Yes, but you'd have to search for the controller files yourself AFAIK.
Yes, see
before()
,2.1 If you want to keep it in one place you would only have to write a little extra something to specifiy which action requires what privileges. Check out Kohana's
Request
class for some nice stuff you could use for this (I'd say take a look at the url, uri and request methods, I don't know by hard what exactly they do)2.2 You could also do it on a per-controller basis; e.g.
Controller_Admin
could do the following ugly one-liner (check snippet for 2.2 below). I suggest splitting it up a little bit though, e.g. giving your base controller aprotected $_user
variable which it fills in it'sbefore()
method and then use$this->_user
instead ofAuth
stuff.It's
Controller_Template
but yes, you got that right ;)Like this?
Request::$current->is_ajax()
(http://kohanaframework.org/3.3/guide-api/Request#is_ajax)
Snippet for 2.2:
if ( ! Auth::instance()->get_user()->has('role', ORM::factory('Role', array('name' => 'admin')))
throw new HTTP_Exception_403('Permission denied!');