TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
Roles for different models
  • Hi all! problem: I have an unknown number of system users(for example 'user', 'community', 'model1', 'model2'). I can create posts as every object. But for every object site user have different roles: for 'User' model 'friend', 'owner' for 'Community' model 'member', 'sent request', 'admin' for 'Model1' model 'role1', 'role2' and etc.

    My solution: 1. I've added class ACL(using ORM):

    <?php defined('SYSPATH') or die('No direct script access.');

    /** * Acl Class(Using ORM Model) */

    class Acl extends ORM{

    //Public Role(Auto-check after model is loaded)
    
    public $role;
    
    //Actions(Set all values in Model and Database)
    
    protected $_actions = array();
    
    //Permissions
    
    protected $_permissions = array();
    
    //Check role and set permissions after model is loaded
    
    protected function _load_values(array $values){
        parent::_load_values($values);  
    
        if($this->loaded()){
    
            //if model loaded check role
            $this->role = $this->get_role();
    
            //check permissions
            foreach($this->_actions as $action){
                $index = $this->__get($action);
                if(in_array($this->role, $this->_presets[$index])){
                    $this->_permissions[$action] = TRUE;
                }else{
                    $this->_permissions[$action] = FALSE;
                }
            }
        }
    }
    
    //Only one parameter
    //returns bool
    
    public function is_allow($action){
        return $this->_permissions[$action];
    }
    
    //Get permissions list
    //returns array('action' => bool)
    
    public function get_permissions(){
        return $this->_permissions;
    }
    

    }

    and ACL for every model:

    <?php defined('SYSPATH') or die('No direct script access.');

    class Model_Acl_Community extends Acl {
    //Roles constants

    const ROLE_NOT_LOGGED   = 0;
    const ROLE_LOGGED       = 1;
    const ROLE_ADMIN        = 2;
    const ROLE_SENT_REQUEST = 3;
    const ROLE_MEMBER       = 4;
    
    protected $_belongs_to = array(
        'community' => array()
    );
    
    //Presets
    
    protected $_presets = array(
        //all users
        0 => array(0, 1, 2, 3, 4),
        //only registered users
        1 => array(1, 2, 3, 4),
        //only members
        2 => array(2, 4),
        //only admins
        3 => array(2),
        //no one
        4 => array()
    );
    
    //Actions List
    
    protected $_actions = array(
        'wall_view',
        'wall_add_post',
        'wall_add_comment',
    );
    
    public function get_role(){
        //checking role and return constant ROLE_* value
        return $role;
    }
    

    }

    I keep settings for every action in DB and in model settings interface edit it like 'Only friends', 'Only admins' and etc. Models have presets for every position and ACL check it.

    How it works:

    When I need to check permissions for Community wall: 1. ORM::factory('Community', $id)->acl->is_allow('add_post'); ACL takes all actions list from DB and check preset. If role in array returns TRUE

    When I need to check my role for Community: 1. ORM::factory('Community', $id)->acl->role;

    what do u think about it? Maybe I've missed something out of sight?