function showPermission($id) { $this->data['status'] = Session::has("status") ? Session::get("status") : FALSE; $this->data['message'] = Session::has("message") ? Session::get("message") : ""; $this->data['id'] = $id; // GET ALL PERMISSION $permissions = Permission::where('group_id', $id)->get()->toArray(); $permissionMap = array(); // GET ALL MODULE $moduleData = Modules::where('group_id', $id)->get()->toArray(); if (!empty($permissions)) { foreach ($permissions as $permission) { $permissionMap[$permission['module_id']][] = $permission; } } if (!empty($moduleData)) { $moduleData = array_column($moduleData, 'name', 'id'); } // GET USER PERMISSION $groupPermissions = Sentry::findGroupById($id)->getPermissions(); $this->data['permissionMap'] = $permissionMap; $this->data['moduleData'] = $moduleData; $this->data['groupPermissions'] = $groupPermissions; if (Request::isMethod('post')) { $this->postPermission($id, $this->data); if ($this->data['status'] === TRUE) { return Redirect::to($this->moduleURL . 'permission/' . $this->data['id']); } } $this->layout->content = View::make('showPermission', $this->data); }
public function run() { $admin = Role::where('name', '=', 'administrator')->first(); $perms = Permission::all(); $admin->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'users manager')->first(); $perms = Permission::where('name', '=', 'manage_users')->orWhere('name', '=', 'delete_users')->get(); $man->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'premium author')->first(); $perms = Permission::where('name', '=', 'manage_premium_casts')->orWhere('name', '=', 'manage_free_casts')->orWhere('name', '=', 'manage_series')->get(); $man->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'author')->first(); $perms = Permission::where('name', '=', 'manage_free_casts')->orWhere('name', '=', 'manage_series')->get(); $man->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'eraser')->first(); $perms = Permission::where('name', '=', 'delete_series')->orWhere('name', '=', 'delete_casts')->get(); $man->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'premium user')->first(); $perms = Permission::where('name', '=', 'view_premium_casts')->orWhere('name', '=', 'view_free_casts')->get(); $man->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'user')->first(); $perms = Permission::where('name', '=', 'view_free_casts')->get(); $man->perms()->sync(array_pluck($perms, 'id')); $man = Role::where('name', '=', 'guest')->first(); $perms = Permission::where('name', '=', 'view_free_casts')->get(); $man->perms()->sync(array_pluck($perms, 'id')); }
/** * Check if a role has a specific permission based on the permission $key * * @param string $key * @param int $role_id * @return bool */ public static function has_permission($key, $role_id) { if (!isset(static::$permission[$key])) { static::$permission[$key] = \Permission::where('permission', '=', $key)->first(array('id')); } $relation = (bool) static::where('role_id', '=', $role_id)->where('permission_id', '=', static::$permission[$key]->id)->first(array('id')); return $relation; }
public static function factory($id = null) { $instance = new Permission(); if (!empty($id)) { $instance->where('id', $id)->get(); } return $instance; }
function permission($module, $action) { $CI =& get_instance(); $permission = new Permission(); $perm = $permission->where("user_type_id = " . $CI->session->userdata('user_type') . " and module = '" . $module . "'")->get(); if ($perm->{$action}) { return TRUE; } else { return FALSE; } }
/** * Reverse the migrations. * * @return void */ public function down() { Schema::table('c_m_p', function (Blueprint $table) { $table->dropForeign('c_m_p_cjenovnik_id_foreign'); $table->dropForeign('c_m_p_mjera_id_foreign'); $table->dropForeign('c_m_p_predmet_id_foreign'); }); Schema::drop('c_m_p'); Schema::drop('cjenovnici'); Permission::where('ime', 'in', array(Permission::PERMISSION_VIEW_CJENOVNIK, Permission::PERMISSION_MANAGE_CJENOVNIK, Permission::PERMISSION_REMOVE_CJENOVNIK))->delete(); }
