CodeIgniter user rights through session

Question

So I am creating my first project in CodeIgniter and I was wondering if there is an efficient way to force user restrictions based on what user group they belong to.

There are 3 user groups in this application(administrator, teachers and students), each with their own rights. What is the best method to implement this?

At the moment I just put it into the session variable and read it on almost every page. Something tells me there has to be an easier way to do this?

Thanks in advance.

Kind regards

Glenn

Answer 1

a simple group ID in the users table would be fine for your application it sounds like. you could then do like catfish said and put a check in the controller constructor or in the specific method itself.

in the future implementing another table like "permissions" or "roles" or "scopes" would allow you to create fine grain permissions inside your application. see implementations like oauth server's(https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server)

function user_get($id)
{
    $this->load->library('oauth_resource_server');
    if ( ! $this->oauth_resource_server->has_scope(array('user.details', 'another.scope')))
    {
        // Error logic here - "access token does not have correct permission to user this API method"
    }

    // API code here
}

This might be more applicable down the line when you need to actually fine tune permissions or want more flexible permissions for when you create RESTful API's. For your current a case a generic check in the constructor or method will do.

Answer 2

use group id in database table. and store it into session. and check authorization and authentication using this group id.

Answer 3

If you put it into your controller's constructor, it'll get called on every page, but you don't have to call it in every method you use.