-
Notifications
You must be signed in to change notification settings - Fork 8
v1.5 Permission in admin controller
To controll permission in admin controller, there are 2 method to do this. One is for controller in /fuel/app/classes/controller (core controller) and Two is for Modules in modules/<module name>/classes/controller (module controller)
You have to specify _define_permission in the admin controller you created.
And use this model/method to check administrator's permission.
if (\Model_AccountLevelPermission::checkAdminPermission('page_name', 'page_action') == false) {
// access denied
}Example:
class Controller_Admin_Post extends \Controller_AdminController
{
public function __construct()
{
// load language for translate in permission page.
\Lang::load('post'); // load lang/<your_lang>/post.php
}
public function _define_permission()
{
return array('post_perm' => array('post_viewall_perm', 'post_write_perm', 'post_any_actions_perm'));
}
public function action_index()
{
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('post_perm', 'post_viewall_perm') == false) {
\Response::redirect(\Uri::create('admin'));// access denied, go to admin dashboard.
}
// start your controller for admin code here.
}
}First is page name (got it from _define_permission array('page_name' => array('..', '..'));)
Second is page actions (got it from _define_permission array('page_name' => array('page_act1', 'page_act2'));).
You can define unlimited actions in one page(controller).
You can check user that logged in with member cookie (log in at front-end.) with this code.
if (\Model_AccountLevelPermission::checkMemberPermission('page_name', 'page_action') == false) {
// access denied
}All parameters are same with checkAdminPermission.
Your module folder structure should be like this
/modules (this maybe in fuel/app/ or wherever you config)
..../<module_name>
......../classes/
............/<module_name>admin.php
......../<module_name>_module.php (This file is for enter metadata to read in admin page)
These 2 files are required.
<module_name>_module.php is for enter metadata for your module just like module name and author name.
<module_name>admin.php is for define permissions and generate auto admin navigation bar menu.
Open your <module_name>admin.php file, this file should have module name as namespace and has _define_permission method.
From this example, your module name is blog.
Example
namespace Blog;
class BlogAdmin
{
public function __construct()
{
// load language
\Lang::load('blog::blog');// this is load language in module style, and this load language will be used in permission setting page.
}// __construct
public function _define_permission()
{
return array(
'blog_page_perm' => array('blog_act1_perm', 'blog_act2_perm'),
'blog_comment_page_perm' => array('blog_comment_act1_perm', 'blog_comment_act2_perm')
);
}
}Now if you want to check admin permission, you can do as same as you did in Core controller
Example:
if (\Model_AccountLevelPermission::checkAdminPermission('blog_page_perm', 'blog_act1_perm') == false) {
\Response::redirect(\Uri::create('admin'));// access denied, go to admin dashboard.
}Or you can check user that logged in with member cookie (log in at front-end) by change checkAdminPermission to checkMemberPermission.
Example:
if (\Model_AccountLevelPermission::checkMemberPermission('blog_page_perm', 'blog_act1_perm') == false) {
\Response::redirect(\Uri::create('blog'));// access denied, go to blog index.
}To set permissions for each roles, go to Users roles and permissions > Roles and permissions > Permissions for roles menu.
Tick permission you want. and click on Save button at bottom.
To set user's permission, go to Users roles and permissions > Roles and permissions > Permissions for users
Find the user you want in text box on the right above the table.
Tick permission you want. and click on Save button at bottom.
The checkAdminPermission and checkMemberPermission will be check for role's permission first, then check user's permission. So, you do not have to worry or write the code twice to check role and user's permission.