public function run() { $admin = new Role(); $admin->name = 'Admin'; $admin->save(); $managePages = Permission::where('name', '=', 'manage_pages')->first(); $manageUsers = Permission::where('name', '=', 'manage_users')->first(); $manageSermons = Permission::where('name', '=', 'manage_sermons')->first(); $admin->perms()->sync(array($managePages->id, $manageUsers->id, $manageSermons->id)); $member = new Role(); $member->name = 'Member'; $member->save(); }
public function checkRoute() { if (App::environment() == 'dev') { return true; } $route = Route::currentRouteName(); $user_id = Auth::id(); $permission_object = Permission::where('route', '=', $route)->first(); $permission_id = $permission_object->id; $count = $users = DB::table('permission_user')->where('permission_id', '=', $permission_id)->where('user_id', '=', $user_id)->count(); if ($count > 0) { return true; } else { return false; } }
public function removePermission() { $user_id = Input::get("user"); $permission_id = Input::get("permission"); $user = User::find($user_id); $permission = PermissionDefinition::find($permission_id); if ($user) { if ($permission) { Permission::where(['permission_id' => $permission_id, 'user_id' => $user_id])->delete(); return Redirect::to('/dashboard/storyteller/manage/permissions'); } else { return Response::json(['success' => false, 'message' => 'Invalid permission definition.']); } } else { return Response::json(['success' => false, 'message' => 'Invalid user.']); } }
public function run() { //DB::table('assigned_roles')->delete(); //DB::table('roles')->delete(); $admin = Role::create(array('name' => 'admin')); $student = Role::create(array('name' => 'student')); $teacher = Role::create(array('name' => 'teacher')); $permisos = Permission::all(); foreach ($permisos as $permiso) { $admin->attachPermission($permiso); } $permiso = Permission::where('name', '=', 'crear_examen')->get()->first(); $teacher->attachPermission($permiso); $permiso = Permission::where('name', '=', 'eliminar_examen')->get()->first(); $teacher->attachPermission($permiso); $permiso = Permission::where('name', '=', 'modificar_examen')->get()->first(); $teacher->attachPermission($permiso); $permiso = Permission::where('name', '=', 'realizar_examen')->get()->first(); $student->attachPermission($permiso); $permiso = Permission::where('name', '=', 'ver_resultado_examen')->get()->first(); $student->attachPermission($permiso); }
/** * Update the specified resource in storage. * PUT /roles/{id} * * @param int $id * @return Response */ public function update($id) { $role = Role::findOrFail($id); if ($role) { $perms = Input::get('perms'); $permsToAttach = []; if (Input::has('perms')) { foreach ($perms as $key => $value) { $perm = Permission::where('id', '=', $key)->first(); if ($perm) { array_push($permsToAttach, $perm->id); } } } $role->perms()->sync($permsToAttach); if (Input::has('display_name')) { $role->display_name = Input::get('display_name'); } $role->save(); return Redirect::to('admin/roles')->with(['roles-notice' => 'Role has been updated']); } return Redirect::to('admin/roles')->with(['roles-notice' => 'Error updating role']); }
public function run() { $roles = [['name' => 'Administrator', 'weight' => 3], ['name' => 'Moderator', 'weight' => 2], ['name' => 'User', 'weight' => 1]]; $permissions = [['weight' => '1', 'node' => 'quote.editor', 'description' => 'The ability to use the editor'], ['weight' => '1', 'node' => 'quote.edit', 'description' => 'The ability to edit an existing quote'], ['weight' => '2', 'node' => 'quote.edit.others', 'description' => 'The ability to edit an existing quote that isn\'t yours'], ['weight' => '1', 'node' => 'quote.new', 'description' => 'The ability to create a new quote'], ['weight' => '2', 'node' => 'quote.approve', 'description' => 'The ability to approve a quote'], ['weight' => '2', 'node' => 'quote.deny', 'description' => 'The ability to deny a quote'], ['weight' => '1', 'node' => 'quote.upvote', 'description' => 'The ability to upvote a quote'], ['weight' => '1', 'node' => 'quote.downvote', 'description' => 'The ability to downvote a quote'], ['weight' => '1', 'node' => 'quote.favorite', 'description' => 'The ability to create favorites'], ['weight' => '1', 'node' => 'user.preferences', 'description' => 'The ability to access user preferences'], ['weight' => '3', 'node' => 'site.preferences', 'description' => 'The ability to access site preferences']]; foreach ($permissions as $permission) { $perm = Permission::firstOrNew(['node' => $permission['node']]); $perm->description = $permission['description']; $perm->save(); } foreach ($roles as $r) { $this->command->info('Adding permissions to ' . $r['name']); $role = Role::where('name', $r['name'])->first(); foreach ($permissions as $p) { if ($p['weight'] <= $r['weight']) { $this->command->info('Giving ' . $r['name'] . ' the ' . $p['node'] . ' node'); $permission = Permission::where('node', $p['node'])->first(); if (!$role->permissions->contains($permission->id)) { $role->permissions()->attach($permission); } } } } }
