Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Using Auth permissions
  • Hi!
    I'm trying to use the Auth package's permission system, but every time I fail to use it correctly. Could you please give me a short example of creating a permission for a group to admin area with permission to read news?
    Also in many of my attempts I've used the Auth::has_acces(rule) function and no matter, what rule I defined I always got true, even when the db tables were empty.

    Could you please help me?
  • You are using the latest codebase?

    With empty tables it should definitely return false. Auth caches everything for performance reasons, so whenever you make changes, make sure you flush the cache, otherwise you get oud-dated data.
  • Deleting the cache helped, now it returns false. But I still cannot grant user a permission. Here is my current db dump: http://pastebin.com/syVqv1BT
    I've tried assigning the permission to both group and role, but neither of them seems to work for me.
    What am I doing wrong?
  • HarroHarro
    Accepted Answer
    You define 2 users, both in group #5.  You define a permission #1, "technician.orders". So far so good.

    But then:

    You create a group-permission relation, where you relate permission #1 with group #3. A group that has no users. The same is true for the role-permission relation.

    Also, the action column on the role-permission record is correct (in the sense that it stores an array with key values), where are the action column on the group-permission record is wrong (as that has string values).

    And the permission record created doesn't store actions at all, making both of the above wrong.

    The "users_permissions" record must contain an array of ALL possible actions, for example (0 => 'add', 1 => 'edit', 2 => 'delete').

    The relation tables contain the keys of the actions assigned to that relation. For example, a relation that only needs to assign the "edit" action needs to store array(1). A relation that needs to store all three stores array(0,1,2).

    So, in this case it's logical you get false returned, non of your users have any permission assigned to them.
  • Hi,
    sorry for replying now, but I still can't make it work. I've made all the changes you suggested, cleaned the cache several times, but there has to be something more (or I didn't understand you).
    This is my new db: http://pastebin.com/g2fq4Awt

  • I can't really test that, because our App Framework is multi-lingual and has modules adding stuff (so your db contents fails in our apps on missing modules for "technician" and "orders").

    But I can give you a dump of our test data, so you can see if you can spot any obvious differences: http://bin.fuelphp.com/snippet/view/H7
  • so what you're saying is that the problem is not in the database? does the area in db refer to module in my application? 
    also there are not any significant differences in the sql codes, plus i've tested your dump in my application (after deleting cache), but it didn't work either
  • ok, finally managed to make it work. just one more question: is there a way to check if a user has access to any permission in area?
  • No, area can be anything. But most of our apps are build of the same app platform, and that uses the module name as area.

    You mean something like has_access('area') ?

    And you're sure your code is up to date? As in 1.7.2, and not older?
  • HELP ME PLEASE!!!

    ******my user_users_permissions table have this*******

    a:5:{i:0;s:4:"list";i:1;s:3:"add";i:2;s:4:"edit";i:3;s:6:"delete";i:4;s:6:"modify";}

    ******and my controller ******

    if (\Auth::has_access('backend.pages[list]')) {
                    echo "OK !";
                } else {
                    echo "No access !";
                }

    area.controllername['method']

    but for me work only for controller name, if I write the action ever says No access !

    if (\Auth::has_access('backend.pages')) {
                    echo "OK !";
                } else {
                    echo "No access !";
                }

    WHAT AM DOIN BAD?
  • You need two things.

    You need a permission record, and that needs an action list. Which you seem to have created, so that is ok.

    What you haven't done (or what I should say, what you don't say), is that you need to assign this permission to a user, either directly, or through a role or group assignment.

    You'll see that the these relation records also contain a column called "actions", and this column should contain a serialized array of index values that are assigned to that relation.

    So if in your case you wanted to assign the "list" and "add" actions to that specific permission assignment, that action column should contain

    a:2:{i:0;s:1:"0";i:1;s:1:"1";}

    or

    array("0", "1") // may be numeric too
  • Excelenet my friend you are my hero, I Start with this 3 days ago now I understand more.

    Can i find on internet some complete code thay expaind it in details?
  • User_permissions table list all posibles permissions

    User_users_permissions use the position of the array to grant access

    very simple but in the web is not documented correctly and in the official website the documentation is poor.

    OTHER QUESTION IS

    How i can store automaticatically all methods name in the user permissions table, exist a method to do it?
  • There isn't really. We're working very hard on Fuel v2 at the moment, so not a lot of work goes on with v1.

    This question has popped up a few times, but it looks nobody's willing to make the documentation better.

    Ormauth was never intended to be part of the framework. It was written for our in-house application framework that I was allowed to open source. I tried to add as many auth examples as I was allowed, but for commercial reasons I wasn't allowed to give away our company's admin backend...

    And I don't know, we don't use controller or method names in Auth, we use functional names, like "crm.client[list]",  which is used everywhere someone wants to view (part of) a client record from a CRM system. And that could be in dozens of controllers...
  • Anyway thanks so much, i think fuelphp is excelent framewrk and am making a documentation of my personal experience in my personal blog in spanish language, this is my aport to make our comunity more stronger.

    Thanks again
  • Thanks, we're happy with anyone spreading the word. ;-) We'll try to make v2 even better...

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion