Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Load perms by company using fuel acl
  • Hello folks,

    I would like to know if it is possible to separate the permissions by company using the fuel acl package. For example, I have company X, so when an user of this company accesses the system, I would like to load all the permissions of company X.

  • HarroHarro
    Accepted Answer
    How would you define "company permissions"?

    The ACL system is user centric, so you would have to emulate the notion of a company, either through a group (assuming a user works for one company), or via a role ("employee of X"). And then assign the permissions to the group or the role. And you can also assign multiple roles to a group if you need to seperate permissions in more detail.

    But normally you would just work role based (a user performs a role in a company, and needs access associated to that role), and is "a company" not a permission, but a data item, which you might use as a filter. For example, a user working for company X in the role "bookkeeper" would be able to work with invoice and financial data in the system, but only those related to company X. You can't capture something like this in a permission system. 

    In one of our apps to which multiple clients have access, we use an observer and ORM relation conditions to implement automatic foreign key filtering. This will for example add "AND WHERE client_id = X" to every query to a table that contains a "client_id" field.
  • My database will have many clients(companies), and this clients will have many employees. When the employee logged into the system, I want to get all the permissions set for user groups of the employee's company that logged into the system.
    I'll try the tip that you told me, using client id.

    thanks for the help
  • HarroHarro
    Accepted Answer
    Our application also has a many-many relation between the user table and the companies table, so every user can be linked to his/her employer(s).

    Our base controller has an has_employee_access() method, that retrieves the current users employer information (using cache to speed things up).

    The actions can then do something like

    if ( ! $this->has_employee_access($sometable->client_id) )
    {
       // redirect and display an error message
    }

  • sosekisoseki
    Accepted Answer
    For my project, I basically use SimpleAuth for the access permission.


    This is pretty easy to implement I guess.
  • HarroHarro
    Accepted Answer
    Doesn't really matter which one you use. 

    It's a matter of adding the column for the foreign key to the users table (if the relation between users and companies is a one-to-many) or create a many-many table between the two.

    If a one-to-many case you could even decide to add it to the profile_fields, if you don't need ORM relations but use DB queries...
  • Hi,

    Is it a good idea to move the authentication package into my project ? As I understood, it will be necessary to make changes in some models.

  • HarroHarro
    Accepted Answer
    You can overload every class in your project, it is better that working with a copy.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion