Developing (v7+)

User Management, Security and Access Control

Permalink May 09, 2012 at 11:04 PM

I have a client who is looking to build a security management console.
- Users are created and assigned a role
- then they are assigned to a store or store group
The user role will determine what they can and cannot do - view,edit,delete, edit/delete own, edit/delete all etc.

Has anyone built anything similar? or have any suggestions?

glockops replied on May 10, 2012 at 11:45 pm Permalink Reply

I could never figure out task permissions (and the documentation is really lacking in that area) so I built a single page that has a function can_action($task) which sort of does this.

If you're talking about a single page approach, then the following might help - all this stuff is in the single page's controller file (again, task permissions are probably what you want... so if you can figure that out then it'd be a better solution).

In each action I have an if statement. If it fails then I redirect users to some other page. This is all based on User Groups. The following is an example of on_start, but this could be in any function.

<?php
public function on_start() {      
      // Prevent unauthorized users
      if(!$this->can_action('view')) {
         $this->redirect('login');
      }
// Rest of on start function
}

<?php
/**
    * Checks if user has permission to perform an action
    * @params       str      $task      Task handle
    * @return       bool   TRUE/FALSE
    */   
   public function can_action($task = 'undefined') {
       $u = new User();
       $u->refreshUserGroups();
       // Super user gets to do everything.
       if($u->isSuperUser()) {
          return true;
       }
       $g = $u->getUserGroups();
      switch($task) {

Viewing 15 lines of 46 lines. View entire code block.

 
<?php
/**
    * Checks if user has permission to perform an action
    * @params       str      $task      Task handle
    * @return       bool   TRUE/FALSE
    */   
   public function can_action($task = 'undefined') {
       $u = new User();
       $u->refreshUserGroups();
       // Super user gets to do everything.
       if($u->isSuperUser()) {
          return true;
       }
       $g = $u->getUserGroups();
 
      switch($task) {
         case 'view':
         case 'textbook_edit':
         case 'textbook_new':
         case 'textbook_delete':
         case 'textbook_save':
         case 'textbook_email':
            if(count(array_intersect($g,array("Textbook Users","Textbook Administrators","Administrators"))) > 0) {
               return true;
            }
            break;
         case 'app_admin':
         case 'semester_admin':
         case 'view_all_orders':
         case 'textbook_admin':
         case 'export_list':
         case 'textbook_change_owner':
            if(count(array_intersect($g,array("Textbook Administrators","Administrators"))) > 0) {
               return true;
            }
            break;
         case 'semester_delete':
            if(count(array_intersect($g,array("Administrators"))) > 0) {
               return true;
            }
            break;
         case 'undefined':
         default:
            return false;
            break;   
      }
   } ?>

aprobert replied on May 10, 2012 at 11:52 pm Permalink Reply

Perhaps your looking for more than what it appears from your question, but enabling advanced permissions allows you to easily define who has permission to view, edit, and delete specific pages and even specific blocks on pages.

Forums

Developing (v7+)

User Management, Security and Access Control

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?