Permission Class

Masood Rehman edited this page Dec 15, 2015 · 14 revisions
Clone this wiki locally

Category:Libraries:Permissions

This class is a basic attempt at a permission system for CI. Basically keys are stored in a database and retrieved based on a groupID which is stored in a session and usually attached to a user. Once the keys have been handed out to a logged in user, IF statements then decide whether or not a user has access to parts of a view file, individual controllers or even a whole controller.

To see this class in action, view the screencast here.

How does it work?

Create a file in your libraries file called Permission.php and then copy the code below in to this file.

Then in your controller you can use the example code below to control permissions for a user.

What about the database?

The SQL is at the bottom of the page. You will need this.

Library


<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
*    Permission Class
*    COPYRIGHT (C) 2008-2009 Haloweb Ltd
*    http://www.haloweb.co.uk/blog/
*
*    Version:    0.9.1
*    Wiki:       http://codeigniter.com/wiki/Permission_Class/
*
*    Description:
*    The Permission class uses keys in a session to allow or disallow functions
*    or areas of a site. The keys are stored in a database and this class adds 
*    and/or takes them away. The use of IF statements are required within
*    controllers and views, please see wiki for code.
*
*    Permission is hereby granted, free of charge, to any person obtaining a copy
*    of this software and associated documentation files (the "Software"), to deal
*    in the Software without restriction, including without limitation the rights
*    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
*    copies of the Software, and to permit persons to whom the Software is
*    furnished to do so, subject to the following conditions:
* 
*    The above copyright notice and this permission notice shall be included in
*    all copies or substantial portions of the Software.
* 
*    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
*    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
*    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
*    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
*    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
*    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
*    THE SOFTWARE.
**/

class Permission {

    // init vars
    var $CI;                        // CI instance
    var $where = array();
    var $set = array();
    var $required = array();

    function Permission()
    {
        // init vars
        $this->CI =& get_instance();

        // set groupID from session (if set)
        $this->groupID = ($this->CI->session->userdata('groupID')) ? $this->CI->session->userdata('groupID') : 0;
    }

    // get permissions from for this group
    function get_user_permissions($groupID)
    {
        // grab keys Update
        /*
        $this->CI->db->select('key');
        $this->CI->db->join('permissions', 'permissions.permissionID = permission_map.permissionID');

        // get groups
        $this->CI->db->where('groupID', $groupID);
        */

        $this->CI->db->select('key');
        $this->CI->db->from('permissions');
        $this->CI->db->join('permission_map', 'permission_map.permissionID = permissions.permissionID');
        $this->CI->db->where('groupID', $groupID);
        // get groups
        $query = $this->CI->db->get();
        // set permissions array and return
        if ($query->num_rows())
        {
            foreach ($query->result_array() as $row)
            {
                $permissions[] = $row['key'];
            }

            return $permissions;
        }
        else
        {
            return false;
        }
    }

    // get all permissions, or permissions from a group for the purposes of listing them in a form
    function get_permissions($groupID = '')
    {
        // select
        $this->CI->db->select('DISTINCT(category)');

        // if groupID is set get on that groupID
        if ($groupID)
        {
            $this->CI->db->where_in('key', $this->get_user_permissions($groupID));
        }

        // order
        $this->CI->db->order_by('category');

        // return
        $query = $this->CI->db->get('permissions');

        if ($query->num_rows())
        {
            $result = $query->result_array();

            foreach($result as $row)
            {
                if ($cat_perms = $this->get_perms_from_cat($row['category']))
                {
                    $permissions[$row['category']] = $cat_perms;
                }
                else
                {
                    $permissions[$row['category']] = 'N/A';
                }
            }
            return $permissions;
        }
        else
        {
            return false;
        }
    }    

    // get permissions from a category name, for the purposes of showing permissions inside a category
    function get_perms_from_cat($category = '')
    {
        // where
        if ($category)
        {
            $this->CI->db->where('category', $category);
        }    

