Users & Auth

To setup user permissions, you have to add the roles and permissions in the database, then attach the user to roles. In the controller, you set which methods require Read/Update/Create/Delete access. The rest is handled by Slender in the background and will return auth codes if they do not have access.


Authentication Setup

You can setup authentication and permissions any way you choose. Slender will help take a lot of this work off your hands. You can setup unauthenticated requests, authenticated requests, and authenticated with permissions.

//Add you unauthenticated methods here
//slender_settings_prod.settings
request.unauthenticated_methods = "users.register,users.login"

//In users controller, if method is not listed here,
//the user will have to be logged in to use that method.
//Once they are logged in, you can setup permissions for that method, instructions below.

Examples

In this example, we will setup save and select access to the users table for the admin role.

//In the users controller, add this method and call it in the constructor.
//We will give create and update access to the save method.
//We will give read access to the select method.
public function setMethodPermissions()
{
    $this->methodPermissions = array(
        'save' => array('CR','UP'),
        'select' => array('RE'),
    );
}

Setup role and resource
//The "roles" table already has the Admin role, which is ID:1
//The "resource" table contains a record with the name:users
//This connects the permission for the users controller to the DB permissions

Give user Admin access
//In the "user_role" table, add the user_id and role_id for the admin role

Connect everything together
//In the "role_resource_permission" table, add the role_id, resource_id, and permission_id
//This would be the admin role, users resource, and a permission such as Read, Update..

Example
//The "role_resource_permission" table is basically where you can say
//which roles have which access to which controllers.
//In this example if you gave Admin access read access to the users controller,
//they would have access to users->select but not users->save.
//To give them access to save, you would have to give them CR or UP access.

//To check for Update access directly in the UserLib, use this code.
$userRoles = new Models\UserRoleModel($this->db, $this->authenticatedUserId);
$checkAdminRolePermission = $userRoles->checkUserResourcePermissionByUserId($this->authenticatedUserId, 'users', 'UP');

//$checkAdminRolePermission is a boolean, you can say:
if ($checkAdminRolePermission) {
    echo 'user has update access, proceed';
}else{
    echo 'Throw an error message';
}

//All of these features should allow you to setup permissions in any way you choose.
//Add custom roles, then add users to multiple roles, then assign permissions to
//controllers and methods for each role. Slender will handle the rest, unless
//you need to do custom permission checks yourself, which of course we allow.