function permission($module, $action, $id = null) { $CI =& get_instance(); $foo = new Permission(); if ($id) { $foobar = $foo->where("user_type_id", $id)->where("module", $module)->get(1); if ($foobar->{$action}) { return TRUE; } else { return FALSE; } } else { if (user()->fd_admin == 1) { return TRUE; } else { $foobar = $foo->where("user_type_id", user()->user_type_id)->where("module", $module)->get(1); if ($foobar->{$action}) { return TRUE; } else { return FALSE; } } } }
/** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy($id) { if (ACL::checkUserPermission('permission.delete') == false) { return Redirect::action('dashboard'); } $permission = Permission::where('id', $id)->find($id); if (!empty($permission)) { $permission->delete(); $messageType = 'success'; $message = 'Permission delete success'; } else { $messageType = 'error'; $message = 'Permission delete failed'; } return Redirect::action('settings.permission')->with($messageType, $message); }
public function getPermission() { $this->getUser(); $this->permission = Permission::where('name', 'TestPermission')->first(); }
public function destroyRbacRules() { $permissions = $this->getPermissionsArray(); $members = GroupMember::where('group_id', '=', $this->id)->get(); $roles = Role::where('name', '=', "group_{$this->id}_owner")->orWhere('name', '=', "group_{$this->id}_editor")->orWhere('name', '=', "group_{$this->id}_staff")->get(); foreach ($roles as $role) { foreach ($members as $member) { $user = User::where('id', '=', $member->user_id)->first(); $user->detachRole($role); } if ($role instanceof Role) { $role->delete(); } } foreach ($permissions as $permData) { $perm = Permission::where('name', '=', $permData['name'])->first(); if ($perm instanceof Permission) { $perm->delete(); } } }
public static function getControllerPermission($controller_id, $controllerAction) { $perm = Permission::where(function ($query) use($controllerAction, $controller_id) { $query->where('controller_type', '=', $controllerAction)->where(function ($query) use($controller_id) { $query->where('controller_id', '=', $controller_id)->orWhere('controller_id', '=', '*'); }); })->orderBy('controller_id', 'desc')->get(); return $perm; }
public function updateRole() { $prevURL = Request::header('referer'); if (!Request::isMethod('post')) { return App::abort(404); } if (Input::has('id')) { try { $role = Role::findorFail((int) Input::get('id')); } catch (Illuminate\Database\Eloquent\ModelNotFoundException $e) { return App::abort(404); } $create = false; $message = 'has been updated successful'; } else { $create = true; $role = new Role(); $message = 'has been added successful'; } $role->name = Input::has('name') ? Input::get('name') : ''; $pass = $role->valid(); if ($pass->passes()) { Permission::generatePermission(); $role->save(); if (Input::has('permission')) { $arrAssignedPermission = []; $arrPermission = Input::get('permission'); foreach ($arrPermission as $controller => $permission) { foreach ($permission as $action => $type) { $currentPerrmission = Permission::select('id')->where('name', 'like', "%{$controller}_{$action}_%")->where('name', '<>', "{$controller}_{$action}_{$type}")->get(); if (!$currentPerrmission->isEmpty()) { $arrId = []; foreach ($currentPerrmission as $id) { $arrId[] = $id->id; } DB::table('permission_role')->where('role_id', $role->id)->whereIn('permission_id', $arrId)->delete(); unset($currentPerrmission, $arrId); } if ($type != 'none') { $permission_id = Permission::where('name', "{$controller}_{$action}_{$type}")->pluck('id'); if (is_null($permission_id)) { continue; } $arrAssignedPermission[] = $permission_id; } } } if (!empty($arrAssignedPermission)) { $role->perms()->sync($arrAssignedPermission); } Cache::tags('menu', 'frontend')->flush(); Cache::tags('menu', 'backend')->flush(); } if (Input::has('continue')) { if ($create) { $prevURL = URL . '/admin/roles/edit-role/' . $role->id; } return Redirect::to($prevURL)->with('flash_success', "<b>{$role->name}</b> {$message}."); } return Redirect::to(URL . '/admin/roles')->with(['flash_success' => "{$role->name} {$message}."]); } return Redirect::to($prevURL)->with(['flash_error' => $pass->messages()->all()])->withInput(); }
