Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Users roles
  • fabien23fabien23
    Hello,
    I am new to fuelPHP I have a question for my website (intranet) :
    I have 3 types of users :
    1) "Patient" (first name,last name) | roles : games->read, infos->read
    2) "Familly" (first name, last name, email, patientID) | roles : message-> create
    3) "Admin" (first name, last name, email,) | all roles
    Each type has is own dashboard page which are different of course How can I do to do that ? thx
    Fabien
  • HarroHarro
    Depends on what authentication system you use. In case of the auth package, roles and rights are handled by the ACL classes. The roles and rights are defined in the simpleauth config file. You can check the Fuel Depot code on http://github.com/fuel/depot for an example of implementation.
  • fabien23fabien23
    I wrote a new controller. every controller will extend this new one
    I put this in the before() function : $seg=Request::active()->uri->segments();
    if (count($seg)>1)
    {
    $checkline=$seg[0].'.'.$seg[1];
    }
    else
    {
    $checkline=$seg[0].".".Request::active()->action;
    } if ( !Auth::has_access($checkline) and Request::active()->action != 'login')
    { Response::redirect('admin/login');
    } But it's quite heavy in the config file, each function of each module has to appear
    What do you think of my code ?
  • HarroHarro
    I would do that in a router() method which gives you direct action to the action called, but this should work too. I virtually never use an access system based on actual files (controller/method combinations). It gets complicated very fast, you need to define a very long list of access rights (as you have noticed), and it gets even more complicated if you want to map rights to multiple roles. I use functional roles, like 'blogger', 'forum_moderator', etc. To those I assign functional rights, for example the right to view blogs, edit blogs, etc. In the code I check those rights. Which could be anywhere. For example I have a module that produces a partial that displays links to the last 5 blog posts in de sidebar. I only return the view if the current user has view rights on blogs. My base controller also contains a method called has_role() (which is missing from the Auth package), which will retrieve the users roles, and check if the requested role is there. So in my code I can just do has_role('forum_moderator'), and not be bothered with specific rights assignments.
  • fabien23fabien23
    Ok,
    thank you for your answer.
    I will try to use your advices :) Fabien
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion