Good afternoon, I would like to know if there is a more practical solution to my problem.
Each user has a different permission, characterized by a_id permission in the users table that is correlated with an id in the permission table.
Is there a more practical way of verifying user permission on multiple methods without having to work with IF / ELSE? For each unique method of each permission, I need to set these conditions so that other users can not access the method.
Thank you!
You can use the hooks of the codeigniter below an example
function restrict() {
//Instância do CodeIgniter
$ci = & get_instance();
//Método atual, pega da url
$method = $ci->router->fetch_class().'/'.$ci->router->fetch_method();
//Métodos protegidos, aqui você especifica as funções protegidas
$protegidos = ['funcao/index','funcao/inserir','funcao/editar',
'funcao/atualizar','funcao/deletar','funcao/pesquisar','funcao/exports'];
//Array gerado pelo seu algotitmo de "login" e gravado na SESSION
$usuario_logado = $ci->session->userdata('usuario_logado');
if (in_array($method, $protegidos)) {//Verificando se o método é protegido
if ($usuario_logado['cargo']!='admin') {//Verificando nivel de permissao do usuario
$ci->session->set_flashdata('alert', 'Voçe nao possui privilegios');
//Aqui vc tb pode criar um aviso pro usuário saber o motivo do comportamento da aplicação
?>
<script>
alert('você nao possui autorização');
</script>
<?php
$var = "<script>javascript:history.back(-2)</script>";
echo $var;
}
}
}
?>
You can create multiple hooks in each of them by protecting their functions and giving access as per user's permission.