/** * @param $user * */ protected static function set_rules($user) { // Always get again the rules // To comment if rules should be placed in session // (will need logout / login) to set new rules. // self::on_logout(); // Rules : From Session if (self::$session->userdata('authority_rules')) { $rules = self::$session->userdata('authority_rules'); } else { // Models self::$ci->load->model(array('role_model', 'rule_model'), '', TRUE); // Roles rules $rules = self::$ci->rule_model->get_from_role($user->get_role()); // To Session self::$session->set_userdata('authority_rules', $rules); } // Check for Super Admin role foreach ($rules as $rule) { if ($rule['resource'] == 'all') { self::$has_all = TRUE; Authority::allow('manage', 'all'); break; } } // Other role if (!self::$has_all) { foreach ($rules as $rule) { // Read action $rule['permission'] == 1 ? Authority::allow('access', $rule['resource']) : Authority::deny('access', $rule['resource']); // Other actions if (!empty($rule['actions'])) { $actions = explode(',', $rule['actions']); foreach ($actions as $action) { $rule['permission'] == 1 ? Authority::allow($action, $rule['resource']) : Authority::deny($action, $rule['resource']); } } } } }