├── README.md
└── acl.php


/README.md:
--------------------------------------------------------------------------------
 1 | CodeIgniter-ACL-Hook
 2 | ====================
 3 | 
 4 | A simple to use ACL for CodeIgniter
 5 | 
 6 | Introduction
 7 | ------------
 8 | 
 9 | CodeIgniter is a great PHP-Framework with a lot of features.
10 | However it does not provide a ACL from ground up.
11 | 
12 | ACL
13 | ---
14 | 
15 | An ACL, short for Access Control List, is simple and easy maintainable way of controlling permissions.
16 | 
17 | This ACL is based on the `post_controller_constructor` hook of CodeIgniter.
18 | 
19 | Installation
20 | ------------
21 | 
22 | * Download the hook acl.php
23 | * Place the file into application/hooks
24 | * Open the main config file and change `$config['enable_hooks'] = FALSE; to $config['enable_hooks'] = TRUE;`
25 | * Hook the acl class into the system by editing `application/config/hooks.php`
26 | 
27 | 		$hook['post_controller_constructor'] = array(
28 | 						'class' => 'ACL',
29 | 						'function' => 'auth',
30 | 						'filename' => 'acl.php',
31 | 						'filepath' => 'hooks'
32 | 		);
33 | 
34 | 
35 | * Now you just need to add your rules:
36 | 	In the contstructor of the class:
37 | 
38 | 		$this->role_field = 'role_id';
39 | 		
40 | 	This is the name of field in the session which indicates the role id of the user
41 | 	
42 | 	Now you can add rules like this:
43 | 	
44 | 		$this->perms[<ROLE_ID>][<CONTROLLER>][<METHOD>] = true;
45 | 		
46 | 	The first array is setting the rule for the role id. The next two values are defining the controller and method.
47 | 		
48 | 		$this->perms[2]['admin']['index'] = true;
49 | 		
50 | 	This for example will allow everyone with the `role_id 2` to access `BASE_URL/admin(/index)`
51 | 
52 | * Please make sure, that you need a need a field in your session with the role id!
53 | * Note that role id `0` is reserved for guests!
54 | * Inheritance is **NOT** supportet at this point in time!
55 | 	
56 | TODO
57 | ----
58 | 
59 | A good way to control redirect.
60 | 


--------------------------------------------------------------------------------
/acl.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * This class will be called by the post_controller_constructor hook and act as ACL
  4 |  * 
  5 |  * @author ChristianGaertner
  6 |  */
  7 | class ACL {
  8 |     
  9 |     /**
 10 |      * Array to hold the rules
 11 |      * Keys are the role_id and values arrays
 12 |      * In this second level arrays the key is the controller and value an array with key method and value boolean
 13 |      * @var Array 
 14 |      */
 15 |     private static $perms;
 16 |     /**
 17 |      * The field name, which holds the role_id
 18 |      * @var string 
 19 |      */
 20 |     private static $role_field;
 21 |     /**
 22 |      * Contstruct in order to set rules
 23 |      * @author ChristianGaertner
 24 |      */
 25 |     public function __construct() {
 26 |         $this->role_field = 'role_id';
 27 |         
 28 | 
 29 |         
 30 |         $this->perms[0]['home']['index']        = true;
 31 |         $this->perms[0]['home']['about']        = true;
 32 |         $this->perms[1]['user']['dashboard']    = true;
 33 |         $this->perms[1]['user']['edit']         = true;
 34 |         $this->perms[1]['user']['show']         = true;
 35 |         $this->perms[2]['admin']['dashboard']   = true;
 36 |         $this->perms[3]['admin']['settings']    = true;
 37 |     }
 38 |     /**
 39 |      * The main method, determines if the a user is allowed to view a site
 40 |      * @author ChristianGaertner
 41 |      * @return boolean
 42 |      */
 43 |     public function auth()
 44 |     {
 45 |         $CI =& get_instance();
 46 |         
 47 |         if (!isset($CI->session))
 48 |         { # Sessions are not loaded
 49 |             $CI->load->library('session');
 50 |         }
 51 |         
 52 |         if (!isset($CI->router))
 53 |         { # Router is not loaded
 54 |             $CI->load->library('router');
 55 |         }
 56 |         
 57 |         
 58 |         $class = $CI->router->fetch_class();
 59 |         $method = $CI->router->fetch_method();
 60 | 
 61 |         // Is rule defined?
 62 |         $is_ruled = false;
 63 | 
 64 |         foreach ($this->perms as $role)
 65 |         { # Loop through all rules
 66 | 
 67 |             if (isset($role[$class][$method]))
 68 |             { # For this role exists a rule for this route
 69 |                 $is_ruled = true;
 70 |             }
 71 | 
 72 |         }
 73 | 
 74 |         if (!$is_ruled)
 75 |         { # No rule defined for this route
 76 |             // ignording the ACL
 77 |             return;
 78 |         }
 79 | 
 80 |         
 81 |         
 82 |         if ($CI->session->userdata($this->role_field))
 83 |         { # Role_ID successfully determined ==> User is logged in
 84 |             if ($this->perms[$CI->session->userdata($this->role_field)][$class][$method])
 85 |             { # The user is allowed to enter the site
 86 |                 return true;
 87 |             }
 88 |             else
 89 |             { # The user does not have permissions
 90 |                 $CI->error->show(403);
 91 |             }
 92 |         }
 93 |         else
 94 |         { # not logged in
 95 |             if ($this->perms[0][$class][$method])
 96 |             { # The user is allowed to enter the site
 97 |                 return true;
 98 |             }
 99 |             else
100 |             { # The user does not have permissions
101 |                 $CI->error->show(403);
102 |             }
103 |         }
104 | 
105 |         
106 |         
107 |     }
108 | }
109 | 


--------------------------------------------------------------------------------