        // return
        $query = $this->CI->db->get('permissions');

        if ($query->num_rows())
        {    
            return $query->result_array();
        }
        else
        {
            return false;
        }
    }

    // get the map of keys from a group ID
    function get_permission_map($groupID)
    {
        // grab keys
        $this->CI->db->select('permissionID');

        // where
        $this->CI->db->where('groupID', $groupID);

        // return
        $query = $this->CI->db->get('permission_map');

        if ($query->num_rows())
        {
            return $query->result_array();
        }
        else
        {
            return false;
        }
    }

    // get the groups, for the purposes of displaying them in a form
    function get_groups()
    {
        // where
        $this->CI->db->where('siteID', $this->siteID);

        // return
        $query = $this->CI->db->get('permission_groups');

        if ($query->num_rows())
        {
            return $query->result_array();
        }
        else
        {
            return false;
        }
    }

    // add permissions to a group, each permission must have an input name of "perm1", or "perm2" etc
    function add_permissions($groupID)
    {
        // delete all permissions on this groupID first
        $this->CI->db->where('groupID', $groupID);
        $this->CI->db->delete('permission_map');

        // get post
        $post = $this->CI->easysite->get_post();
        foreach ($post as $key => $value)
        {
            if (preg_match('/^perm([0-9]+)/i', $key, $matches))
            {
                $this->CI->db->set('groupID', $groupID);
                $this->CI->db->set('permissionID', $matches[1]);
                $this->CI->db->insert('permission_map');
            }
        }

        return true;
    }

    // a group to the permission groups table
    function add_group($groupName = '')
    {
        if ($groupName)
        {
            $this->CI->db->set('groupName', $groupName);
            $this->CI->db->insert('permission_groups');

            return $this->CI->db->insert_id();
        }
        else
        {
            return false;
        }
    }    

}

Example Controller


class Example extends Controller {

    // set defaults
    var $permissions = array();

    function Example()
    {
        parent::Controller();

        //  load libs
        $this->load->library('permission');

        // set groupID
        $groupID = ($this->session->userdata('groupID')) ? $this->session->userdata('groupID') : 0;

        // get permissions and show error if they don't have any permissions at all
        if (!$this->permissions = $this->permission->get_user_permissions($groupID))
        {
            show_error('You do not have any permissions!');
        }
    }

    function index()
    {
        // show error if they dont have access to this page
        if (!in_array('access_to_index', $this->permissions))
        {
            show_error('You do not have access to this page!');
        }

        // they got in...
        echo 'hello!'
    }

    function add_permissions()
    {
        // in view file, make sure you have a post with name "permX" and a value of 1, X would be the ID of the permission in the database

        // set groupID
        $groupID = 1;

        // example of how you would add permissions 
        $this->permission->add_permissions($groupID);

    }


}

SQL




# Dump of table permission_groups
# ------------------------------------------------------------

CREATE TABLE `permission_groups` (
  `groupID` int(11) NOT NULL auto_increment,
  `groupName` varchar(200) default NULL,
  PRIMARY KEY  (`groupID`)
) ENGINE=MyISAM AUTO_INCREMENT=42 DEFAULT CHARSET=latin1;



# Dump of table permission_map
# ------------------------------------------------------------

CREATE TABLE `permission_map` (
  `groupID` int(11) NOT NULL default '0',
  `permissionID` int(11) NOT NULL default '0',
  PRIMARY KEY  (`groupID`,`permissionID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;



# Dump of table permissions
# ------------------------------------------------------------

CREATE TABLE `permissions` (
  `permissionID` int(11) NOT NULL auto_increment,
  `permission` varchar(200) default NULL,
  `key` varchar(100) default NULL,
  `category` varchar(100) default NULL,
  PRIMARY KEY  (`permissionID`),
  UNIQUE KEY `key` (`key`)
) ENGINE=MyISAM AUTO_INCREMENT=68 DEFAULT CHARSET=latin1;