correct way to implement auth/acl in mvc
- by WiseStrawberry
I am looking into making a correctly laid out MVC auth/acl system. I think I want the authentication of a user (and the session handling) to be seperate from the ACL system. (I don't know why but this seems a good idea from the things I've read)
What does mvc have to do with this question you ask? Because I wish for the application to be well integrated with my acl. An example of a controller (CodeIgniter)
<?php
class forums extends MX_Controller
{
$allowed = array('users', 'admin');
$need_login = true;
function __construct()
{
//example of checking if logged in.
if($this->auth->logged_in() && $this->auth->is_admin())
{
echo "you're logged in!";
}
}
public function add_topic()
{
if($this->auth->allowed('add_topic')
{
//some add topic things.
}
else
{
echo 'not allowed to add topic';
}
}
}
?>
My thoughts
$this->auth would be autoloaded in the system. I would like to check the $allowed array against the user currently (not) logged in and react accordingly.
Is this a good way of doing things? I haven't seen much literature on mvc integration and auth. I want to make things as easy as possible.