public static function byName($permName) { return Permission::where('name', $permName)->firstOrFail(); }
public function getItemPermissions(ItemContract $item) { // TODO: Implement getItemPermissions() method. return Permission::where('item_type', $item->getType())->where('item_id', $item->getId())->get(); }
public function save($id) { if ($_POST) { $variable = new Permission(); $variable->where("user_type_id", $id)->get()->delete_all(); // permission เว็บไซต์หลัก $module = new Module(); $module->where("main", 1)->order_by("extra", "DESC")->order_by("id", "ASC")->get(); foreach ($module as $key => $value) { if (!empty($_POST[$value->module . "_view"]) || !empty($_POST[$value->module . "_create"]) || !empty($_POST[$value->module . "_delete"]) || !empty($_POST[$value->module . "_extra"])) { $foo = new Permission(); $foo->user_type_id = $id; $foo->module = $value->module; $foo->views = @$_POST[$value->module . "_view"] ? 1 : 0; $foo->create = @$_POST[$value->module . "_create"] ? 1 : 0; $foo->delete = @$_POST[$value->module . "_delete"] ? 1 : 0; $foo->extra = @$_POST[$value->module . "_extra"] ? 1 : 0; $foo->save(); } } // permission ประเภทข่าวของเว็บไซต์หลัก $content = new Content_Group(); $content->order_by("title", "ASC")->get(); foreach ($content as $key => $value) { if (!empty($_POST["content_" . $value->id . "_view"]) || !empty($_POST["content_" . $value->id . "_create"]) || !empty($_POST["content_" . $value->id . "_delete"])) { $foo = new Permission(); $foo->user_type_id = $id; $foo->module = "content_" . $value->id; $foo->views = @$_POST["content_" . $value->id . "_view"] ? 1 : 0; $foo->create = @$_POST["content_" . $value->id . "_create"] ? 1 : 0; $foo->delete = @$_POST["content_" . $value->id . "_delete"] ? 1 : 0; $foo->save(); } } // check ถ้ามีการเลือกของ intranet if (@$_POST["intranet"]) { $module = new Module(); $module->where("intranet", 1)->order_by("extra", "DESC")->order_by("id", "ASC")->get(); foreach ($module as $num => $row) { if (!empty($_POST["int_" . $row->module . "_view"]) || !empty($_POST["int_" . $row->module . "_create"]) || !empty($_POST["int_" . $row->module . "_delete"]) || !empty($_POST["int_" . $row->module . "_extra"])) { $intranet = new Permission(); $intranet->user_type_id = $id; $intranet->module = "int_" . $row->module; $intranet->views = @$_POST["int_" . $row->module . "_view"] ? 1 : 0; $intranet->create = @$_POST["int_" . $row->module . "_create"] ? 1 : 0; $intranet->delete = @$_POST["int_" . $row->module . "_delete"] ? 1 : 0; $intranet->extra = @$_POST["int_" . $row->module . "_extra"] ? 1 : 0; $intranet->save(); } } } // check ถ้ามีการเลือกของเว็บหน่วยงาน if (@$_POST["department"]) { $module = new Module(); $module->where("department", 1)->order_by("extra", "DESC")->order_by("id", "ASC")->get(); foreach ($_POST["department"] as $key => $value) { foreach ($module as $num => $row) { if (!empty($_POST["d" . $value . "_" . $row->module . "_view"]) || !empty($_POST["d" . $value . "_" . $row->module . "_create"]) || !empty($_POST["d" . $value . "_" . $row->module . "_delete"]) || !empty($_POST["d" . $value . "_" . $row->module . "_extra"])) { $department = new Permission(); $department->user_type_id = $id; $department->module = "d" . $value . "_" . $row->module; $department->views = @$_POST["d" . $value . "_" . $row->module . "_view"] ? 1 : 0; $department->create = @$_POST["d" . $value . "_" . $row->module . "_create"] ? 1 : 0; $department->delete = @$_POST["d" . $value . "_" . $row->module . "_delete"] ? 1 : 0; $department->extra = @$_POST["d" . $value . "_" . $row->module . "_extra"] ? 1 : 0; $department->save(); } } } } if (!empty($_POST['requests_view'])) { $module = new Module(); $module->where('request', 1)->order_by('extra', 'desc')->order_by('id', 'asc')->get(); foreach ($module as $num => $row) { $request = new Permission(); $request->user_type_id = $id; $request->module = $row->module; $request->views = @$_POST[$row->module . "_view"] ? 1 : 0; $request->create = @$_POST[$row->module . "_create"] ? 1 : 0; $request->delete = @$_POST[$row->module . "_delete"] ? 1 : 0; $request->extra = @$_POST[$row->module . "_extra"] ? 1 : 0; $request->save(); } } } redirect("admin/settings/permissions"); }
