Last week, I wrote blog about RBAC architecture in phpBricks (http://tinyurl.com/rbac1). Today, I am going to give little snapshots about coding implementation. As you already know, RBAC is a component, but it is special provisioned component which works with core phpBricks. There is quick option which tells whether to apply RBAC or not. If you decide to apply RBAC set code in configuration like:
define('_RBAC', 1);
When RBAC is applied, an instance of RBAC is available in controller and views, but not in model classes. RBAC is not relevant in model because models are not supposed to contain any business logic. It is very much important to understand how each function is accessed to understand how RBAC determine authenticity. Each resource (or function) is identified with set of parameters, called CMA. Suppose you want to see list of users, that means calling index method of users. For that CMA parameter looks like (‘c’=>’user’, ‘m’=>’users’, ‘a’=>’index’).
In RBAC, permissions are assigned to roles not to users. Users inherit permission from their roles. So checking permission is done with combination of provided CMA parameters and roles. There is function called isPermission which takes 5 parameters. First three are CMA, fourth is primary_key (for advance business rule), and fifth is roles. Last two are optional.
For example, if you want to check that whether current loged in user has permission to see list of users or not:
if($this->Auth->isPermission('user','users','index'))
{
// code to list users
}
else
{
// sorry permission denied.
}
This works from view and controller.
Roles of user is collected at time of login and stored in session, which is available in $_SESSION['__userroles']. So if you don’t pass roles parameter, phpBricks suppose current user. Now your turn to think how do you check permission of a users who is not loged in.
———-
This blog is intended to alpha users of phpBricks. Thank you guys, you are source of energy. Thanks for suggestion, exceptions.
