⚠ In case you've missed it, we have migrated to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This is an archived forum. ⚠

  •     

profile picture

Grocery Crud Access Level

Started by , 24 October 2013 - 12:22 PM


Ankit Agarwal
  • profile picture
  • Member

Posted 24 October 2013 - 12:22 PM

I am trying to create admin module with Grocery Crud and i have various privilege level.for eg. say two level 'A' and level 'B' .A can do all the things like add and all but B can only view the records.So its there a way to implement this.

PS:In example i have given two levels but actually i have four level and each level has different access in different tables.

 

Thanks


Woz_Mann
  • profile picture
  • Member

Posted 25 October 2013 - 01:41 AM

Have a look at Ion_Auth, there are some posts in here that may be of assistance directly with Ion_auth using groups.


Amit Shah
  • profile picture
  • Member

Posted 28 October 2013 - 09:18 AM

Hello Ankit Agarwal

 

Welcome to GC Forums,

 

Nice questions ... and there truely are solutions based on this. Yes .. it is good to use ION Auth .. but no worries you can continue with your own authentication system u are comfirtable with. Only thing you need to be able to manage is the user group ... / level whatever you say.

 

There are 2 levels of restrictions you talk about. 1 - is at the complete acceibility of a functionality for a specific user level ..

and 2 - partial access (like read only) to a specific user level.

 

Now both have separate ways of being dealt with

 

1 - for restriction with type 1 -  it will be good to go with something like a hook (post_controller_constructor) where you can check in the user authentication 1st.. second check his level .. and base on his level .. whether he has access to that area or not.

By this - u get where the user is going for an access

        $class = $CI->router->class;
        $action = $CI->router->method;

....Well an instance of my own code - where i had built a user permissions library and was checking if this is the class and this is the action.. does user have the permission  or not

        if($class == "feeds") {
            //Check the permission whether the user have access to Edit Feeds
            if($action == "edit" || $action == "update") {
                if(!$CI->user_permissions->canPerform($CI->user_permissions->PERMISSION_EDIT_CASE)){
                    show_error("You are not authorized to perform the mentioned action.");
                }
                $CI->activitylogger->logActivity();
            }
        }

This way will have an awesome - 1 point solution for your access control ....

 

Now 2nd one - what we look out is partial one...

Now here in the controller you have to deal with the same

 

if(user level is so and so)

if level has permission to edit .... (No) - $crud->unset_edit()

if level has permission to delete .... (No) - $crud->unset_delete()

 

No worries - GC is written smartly enough that if you @code level have said unset edit and even if user tries to access that section using URL directly - he will get a kick on his BUTT :D he wont be able to do it...

 

Happy GCing ... and CHILL Out...