/** * get the Filemanager * * @return Response */ public function postPermission() { $role = Role::find(Input::get('role_id')); if (!empty($role)) { // Validate the inputs $validator = Validator::make(Input::all(), Config::get('validator.admin.permission')); // Check if the form validates with success if ($validator->passes()) { //[id] => name $resources = Cachr::getCache('DB_AdminResourceName'); //Set allowed resources foreach (Input::except(array('role_id', '_token')) as $resource_id) { //['resource_id'] => [id] Log::info('allowed resource : ' . $resource_id); unset($resources[$resource_id]); $permission = Permission::where('role_id', '=', $role->id)->where('resource_id', '=', $resource_id)->first(); if (!empty($permission)) { $permission->type = 'allow'; if (!$permission->save()) { return Redirect::to('admin/role_permission')->with('error_permissions', Lang::get('admin.permission_save_error')); } } } //Set deny resources foreach ($resources as $k => $resource) { $permissions = Permission::where('role_id', '=', $role->id)->where('resource_id', '=', $k)->get(); Log::info('denied resource : ' . $k); foreach ($permissions as $permission) { if (!empty($permission)) { $permission->type = 'deny'; if (!$permission->save()) { return Redirect::to('admin/role_permission')->with('error_permissions', Lang::get('admin.permission_save_error')); } } } } //track user parent::track('update', 'Permission', $role->id); return Redirect::to('admin/role_permission')->with('success_permissions', Lang::get('admin.permission_save_success')); } return Redirect::to('/admin/role_permission')->withInput()->withErrors($validator); } return Redirect::to('/admin/role_permission')->with('error_permissions', Lang::get('admin.role_not_found')); }
function render() { $listModuleFile = array(); $listIgnores = array('.', '..', '.DS_Store', '.svn'); $primaryArray = array('Create', 'Read', 'Edit', 'Delete'); $listFiles = array_diff(scandir($this->modulePath), $listIgnores); // GET LIST FILE IN FOLDER if (!empty($listFiles)) { foreach ($listFiles as $file) { $fileName = ucwords(str_replace("_", " ", $file)); $fileSlug = str_replace("_", "-", $file); $listModuleFile[$fileSlug] = $fileName; } } // GET LIST FILE IN DATABASE $listModuleStore = Modules::get()->toArray(); $listModuleStore = array_column($listModuleStore, 'name', 'slug'); // NEW MODULE $diffInsert = array_diff($listModuleFile, $listModuleStore); $insertData = array(); if (!empty($diffInsert)) { foreach ($diffInsert as $k => $v) { $mA = explode("-", $k); $suffix = last($mA); if ($suffix == 'manager') { $count = count($mA); $preSuffix = $mA[$count - 2]; $suffix = $preSuffix . "_" . $suffix; } $groupString = "group_" . $suffix . "_id"; $group = 0; if (Config::has("backend.{$groupString}")) { $group = Config::get("backend.{$groupString}"); } $insertData = array('slug' => $k, 'name' => $v, 'group_id' => $group, 'status' => 1); if ($item = Modules::create($insertData)) { if ($item->save()) { // // Insert Menu // $menuInsert = array( // 'status' => 0, // 'name' => $item->name, // 'module_id' => $item->id, // 'slug' => $item->slug.'/show-list', // ); // Menus::create($menuInsert); // Create Primary Permission foreach ($primaryArray as $p) { $primaryInsert = array('name' => $item->name . " " . $p, 'slug' => $item->slug . "-" . strtolower($p), 'module_id' => $item->id, 'group_id' => $group, 'action' => strtolower($p)); Permission::create($primaryInsert); } } } } } // REMOVE MODULE $diffRemove = array_diff($listModuleStore, $listModuleFile); if (!empty($diffRemove)) { foreach ($diffRemove as $k => $v) { $item = Modules::where(array('slug' => $k, 'name' => $v))->first(); $deleteID = $item->id; if ($item->delete()) { // Menus::where('module_id', $deleteID)->delete(); Permission::where('module_id', $deleteID)->delete(); } } } }
