Thread

I’m pretty new to Auth libraries, actually to CodeIgniter as well. I’m currently in the early stages of using DX Auth for a project and I think it’s really nice.

I currently have one question though. I have a small area on every page (a block) where people can enter their credentials to log in. When logged in, instead of displaying a login form, this area now displays some links to their user control panel (similar to this forum as well as 5 billion other websites).

Is there a way in a view to check wether someone is logged in or not? DX Auth provides a function is_logged_in() which returns FALSE/TRUE, but this can only be used in the controller (as far as I know). At the moment, I have to check in every function of every controller wether a user is logged in, and thus load the appropiate view…there must be a more efficient way?

Finally, I’d just like to say: great work, dexwell!

Hello,
Nice library and is good that CL Auth has a successor.
I prefer that the tables follows the DataMapper model cos will help me to code faster the control panel.
As for the “check_role_uri” the only problem of mine is that it checks the table each time is accessed. Maybe caching the results is consuming too much memory.
Like other users here I’ve tried to develop a similar library but you were so good and fast that I abandoned the idea. The only thing I propose is to develop add-ins for this library.
The library can contain in a way or another groups and roles. The add-ins can offer functions to treat those groups and/or roles.
As ex. I’m trying to implement an approach to RBAC library in manner closer to CI, but with flexibility for other ideas. Using DX Auth as a authentication library we can develop different styles of authorization: unique group, multiple groups, unique role, multiple roles, combination of previous, etc (have any other ideas?).
What I want to make is a more flexible way to set the “role_uri” keeping all the structure in the database (I need to keep there another record of the level of the user: owner, manager, supervisor - can see or change data accordingly). That renders a very easy to use control panel but a lot of pain in getting the rules for the roles in the case I’ll try to describe below.
I wrote here to have some “consultancy” on making multiple roles for one users and role inheritance.
As ex a user could have 2 roles (or more) and at least one of the roles inherits from another (or maybe from the one the user has already). Some restrictions could be set when we are allocating the roles (the user can have only one role from the main and inherited list). Also, for some roles (with no relation between them) we can have different levels of access.
Yes, I know, complicated.

Paul

PS: i don’t like “is_admin” cos what I want to try is that when rule is not set will inherit the right from the superior one (like in “role_uri”) and for the role “Admin” I can set only a simple rule “/”. The access to the page could be managed by the authentication.

EDIT: Maybe we can consider no inheritance between roles and add a feature to clone a certain role in CP?

Thanks you for reply,
Unfortunately, i cannot change the database table design to follow datamapper since it’s
very different (need exclusive table for foreign key, but of course you can port it). As for ORM, you may want to see Ignited record, it’s also very good, and the author is very great at support. You can use Ignited record right away with DX Auth library.

In next release (which i already finished it, only the documentation haven’t)

I’m sorry to telling you this right now,
role_uri will be not supported by next version.

Instead, it changed into permissions table, so it’s more powerful, you can add your custom permission there, and of course ‘uri permission’ checking function is built in. So basically it’s the same with role_uri table, but it’s just not restricted to URI anymore.

And also, role will have inheritance feature.
User can only have one role, but you can also check parent role permissions.

Then, to check permission you can use (next version)

/*
    Get permission value from specified key.
    Call this function only when user is logged in already.
    $key is permission array key (Note: permissions is saved as array in table).
    if $check_parent is TRUE then it will check role_id parent if permission is not found in current logged in role_id
    Returning value if permission found, otherwise returning NULL
*/
function get_permission($key, $check_parent = TRUE)

// Get permission
$allow_edit = $this->dx_auth->get_permission('edit');
// This will check if current logged in user have permission edit or not
if ($allow_edit ! = NULL)
  // Is allowed ?
  if ($allow_edit)
  {
    // do edit
  }
}

Alternative function, if you want to get all permissions.

/*
    Get permission value from specified key.
    Call this function only when user is logged in already.
    This will get current logged in user role_id, and it's parents permissions.
    
    Function returning an array. 
    $array_key = 'default'. Array ordered using 0, 1, 2, etc as array key.
    $array_key = 'role_id'. Array ordered using role_id as array key.
    $array_key = 'role_name'. Array ordered using role_name as array key.
*/
function get_permissions($key, $array_key = 'default')

is_admin() function will be preserved as now you see we are using completely different permissions table.

New function to check URI permissions is

using $this->dx_auth->check_uri_permissions()

This will have same effect with check_role_uri() function, but it’s used for new permissions table.

And this time, the result is cached.

No problem that’s what’s testing is for.
BTW you should update the link with a new version with the fixed loads

If I recall right it’s in the library and one in each example
It’s kinda bad when the example dosnt work right away LOL

Yes, i’m gonna upload it the fixed file name, after i finished writing the docs for next version.

I’m pretty new to Auth libraries, actually to CodeIgniter as well. I’m currently in the early stages of using DX Auth for a project and I think it’s really nice.

