As said in the introduction of the Auth package, an authentication system comes with
three different drivers, each dealing with a part of the system.
The SimpleAuth acl driver stores is role driven, and stores it's acl definitions in the simpleauth configuration file.
It provides the logic for checking if a user has access to a named ACL.
The SimpleAuth acl driver stores it's group definitions in the simpleauth configuration file. The acls are defined as a set of
access criteria linked to a specific role. It is defined as a multi-dimensional array, which must have the following structure:
<role> => array( // where <role> is the name of the role you're defining the ACL for
<location> => array( // where <location> is what you're specifying the ACL for
'right', 'otherright' // the specific rights for this location
You can specify as many locations as you need, and every location can have as many rights as needed. The simpleauth config
file supplied with the Auth package contains some examples that you can use.
You can use the system defined role "#" to specify default rights that will be set for every user, and which is commonly used
to define the public rights to your application. For example, if everyone is allowed to read blog posts and their comments,
you could define:
// default role for all users
'#' => array(
'blog' => array('read'), // read access to 'blog'
'comments' => array('read'), // read access to 'comments'
There are also two specific location definitions available for you to use. One that will simply deny all access, and one that
will allow all access. You the last one with care!
// special role definitions
'banned' => false, // deny all access to users having the role 'banned'
'administators' => true // allow all access to users having the 'administrator' role
The has_access method allows you to check if the current logged-in user has access to a specific location with specific rights.
||The access condition you want to check
||boolean. true if the user has access, or false if not.
// check if the user has access to read blog posts
// yes, the user has access
// if you have multiple instances, use the instance to call this method.
// you can also check for multiple rights in one go
// yes, the user has access and may read, write and delete
// you can also specify the rights to check as an array
if (Auth::has_access(array('blog' => array('read'), 'comments' => array('read')))
// yes, the user has access to read blogs and comments