Codeigniter - Permission Authentication

0

Good afternoon, I would like to know if there is a more practical solution to my problem.

Each user has a different permission, characterized by a_id permission in the users table that is correlated with an id in the permission table.

Is there a more practical way of verifying user permission on multiple methods without having to work with IF / ELSE? For each unique method of each permission, I need to set these conditions so that other users can not access the method.

Thank you!

    
asked by anonymous 08.01.2018 / 16:15

1 answer

0

You can use the hooks of the codeigniter below an example

function restrict() {

 //Instância do CodeIgniter
 $ci = & get_instance();
 //Método atual, pega da url
 $method = $ci->router->fetch_class().'/'.$ci->router->fetch_method();

 //Métodos protegidos, aqui você especifica as funções protegidas
    $protegidos = ['funcao/index','funcao/inserir','funcao/editar', 
    'funcao/atualizar','funcao/deletar','funcao/pesquisar','funcao/exports'];

 //Array gerado pelo seu algotitmo de "login" e gravado na SESSION
    $usuario_logado = $ci->session->userdata('usuario_logado');
    if (in_array($method, $protegidos)) {//Verificando se o método é protegido
        if ($usuario_logado['cargo']!='admin') {//Verificando nivel de permissao do usuario
            $ci->session->set_flashdata('alert', 'Voçe nao possui privilegios');
//Aqui vc tb pode criar um aviso pro usuário saber o motivo do comportamento da aplicação
    ?>

    <script>
      alert('você nao possui autorização');
    </script>

<?php
    $var = "<script>javascript:history.back(-2)</script>";
    echo $var;
    } 
}
}
?>

You can create multiple hooks in each of them by protecting their functions and giving access as per user's permission.

    
09.01.2018 / 11:24