function render() { $listModuleFile = array(); $listIgnores = array('dashboard', 'home', 'chat', 'search', '.', '..', '.DS_Store', '.svn'); $primaryArray = array('Create', 'Read', 'Edit', 'Delete'); $listFiles = array_diff(scandir($this->modulePath), $listIgnores); // GET LIST FILE IN FOLDER if (!empty($listFiles)) { foreach ($listFiles as $file) { $file = str_replace("_backend", "", $file); $fileName = ucwords(str_replace("_", " ", $file)); $fileSlug = str_replace("_", "-", $file); $listModuleFile[$fileSlug] = $fileName; } } // GET LIST FILE IN DATABASE $listModuleStore = Modules::get()->toArray(); $listModuleStore = array_column($listModuleStore, 'name', 'slug'); // NEW MODULE $diffInsert = array_diff($listModuleFile, $listModuleStore); $insertData = array(); if (!empty($diffInsert)) { foreach ($diffInsert as $k => $v) { $insertData = array('slug' => $k, 'name' => $v, 'status' => 1); if ($item = Modules::create($insertData)) { if ($item->save()) { // Insert Menu $menuInsert = array('status' => 0, 'name' => $item->name, 'module_id' => $item->id, 'slug' => $item->slug . '/show-list'); Menus::create($menuInsert); // Create Primary Permission foreach ($primaryArray as $p) { $primaryInsert = array('name' => $item->name . " " . $p, 'slug' => $item->slug . "-" . strtolower($p), 'module_id' => $item->id, 'action' => strtolower($p)); Permission::create($primaryInsert); } } } } } // REMOVE MODULE $diffRemove = array_diff($listModuleStore, $listModuleFile); if (!empty($diffRemove)) { foreach ($diffRemove as $k => $v) { $item = Modules::where(array('slug' => $k, 'name' => $v))->first(); $deleteID = $item->id; if ($item->delete()) { Menus::where('module_id', $deleteID)->delete(); Permission::where('module_id', $deleteID)->delete(); } } } }
</div> </div> <div class="row left"> <form method="post" action="/dashboard/storyteller/manage/permissions/grant" class="panel"> <h4>Grant Permission</h5> <label>User</label> <select name="user"> @foreach(User::orderBy('username')->get() as $u) <option value="{{$u->id}}">{{$u->username}}</option> @endforeach </select> <label>Permission</label> <select name="permission"> @foreach(PermissionDefinition::all() as $p) <?php $count = Permission::where('permission_id', $p->id)->count(); ?> <option value="{{$p->id}}"> {{$p->name}} ({{$count}} user{{$count == 1 ? '' : 's'}} with permission) </option> @endforeach </select> <input type="submit" class="button small" value="Grant Permission" /> </form> <form method="post" action="/dashboard/storyteller/manage/permissions/create" class="panel"> <h4>Create Permission</h5> <label>Name</label> <input type="text" name="name" /> <label>Description</label> <textarea name="description"></textarea> <input type="submit" class="button small" value="Add Position" />
/** * Auth check * check if the current user can access the current uri * it check user, user role, user group, and user group role perms * all checks done using DataMapper directly * user can call this function in the Controller constructor or function * it follow the deny all expect allowed concept */ public function auth_check() { $controller = $this->ci->uri->rsegment(1); if ($this->ci->uri->rsegment(2) != '') { $action = $controller . '/' . $this->ci->uri->rsegment(2); } else { $action = $controller . '/index'; } $allow = false; $user = $this->get_user_info(); $u = new User($user['user']['id']); $p = new Permission(); // check user $p->where('permission', $action)->where_related($u)->get(); if ($p->exists()) { return TRUE; } // check user role $r = new Role(); $r->where_related($u)->get(); $p->where('permission', $action)->where_in_related($r)->get(); if ($p->exists()) { return TRUE; } // check user group $g = new Group(); $g->where_related($u)->get(); $p->where('permission', $action)->where_in_related($g)->get(); if ($p->exists()) { return TRUE; } // check user group role $r->where_in_related($g)->get(); $p->where('permission', $action)->where_in_related($r)->get(); if ($p->exists()) { return TRUE; } $this->set_error('You have not the permission to do that'); return FALSE; }