1

I understand how to implement ACL and restrict access to controller methods.

What I don't understand is how to display certain links only for users with certain permissions in the view? Could someone please demonstrate how this is done?

The only related answers I can find are specific to ASP which doesn't make any sense to me.

Community
  • 1
  • 1
mister martin
  • 5,746
  • 3
  • 24
  • 58

3 Answers3

1

If you are using Zend Framework as per that article, then use a view helper. Call the ACL class, set controller/user etc and return a boolean value.

<?php if ($this->acl()->hasPermissionToViewUri()): ?>
    // show uri
<?php endif ?>
Rijndael
  • 3,253
  • 2
  • 22
  • 26
  • 1
    I'm not using Zend, it's for a custom framework so I'm seeking any answers in general. Seeing how other frameworks do it is helpful. Thank you. – mister martin May 23 '13 at 13:47
0

You could do something like this:

if(user->logged_in()){
    $data = array( 'link' => $link1);
} else {
    $data = array( 'link' => $link2);
}

View::make('some-view)->with($data);

In the view:

  <?php echo $link; ?>

This princip you have to transfer to your mvc framework.

ChrisG
  • 5,250
  • 3
  • 30
  • 52
  • 1
    But, technically I'm told that the controller isn't supposed to pass data to the view, as that breaks the one-way flow of the pattern. – mister martin May 23 '13 at 13:51
-2

I always create a function on Yii (the framework I use) to check access to see or get into some stuff.

In Yii I use it like this:

if (Yii::app()->user->checkAccess('restricted_zone')) {
    echo 'hurray i have access!';
} else {
    echo 'do not have access! :(';
}

as used in a Yii extension: http://www.yiiframework.com/extension/rbam/

You can use it everywhere you want to restrict something - model, view, controller and even in auxiliary classes you may import.

You just need to be sure that your class is ready to be used all along your code.

Ivo Pereira
  • 3,143
  • 1
  • 17
  • 24
  • And so what? That's excellent, as you can access it through all the application. I think it's an excellent approach. – Ivo Pereira May 23 '13 at 13:25
  • Why not? Would you suggest using one function for each controller? What about reusing code guys? I would love to hear facts from you. – Ivo Pereira May 23 '13 at 15:10
  • Probably you've never seen the way Yii rbam extension is made: http://www.yiiframework.com/extension/rbam/ – Ivo Pereira May 23 '13 at 15:55
  • 1
    +1. Global scope is bad because you never know who may have modified a global value or when. If you use a **static class** (much different and much better than a global variable) *purely* for data access and never for mutation, there is absolutely nothing wrong with it and @IvoPereira's arguments are entirely valid. – JMTyler May 23 '13 at 16:08
  • The Magento framework uses a pattern similar to this and Magento is a powerhouse of, in fact, *too many* solid design patterns & system architecture. It's notorious for having an extremely high learning curve because its system is so heavily designed and abstracted. This is one thing they are not doing wrong. – JMTyler May 23 '13 at 16:14
  • @JMTyler: I'm pretty sure you can see that `Yii:app()` actually behaves like a global variable here, so please, don't troll too much. – hakre May 23 '13 at 16:14
  • Dude, you've got 8 years experience and you think global scope is 'excellent'? – Jimbo May 23 '13 at 16:15
  • @hakre: Not trolling. I agree that having public access to `Yii::app()->user` is no good, but the general concept stands. Replace that with something like `Yii::app()->getUser()` and there's no danger. – JMTyler May 23 '13 at 16:51
  • I would invite you guys to look through the Yii framework and to check how the methods are being called, all the process. – Ivo Pereira May 23 '13 at 16:57
  • @IvoPereira: I try hard to not use a PHP framework as an excuse for something. Instead I try to find the PHP framework that allows me to make less excuses. – hakre May 23 '13 at 21:50
  • Fortunately, Yii "allows me to make less excuses" :) That's why I started working with it! – Ivo Pereira May 23 '13 at 22:21