Role Based Access Control for Kohana3
-
enable rbac module in bootstrap.php (auth module is needed)
-
install install.sql under rbac directory (replace '{table_prefix}' to your own table_prefix)
-
if you haven't created user , create first , and assign a role for this user
-
create rules in action's comment using @rule tag like this /**
- @rule edit node
- @rule edit node (owner)|$item->user_id == $user->id */ public function action_edit() { $node = ORM::factory('node')->find($this->request->param('id')); Rbac::check($node); //... } in the second rule , there is a "|", below which is an expression , $item is $node here.
-
if you don't have login form , you can use Auth::force_login like this public function action_login() { // suppose you just created an user whose email is [email protected] Auth:instance()->force_login('[email protected]'); // if you want to log out // Auth::install()->logout(); } then browser this url to perform login
-
go to http://localhost/path/to/admin/rbac it will show a table if everything works well, you can check and uncheck for special roles. pretty easy and directly
-
admin has all priviledges.
-
if you visit /path/to/admin/rbac , and it shows 'sorry , but you are not allowed to access this page', you can comment Rbac::check($node) in controller/admin/rbac.php temporary.