Admin area - Authorization

Update at 2017-12-22 07:58:15


Introduction

Imagine that your application is developed not for a single user, but for a group of users, and each group has different permissions. For example, for a news website, the administrator can have full control, the partner only has the right to manage their posts. Then you will need to use decentralized permissions

CI Base supports you to delegate users through two libraries, Gate and Policy, which you can find at admin/libraries. These are two libraries specifically designed for Codeigniter applications.

Imagine every operation from the client to the server must be through a "gate", each "gate" will lead to a controller, at which the request will be processed.

The two Gate and Policy libraries will act as the request's moderator, ensuring that the request is capable of fulfilling its request.

Below is a guide to using these two libraries.

Gate

Gate is the "gate" that was mentioned above. To register a gate, you should place the MY_Controller@register in the following structure

<?php

// admin/core/MY_Controller.php

...
protected function register()
{
    $this->gate->define('gate-name', 'Gate Name');
}

Using the same structure, your application already has one. Next step, we'll show you where this gate leads through the Policy library

Policy

Under the MVC model, requests are processed at the controller. So, you will have to figure out which gate this controller will go to. The structure is as follows

<?php

// admin/core/MY_Controller.php

protected function register()
{
    ...
    $this->policy->define('Name_controller/method', 'gate-name');
    $this->policy->define('Name_controller/method_2', 'gate-name');
}

As an example, the "gate-name" gate will go to the two controllers named "Name_controller/method" and "Name_controller/method2". This means that if the request is allowed to go to the gate-name, it can go to the two controllers mentioned above.

Set permissions for request and request moderation

Setting the request will indicate that the request is allowed on which gate. The request moderation checks whether the request can execute the requested request. To set requests and moderators, you use the following structure

<?php

// admin/core/MY_Controller.php

protected function boot()
{
    // Set current request allow permissions
    $this->gate->set_allow(array(
        'gate-name-1',
        'gate-name-2',
    ));
    
    // Validate request
    $this->policy->policy_request();
}

If pass, request will execute the request as normal. Fail, will display error page 403.

Hepler

CI base also provides a helper that makes it easy to test if a request can access a particular gateway before sending a request.

<?php

<?php if (can('gate-name')) : ?>
    <a href="do-something">Do something</a>
<?php endif ?>

Empower users

CI Base provides a user management module and roles, when you define a gate, the gate is immediately available to the permissions when you create a new role.

You can see them at http://yourproject.com/users/roles/create, and select type as "option".