Answer the question
In order to leave comments, you need to log in
T
T
Talyan2018-03-30 06:46:25
Talyan, 2018-03-30 06:46:25
Where to place the user rights access check?
Model, vyuuuu. controller. Yeah ....
I noticed that this task often starts to slow me down:
There is a table in the database with user rights, which tells us that they say "user1 has access to the action and user 2 has access to and". In general, everyone has their own rights.
When drawing a link in the View, I now had to put a function from the Model into the View, which:
1) looks at the user from the session
2) looks for his rights
3) looks at the link that is currently being drawn
4) makes a conclusion whether to draw it or not, depending from rights
It turns out that the View has access to the Model, which violates the orthodoxy of MVC as far as I remember.
You can immediately prepare the entire array of links for the user in the controller. But can you imagine? There are a lot of links throughout the page. Some links in one logical part of the page, others in another. There such a heap of code will turn out! Horror. The method in the controller will span 100500 lines. So it's more convenient to check before drawing each link in the View.
For each type of user, making your own template with already drawn links will not work, because the rights are distributed as in 1C - with checkmarks. What I can and what I can't.
How are you doing?
Here is my access system in abstraction:
class Model {
public function getUser()
{
return $this->user;
}
public function getUserRights($user) {
return array("edit_news","delete_page");
}
}
class View {
private function is_access($level)
{
$user=$_SESSION['id'];
$model=new Model();
return in_array($level,$model->getUserRights($user));
}
function render($template,$data);
}
class Controller {
public function action_news()
{
$this->model= new Model();
$this->view=new View();
$this->data['text']=$this->model->get_text_of_news();
$this->view->render("text.html",$this->data);
}
}text.html :
<?
if($this->is_access('edit_news')) echo "<a href=\"edit.php\">Редактировать новость</a>";
?>Is this normal?
2 answer(s)
@flapflapjack
@Minifets
The menu building logic is moved to a separate service. For a separate menu - a separate builder. In the builder, they check the rights and which links should be displayed. In the View, the result of the builder is already given for rendering the menu, or in the view, through the helper, you get the desired builder and display it.
A
Arman, 2018-03-30 @flapflapjack
And what prevents the view from passing the user model that has an array of rights? Then just ask if($this->user->can('edit-post')) {//draw the link};
To deny access to the editing page, it is popular today to use middleware
A
Alexander, 2018-03-30 @Minifets
You can immediately prepare the entire array of links for the user in the controller. But can you imagine? There are a lot of links throughout the page. Some links in one logical part of the page, others in another. There such a heap of code will turn out! Horror. The method in the controller will span 100500 lines. So it's more convenient to check before drawing each link in the View.
The menu building logic is moved to a separate service. For a separate menu - a separate builder. In the builder, they check the rights and which links should be displayed. In the View, the result of the builder is already given for rendering the menu, or in the view, through the helper, you get the desired builder and display it.
Similar questions
A
I
Y
E
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question