can create custom permission for normal user.

    for example,

    i have 3 modules and controller. they have the same name
    1. hotel
    2. user
    3. post

    in Hotel module and controller have three action like the following:
    1. create
    2. view

    in user and post module have the same action like the hotel .

    admin can give custom permissions to normal user from custom form. for example,

    admin choose for normal user only create,view,edit action from  hotel modules.

    that normal user can do only create,view,edit action in hotel modules 

    i want to create like that , i can create using normal php but i don't know how to create using ormauth in fuelphp framework.

  • So you don't want to create permissions, you want to assign permissions?

    The most logical is to create the permission records in a migration, use a logical separation, for example the module name as area, so you can use has_access("hotel.create") etc. In this case you don't need any actions.

    // create a permission record
    $perm = \Model\Auth_Permission::forge(array(
        'area' => 'hotel',
        'permission' => 'create',
        'description' => 'Permission to add new hotels',
        'actions' => array(),

    In your interface you can then show the permissions. They are assigned by simply relating them, so if you want to assign a permission to a role:

    // get a permission
    $perm = \Model\Auth_Permission::find(1);

    // get a role
    $role = \Model\Auth_Role::find(1);

    // assign the permission to the role and save it
    $role->permission[] = $perm;

    Not more complicated than this, and it works the same for users and groups.
  • i assign permission to permission table using the following code

    $perm = \Model\Auth_Permission::forge(array(
    'area' => input::post('area'),
    'permission' => Input::post('permission'),
    'description' => Input::post('description'),
    'actions' => array(Input::post('action')),

    i can save into database

    but when i assign permission to role like the following:

    // get a permission
    $perm = \Model\Auth_Permission::find(1);

    // get a role
    $role = \Model\Auth_Role::find(1);

    // assign the permission to the role and save it
    $role->permission[] = $perm;

    i can't save into database because " Property 'permission' not found for Auth\Model\Auth_Role." error is come out.

    Is need to insert permission column in users_roles table?

    what should i need to do more?

  • HarroHarro
    Accepted Answer
    Sorry, typo, my fault.

    It is a "many" relation, so it must be "permissions", not "permission".
  • i could be did it.Thank you Mr.Harro Verton

    i want to confirm my understood about area,permission

    area is modules name.
    for example, hotel.

    permission is controller in module.
    for example: blog controller in hotel module.

    i want to know that is correct or not.

    now i assigned permissions for normal user into users_permission table, role, user, group.
    Can i use Auth::has_access(area.permission[action1,action2]) ?
  • It can be anything you want, but using "module, controller" would be a logical grouping.

    I personally don't map permissions to code elements, but to functional sections of the application, so I would use something like

    area = "hotelmanagement"
    permission = "add"
    actions = ['hotel', 'booking', 'room'] and so on

    which means you could use has_access("hotelmanagement.add[room]") to check if the user has the permission to add a new room, an action with might not be limited to a controller/method.

    You are not required to use actions, if you map permissions to controller methods, usually a method only does one thing, so you might not need the extra granularity in your permissions.
  • Now i assigned permission in permission table like the following:

    id = 32;
    area = hotel;
    permission = add;
    actions = a:4:{i:0;s:6:"create";i:1;s:4:"edit";i:2;s:4:"view";i:3;s:6:"delete";}
    description = hotel-create;
    user_id = 0;

    And then, i assigned permission in role like the following:
    role_id = 3;
    perm_id= 32;
    actions = ;

    And then, i assigned permission in user like the following:
    actions= ;

    And then i wrote a code in controller add as the following:
    template->title = "Create New Hotel";
    this->template->content = View::forge(add/create);
    Session::set_flash('error','You don't have permission for create');
    And then, i logged in as a admin.

    i went the Create New Hotel page using the URL as the following:
    i can access that page.

    When i login as a normal user, i can't access that page.
    "You don't have permission for create" error message is come out.

    i already assigned [add] permission for normal user,but i can't access.
    what should i need to do more?

    And , how can i retrieve data in actions column from users_permission table (a:4:{i:0;s:6:"create";i:1;s:4:"edit";i:2;s:4:"view";i:3;s:6:"delete";}
    ) into View like create,edit,view,delete?
  • Have you flushed the permission cache every time you changed the permission assignment, like is mentioned in the documenation?

    The current users efffective rights are cached to avoid heavy queries and calculations on each page request, so if you don't delete the cache, your changes aren't picked up until the cache expires.
  • If you use the Auth models, the array stored in the permission will automatically be expanded on read and serialized back on write, they use the typing observer for that purpose.
  • Which file i need to config for using cache?

    Is it need to config in config/config file like the following?

    'cache_dir' => APPPATH.'cache/',
    'caching' => false,
    'cache_lifetime' => 3600
  • No. Your config should be ok with it's default settings.

    What is cached, with which cache key, and how to deal with it, is all documented:

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion