A
A
Alexander Gomzyakov2011-06-21 21:10:10
User identification
Alexander Gomzyakov, 2011-06-21 21:10:10

How to properly implement authorization in PHP/MVC?

There is some project written in pure PHP without the use of frameworks.
An unauthorized user, getting to the site, rests on the authorization form. Having successfully logged in, the visitor is assigned a certain role - administrator, writer, reader, etc.
Nothing unusual, but due to inexperience, a natural question arises: how to correctly implement authorization in MVC?
In particular, I'm interested in:
1. Should access rights be differentiated through user class attributes simply or, I saw it somehow, through an additional object ala "passport of admission"?
2. At what stage is the legitimacy of the user's presence in one or another place of the resource checked? Primary cutoff of unlogged users + access control to specific controllers/actions?
I understand that it is possible to implement such functionality in different ways, I am interested in exactly how to do it correctly within the framework of the MVC pattern. The question, I understand, is worded very vaguely. I will update and update as more questions come in.
PS
Perhaps you can recommend books/articles on this topic?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
T
try4tune, 2011-06-21
@try4tune

Excuse me, but what does MVC have to do with it?

H
Horse, 2011-06-21
@Horse

1. You should make a class attribute. It is not necessary to produce thousands of classes.
2. As you like, only that any script correctly takes into account access rights.
Globally on the topic of the question:
MVC does not limit your choice in this context. Just make sure that the three different entities are logically separated from each other.
PS Book: Object-Oriented Design Techniques E. Gamma R. Helm R. Johnson D. Vlissides. He won’t say anything about php, he won’t say much about MVC, but he will tell you about how to design correctly. IMHO what you need.

T
try4tune, 2011-06-21
@try4tune

I would make an object of the "role" class, which would be a property of the "user" class. Checking access to the current section can be done in the controller, before the data and view are loaded.

T
Timur Shemsedinov, 2011-06-22
@MarcusAurelius

There is no consensus among developers, and even in the theory of what MVC is, everyone understands it differently, so there is no right solution in the general case, but there are right solutions for each specific framework or CMS. habrahabr.ru/blogs/webdev/117791/ By the way, MVC can be implemented on the same php without having any class.

W
whynot, 2011-06-21
@whynot

If you are learning mvc, start with some kind of framework in which the application structure is rather rigidly set and most of these questions will disappear even at the stage of their formation.
For example, take symphony and their jobeet app

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question