I currently have one question though. I have a small area on every page (a block) where people can enter their credentials to log in. When logged in, instead of displaying a login form, this area now displays some links to their user control panel (similar to this forum as well as 5 billion other websites).

Is there a way in a view to check wether someone is logged in or not? DX Auth provides a function is_logged_in() which returns FALSE/TRUE, but this can only be used in the controller (as far as I know). At the moment, I have to check in every function of every controller wether a user is logged in, and thus load the appropiate view…there must be a more efficient way?

Finally, I’d just like to say: great work, dexwell!

You can also use is_logged_in() in view, then change part of your website accordingly.

Thanks for your answer.
The idea was not to reject what you already done. It’s wonderful. The idea was that other people can develop alternatives, to the features, which can be plugged to your library.
I prefer a different approach because I need such approach, or maybe not, I’m waiting to see last version of your library.
“is_admin” is a nice function for some projects. Preserve it. What I exposed is another vision over what can be developed near your library and a request for a chat over what I want to implement, especially on some ideas to optimize the code.
Instead of developing again and again same main functionality we can use part of the functionality (authorization, roles, etc) and make alternatives to features.
Thank you for this library dexcell.

You can also use is_logged_in() in view, then change part of your website accordingly.

Doh! Sorry, my bad. Didn’t have the library load correctly. Thanks for the quick response. 😊

Thanks for your answer.
The idea was not to reject what you already done. It’s wonderful. The idea was that other people can develop alternatives, to the features, which can be plugged to your library.
I prefer a different approach because I need such approach, or maybe not, I’m waiting to see last version of your library.
“is_admin” is a nice function for some projects. Preserve it. What I exposed is another vision over what can be developed near your library and a request for a chat over what I want to implement, especially on some ideas to optimize the code.
Instead of developing again and again same main functionality we can use part of the functionality (authorization, roles, etc) and make alternatives to features.
Thank you for this library dexcell.

I’m sitting in the same boat I need support for multiple groups to a user without the inheritance like this
I deal with subscribers and have diffrent sections of the site
I need to give access to depending on the subscriptions
And those suns only last for so long….

Thanks for your answer.
The idea was not to reject what you already done. It’s wonderful. The idea was that other people can develop alternatives, to the features, which can be plugged to your library.
I prefer a different approach because I need such approach, or maybe not, I’m waiting to see last version of your library.
“is_admin” is a nice function for some projects. Preserve it. What I exposed is another vision over what can be developed near your library and a request for a chat over what I want to implement, especially on some ideas to optimize the code.
Instead of developing again and again same main functionality we can use part of the functionality (authorization, roles, etc) and make alternatives to features.
Thank you for this library dexcell.

Thanks i’ve got your idea. let’s discuss how we can improve the code, or add the plugins after i release the next version.

I’m sitting in the same boat I need support for multiple groups to a user without the inheritance like this
I deal with subscribers and have diffrent sections of the site
I need to give access to depending on the subscriptions
And those suns only last for so long….

For your case, i believe it is possible with inheritance. But i may be wrong.

For example in URI access:

User
{
'main_site'
'help'
}

Subscriber: User
{
'subscriber_page'
}

Power_Subscriber: Subscriber
{
'power_subscriber'
}

Max_Subscriber: Subscriber
{
'max_subscriber'
}

Meaning, Power_Subscriber has access to Subscriber and User URI, but cannot access Max_Subscriber URI.

While, Subscriber cannot access Power_Subscriber and Max_Subscriber URI, but can access User URI.

Nope,

Its not possible… Becuase the way I have it setup there may be diffrent subscription groups.

Where you could have a sub to videos and another sub to photos and they wont overlap anywhere.
This is more of what im talking about…

Actually better yet,

Think of this as in an consultant and two companies.

The consultant can belong to both companies however the only way the companies are related are by the consultant. This is where you inheritance structure breaks down.

was this built with codeigniter 1.7? Or does it use the old libraries and helpers to make it work?

Very through documentation though impressed me a lot

was this built with codeigniter 1.7? Or does it use the old libraries and helpers to make it work?

Very through documentation though impressed me a lot

Yes, no, yes

It uses the url and html helpers, and you also need to change the library file to included DX_Auth_Event instead of dx_auth_event. and then in the example controllers make it DX_Auth instead of dx_auth

sweet

cheers

does it use the new form validation class? I suppose that comes down to the user making the forms though

Not sure if I get what you’re trying to achieve but how about:

>  A role_id field in the users table that allows for one role to be set (just like it is now. this is like a master permission)

>  Then, a groups table with two fields, user_id and a group_id (these are sub permissions; can be more than one)

So for the area you want to restrict just query the db or retrieve from session and if it finds at least one match for the area code or group you want to restrict to, it allows the user through.

That way you can stack various groups.

You could give the person a ‘User’ role and ‘Forum’, ‘Blog’, ‘Downloads’ groups (each group giving him a certain access or status)

Yes? No?

Could work… You have access to the building with the role_id and then with the groups you get diffrent keys to all the rooms you can get into