What is the correct way to implement Auth/ACL in MVC?
Posted
by
WiseStrawberry
on Programmers
See other posts from Programmers
or by WiseStrawberry
Published on 2012-07-09T15:21:02Z
Indexed on
2012/09/08
15:49 UTC
Read the original article
Hit count: 205
I am looking into making a correctly laid out MVC Auth/ACL system. I think I want the authentication of a user (and the session handling) to be separate from the ACL system. (I don't know why but this seems a good idea from the things I've read.)
What does MVC have to do with this question you ask? Because I wish for the application to be well integrated with my ACL. An example of a controller (CodeIgniter):
<?php
class forums extends MX_Controller
{
$allowed = array('users', 'admin');
$need_login = true;
function __construct()
{
//example of checking if logged in.
if($this->auth->logged_in() && $this->auth->is_admin())
{
echo "you're logged in!";
}
}
public function add_topic()
{
if($this->auth->allowed('add_topic')
{
//some add topic things.
}
else
{
echo 'not allowed to add topic';
}
}
}
?>
My thoughts
$this->auth
would be autoloaded in the system. I would like to check the $allowed
array against the user currently (not) logged in and react accordingly.
Is this a good way of doing things? I haven't seen much literature on MVC integration and Auth. I want to make things as easy as possible.
© Programmers or respective owner