Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
I'm confused about groups and roles
  • Is there a working example on using SimpleAuth and Roles/Groups? I'm very confused on how the config defines these rules. From what I understand, "groups" are flexible and can be given any name and assigned an array of roles? "Roles" are more confusing. These are some lingering questions:
    /**
      * Groups as id => array(name => <string>, roles => <array>)
      */
     'groups' => array(
      -1 => array('name' => 'Banned', 'roles' => array('banned')),
      0 => array('name' => 'Guests', 'roles' => array('guest')),
      1 => array('name' => 'Users', 'roles' => array('user')),
      1000 => array('name' => 'Super Administrators', 'roles' => array('super')),
     ),
    
     /**
      * Roles as name => array(location => rights)
      */
     'roles' => array(
      '#'          => array('users' => array('signup', 'login')), // default rights
      'user'       => array('comments' => array('create', 'read')),
      'moderator'  => array('comments' => array('update', 'delete')),
      'admin'      => array(
       'website'  => array('create', 'update', 'delete'),
       'admin'    => array('create', 'read', 'update', 'delete'),
      ),
      'banned'     => false,
      'super'      => true,
     ),
    

    What does "#" mean and how is it assigned? In this example: "'user' => array('comments' => array('create', 'read')),", what does LOCATION mean and what does Rights mean? When I first tried it, I was able to make it work by mapping 'comments' to a controller and RIGHTS to actions inside those controllers. However, I started noticing that more examples where using: read, write, update, and delete. I don't think these are actions... Any idea on the arrival of Auth documentation?
  • Rights given to '#' are given to all groups, it's a wildcard that doesn't need to be assigned to groups. Location and rights have no absolute meaning, they're what you make them mean. A common way to use them is as location=controller and rights=methods, but that's not the only possible interpretation. Personally I prefer location=model and rights=CRUD, with the model doing the checking before executing its edits.
  • First off Thanks :) ... In your example, how would controllers that don't use any models?
    How would you handle errors from the model after not passing a auth::check()? Would you hard code a crud parameter like:
    $access = Auth::has_access(array(
                "model_name",
                "create"
            ));
    
  • My controller methods are loaded through a Controller router() method that catches Exceptions, in this case AccessDeniedException that is thrown by the Model when a user with insufficient rights tries to access a model he doesn't have access to. When such an exception is caught an error view is returned. Most of these operations are "create", "update", "read", "delete" but all go through a central access point to the model that does the rights checking based on the model name and the method requested.
  • Jelmer Schreuder wrote on Sunday 2nd of October 2011:
    My controller methods are loaded through a Controller router() method that catches Exceptions, in this case AccessDeniedException that is thrown by the Model when a user with insufficient rights tries to access a model he doesn't have access to. When such an exception is caught an error view is returned. Most of these operations are "create", "update", "read", "delete" but all go through a central access point to the model that does the rights checking based on the model name and the method requested.

    Would it be possible to share your code for this part? i'm really interested in how you are handling things in the router().
  • Not all that special, basicly boils down to this:
    public function router($method, $args)
    {
        try
        {
            return call_user_func_array(array($this, $method), $args);
        }
        catch (AccessDeniedException $e)
        {
            return ViewModel::forge('access_denied', array('error' => $e));
        }
    }
    
  • Nice.. how do you set up the other controllers to use this? Is this an extension to the core's router.php?
  • Oh ok. So is this per controller? Can it be pushed to a Template controller?
  • If you create your own parent controller there's no reason that couldn't have a router() method, doesn't matter if you use a Template controller, Rest, or something else.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion