Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
I'm confused about groups and roles
  • AndresAndres
    Is there a working example on using SimpleAuth and Roles/Groups? I'm very confused on how the config defines these rules. From what I understand, "groups" are flexible and can be given any name and assigned an array of roles? "Roles" are more confusing. These are some lingering questions:
    /**
  * Groups as id => array(name => <string>, roles => <array>)
  */
 'groups' => array(
  -1 => array('name' => 'Banned', 'roles' => array('banned')),
  0 => array('name' => 'Guests', 'roles' => array('guest')),
  1 => array('name' => 'Users', 'roles' => array('user')),
  1000 => array('name' => 'Super Administrators', 'roles' => array('super')),
 ),

 /**
  * Roles as name => array(location => rights)
  */
 'roles' => array(
  '#'          => array('users' => array('signup', 'login')), // default rights
  'user'       => array('comments' => array('create', 'read')),
  'moderator'  => array('comments' => array('update', 'delete')),
  'admin'      => array(
   'website'  => array('create', 'update', 'delete'),
   'admin'    => array('create', 'read', 'update', 'delete'),
  ),
  'banned'     => false,
  'super'      => true,
 ),

    What does "#" mean and how is it assigned? In this example: "'user' => array('comments' => array('create', 'read')),", what does LOCATION mean and what does Rights mean? When I first tried it, I was able to make it work by mapping 'comments' to a controller and RIGHTS to actions inside those controllers. However, I started noticing that more examples where using: read, write, update, and delete. I don't think these are actions... Any idea on the arrival of Auth documentation?
  • Jelmer SchreuderJelmer Schreuder
    Rights given to '#' are given to all groups, it's a wildcard that doesn't need to be assigned to groups. Location and rights have no absolute meaning, they're what you make them mean. A common way to use them is as location=controller and rights=methods, but that's not the only possible interpretation. Personally I prefer location=model and rights=CRUD, with the model doing the checking before executing its edits.
  • AndresAndres
    First off Thanks :) ... In your example, how would controllers that don't use any models?
    How would you handle errors from the model after not passing a auth::check()? Would you hard code a crud parameter like: 
    $access = Auth::has_access(array(
            "model_name",
            "create"
        ));
  • Jelmer SchreuderJelmer Schreuder
    My controller methods are loaded through a Controller router() method that catches Exceptions, in this case AccessDeniedException that is thrown by the Model when a user with insufficient rights tries to access a model he doesn't have access to. When such an exception is caught an error view is returned. Most of these operations are "create", "update", "read", "delete" but all go through a central access point to the model that does the rights checking based on the model name and the method requested.
  • Dregond RahlDregond Rahl
    Jelmer Schreuder wrote on Sunday 2nd of October 2011:
    My controller methods are loaded through a Controller router() method that catches Exceptions, in this case AccessDeniedException that is thrown by the Model when a user with insufficient rights tries to access a model he doesn't have access to. When such an exception is caught an error view is returned. Most of these operations are "create", "update", "read", "delete" but all go through a central access point to the model that does the rights checking based on the model name and the method requested.

    Would it be possible to share your code for this part? i'm really interested in how you are handling things in the router().
  • Jelmer SchreuderJelmer Schreuder
    Not all that special, basicly boils down to this:
    public function router($method, $args)
{
    try
    {
        return call_user_func_array(array($this, $method), $args);
    }
    catch (AccessDeniedException $e)
    {
        return ViewModel::forge('access_denied', array('error' => $e));
    }
}
  • AndresAndres
    Nice.. how do you set up the other controllers to use this? Is this an extension to the core's router.php?
  • Jelmer SchreuderJelmer Schreuder
    http://fuelphp.com/docs/general/controllers/base.html
  • AndresAndres
    Oh ok. So is this per controller? Can it be pushed to a Template controller?
  • Jelmer SchreuderJelmer Schreuder
    If you create your own parent controller there's no reason that couldn't have a router() method, doesn't matter if you use a Template controller, Rest, or something else.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion