What is the correct way to implement Auth/ACL in MVC?

Posted by WiseStrawberry on Programmers See other posts from Programmers or by WiseStrawberry
Published on 2012-07-09T15:21:02Z Indexed on 2012/09/08 15:49 UTC
Read the original article Hit count: 205

I am looking into making a correctly laid out MVC Auth/ACL system. I think I want the authentication of a user (and the session handling) to be separate from the ACL system. (I don't know why but this seems a good idea from the things I've read.)

What does MVC have to do with this question you ask? Because I wish for the application to be well integrated with my ACL. An example of a controller (CodeIgniter):

<?php
class forums extends MX_Controller
{
    $allowed = array('users', 'admin');
    $need_login = true;

        function __construct()
        {
        //example of checking if logged in.
            if($this->auth->logged_in() && $this->auth->is_admin())
        {
            echo "you're logged in!";
        }
    }
    public function add_topic()
    {
        if($this->auth->allowed('add_topic')
        {
            //some add topic things.
        }
        else
        {
            echo 'not allowed to add topic';
        }
    }
}
?>

My thoughts

$this->auth would be autoloaded in the system. I would like to check the $allowed array against the user currently (not) logged in and react accordingly.

Is this a good way of doing things? I haven't seen much literature on MVC integration and Auth. I want to make things as easy as possible.

© Programmers or respective owner

Related posts about php

Related posts about object-oriented