Answer the question
In order to leave comments, you need to log in
How to properly implement authorization in PHP/MVC?
There is some project written in pure PHP without the use of frameworks.
An unauthorized user, getting to the site, rests on the authorization form. Having successfully logged in, the visitor is assigned a certain role - administrator, writer, reader, etc.
Nothing unusual, but due to inexperience, a natural question arises: how to correctly implement authorization in MVC?
In particular, I'm interested in:
1. Should access rights be differentiated through user class attributes simply or, I saw it somehow, through an additional object ala "passport of admission"?
2. At what stage is the legitimacy of the user's presence in one or another place of the resource checked? Primary cutoff of unlogged users + access control to specific controllers/actions?
I understand that it is possible to implement such functionality in different ways, I am interested in exactly how to do it correctly within the framework of the MVC pattern. The question, I understand, is worded very vaguely. I will update and update as more questions come in.
PS
Perhaps you can recommend books/articles on this topic?
Answer the question
In order to leave comments, you need to log in
1. You should make a class attribute. It is not necessary to produce thousands of classes.
2. As you like, only that any script correctly takes into account access rights.
Globally on the topic of the question:
MVC does not limit your choice in this context. Just make sure that the three different entities are logically separated from each other.
PS Book: Object-Oriented Design Techniques E. Gamma R. Helm R. Johnson D. Vlissides. He won’t say anything about php, he won’t say much about MVC, but he will tell you about how to design correctly. IMHO what you need.
I would make an object of the "role" class, which would be a property of the "user" class. Checking access to the current section can be done in the controller, before the data and view are loaded.
There is no consensus among developers, and even in the theory of what MVC is, everyone understands it differently, so there is no right solution in the general case, but there are right solutions for each specific framework or CMS. habrahabr.ru/blogs/webdev/117791/ By the way, MVC can be implemented on the same php without having any class.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question