Comments on: CodeIgniter Authentication Design Principles http://geekhut.org/2009/10/codeigniter-authentication-design-principles/ Chock Full of Geeky Goodness Mon, 26 Jul 2010 13:32:30 +0000 hourly 1 http://wordpress.org/?v=6447 By: jorix http://geekhut.org/2009/10/codeigniter-authentication-design-principles/comment-page-1/#comment-1364 jorix Thu, 08 Oct 2009 22:30:24 +0000 http://geekhut.org/?p=838#comment-1364 Cool. Looking forward to see your screencast on this. Always great to compare methods. Cool. Looking forward to see your screencast on this. Always great to compare methods.

]]> By: aster1sk http://geekhut.org/2009/10/codeigniter-authentication-design-principles/comment-page-1/#comment-1362 aster1sk Thu, 08 Oct 2009 16:51:37 +0000 http://geekhut.org/?p=838#comment-1362 I would have loved to have demonstrated this technique in full, unfortunately this tutorial was meant for an absolute basic explanation. Last night we did a screencast (about 45 minutes) I am syncing the audio from the call to the video which demonstrates exactly your method. Thank you very much for your feedback. I would have loved to have demonstrated this technique in full, unfortunately this tutorial was meant for an absolute basic explanation. Last night we did a screencast (about 45 minutes) I am syncing the audio from the call to the video which demonstrates exactly your method.

Thank you very much for your feedback.

]]> By: jorix http://geekhut.org/2009/10/codeigniter-authentication-design-principles/comment-page-1/#comment-1361 jorix Thu, 08 Oct 2009 12:55:38 +0000 http://geekhut.org/?p=838#comment-1361 In this example, class method names are tied into the auth library, meaning you need to update auth if a new method is added to a controller. Also, since there is no relation between the method and the controller, allowing a "user" to have insert or update permissions would allow this for every controller that makes use of auth. Why not just pass allowed roles as an argument and match the the role of the logged in user against it? This would work within a controller constructor as well as inside specific controller methods (if you need granular security) $this->auth->allowed_roles('user','admin'); On the downside, if roles change or a new role is introduced, you need to update your controllers. In this example, class method names are tied into the auth library, meaning you need to update auth if a new method is added to a controller. Also, since there is no relation between the method and the controller, allowing a “user” to have insert or update permissions would allow this for every controller that makes use of auth.

Why not just pass allowed roles as an argument and match the the role of the logged in user against it? This would work within a controller constructor as well as inside specific controller methods (if you need granular security)

$this->auth->allowed_roles(‘user’,'admin’);

On the downside, if roles change or a new role is introduced, you need to update your controllers.

]]>