CodeIgniter-Aauth
CodeIgniter-Aauth copied to clipboard
Enhancement: being able to deny a permission
This might sound a little bit strange as there are a deny_user()
and a deny_group()
function in the library but you aren't really able to deny a permission using AAuth. The deny-functions only removes a permission from a group/user but that is not the same as actually denying permissions.
Let me explain the problem:
Imagine a little app with a group called "authors". This group has multiple permissions like "article.edit", "article.create", "article.delete", etc. - now you've got a bunch of users who are all members of this group but there is this one guy that has a reputation of being stupid. And because of that you don't want him to be able to delete articles.
And thats a problem. The only way to do this using AAuth is by creating a second group called "stupid_authors" which has all the same permissions as "authors" but is missing the "article.delete"-permission.
The problem is that AAuth only keeps track of permissions that are "allowed" but not of permissions that are "denied". If you would store a "state" for each permission in the perm_to_group
and perm_to_user
tables this could easily be added. Set the state-field to 1 for permissions that are allowed and to 2 for permissions that are denied. If no entry is there, it should just work as today. Then, when you check if a gorup or user has a permission there are three possibilities:
- somewhere in the perm_to_group/user tables there is an entry with "state=1"
- somewhere in the perm_to_group/user tables there is an entry with "state=2"
- there is no entry in any table
If either 2. or 3. is true, then the permission is denied. If only 1. is true, then the permission is allowed.
That's a really great idea, I've never thinked about this but that is would be a great enhancement for Aauth.