Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Need some Uderstanding on Roles and Groups
  • Dear,

    Hope You will give better ideal with groups and roles here, Firstly i am using OrmAuth, Configured, Migrated, Now all tables are ready.

    1) how i create permissions? is there any methods available?
    i have created one by manually adding permissions to a table users_permissions, i dont know it will work? i put area=backend permission=profile actions=null

    and assigned it to user group by table user_group_permissions. put action as read in a serialized format and used \cache::delete_all();
    then checked \Auth::has_access('backend.profile.read'); it returns true. ok, if i flushed all cache and cheked \Auth::has_access('backend.profile.write');. it respond true? Why?where write method is not availble, and i have not set write in table too. but still response is true.

    my software structure is this.
    there are many users.
    there are many groups
    there are companies
    each company have one group available and assigned to them
    company's group have many users, each can only access that company informations,
    one of them is administrator, who can delete other group members

    exactly i am confused about the roles and groups of you,
    User in Group in Roles .

    Also how i get all controllers and methods as an array, any function available?
  • Technically, a group and a role are the same. Both can be assigned to a user, and both can be linked to a set of permissions.

    A user van have only one group (has-many relation), and multiple roles (manymany relation).

    A role is usually related to tasks you perform. You are a moderator, a bookkeeper, a developer, etc, all roles. A group is usually used to group users that are otherwise unrelated in terms of roles. Like all people of the same age, all people working for the same company, etc.

    A permission has an area and a permission field, each being a string and completely free to use. A lot of people use it to define "controller"&"method", but I prefer to use more functional descriptions, like "accounting"&"invoicing". Optionally, you can also define a list of possible actions on a permission. This list is a serialized indexed array, for example:

    array(
        0 => 'read',
        1 => 'update',
        2 => 'delete',
        3 => 'access_own',
        4 => 'access_all',
    );

    This is stored in the permission record, and lists all possible actions for this permission.

    The relation record, the record that links a group or a role record to a permission, has an action column too. This column defines which of the defined permissions are assigned to the linked group or role. Again, this is an indexed array, but contains indexes, no names! So for example:

    array(
        0 => 0,
        1 => 3,
    );

    in combination with the action list given above would mean a user with this permission would have "area.permission.read" and "area.permission.access_own".

    Also, this user would have the generic permission "area.permission" (the user has "some" access), for example used if you need to know if the user has any access to any function within a permission, which you could use to redirect the user away immediately when he has no access at all.

    The format of the contents of the action columns is very relevant. For example they should not be null, they should contain "a:0:{}", an empty array. If it contains null, the action will be ignored, and has_access('backend.profile.write'); will be equal to has_access('backend.profile'); which is true if the relation record exists.

    If you have issues with permissions I suggest you try upgrading your auth package to 1.8/develop (if you use a clone, just change the branch, if you use a download, get https://github.com/fuel/auth/archive/1.8/develop.zip) as I can recall some fixes in permission calculation.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion