Micro ACL Library (coupled with Bitauth)

example_controller.php

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Example_controller extends CI_Controller {

    public function __construct()
    {
        parent::__construct();
        $this->load->library('MicroACL');
        if (! $this->microacl->is_allowed(1))
        {
            $this->session->set_flashdata('_macl_error', 'You're not allowed to access this resource!');
            redirect('/', 403);
        }
    }

}

/* End of file example_controller.php */
/* Location: ./application/controllers/example_controller.php */

macl_init.sql

CREATE TABLE `macl_roles` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `type` varchar(10) COLLATE utf8_bin DEFAULT NULL,
  `name` varchar(100) COLLATE utf8_bin DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

CREATE TABLE `macl_role_perms_xref` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `role_id` int(11) DEFAULT NULL,
  `perm_id` int(11) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=50 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

CREATE TABLE `macl_perms` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(100) COLLATE utf8_bin NOT NULL DEFAULT '',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

ALTER TABLE `bitauth_userdata` ADD `role_id` INT(11) UNSIGNED NOT NULL DEFAULT 1;

INSERT INTO `macl_roles` VALUES ('system', 'Full access');

INSERT INTO `macl_perms` VALUES ('First permission');

INSERT INTO `mac_role_perms_xref` VALUES (1, 1);

MicroACL.php

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class MicroACL {

    private $CI;
    private $is_loaded = false;
    private $my_role = null;
    private $my_perms = array();


    public function __construct()
    {
        $this->CI = &get_instance();
        if ($this->CI->bitauth->logged_in() === FALSE) { $this->CI->session->unset_userdata('_mACL'); }
        $this->is_loaded = !!$this->CI->session->userdata('_mACL');
        $this->init();
        $this->my_perms = $this->CI->session->userdata('_mACL');
    }

    public function init()
    {
        // Already initialized ? Get out
        if ($this->is_loaded || !$this->CI->bitauth->logged_in()) { return; }

        // Get User-Assigned permissions
        $u_perms = $this->CI->db->select('perm_id')->where('user_id', $this->CI->bitauth->user_id)->get('user_perms_xref')->result();

        // Get Role-Based permissions
        $r_perms = $this->CI->db->select('perm_id')->where('role_id', $this->CI->bitauth->role_id)->get('role_perms_xref')->result();

        // Merge, flatten, store!
        $perms   = array();
        $m_perms = array_merge($u_perms, $r_perms);

        foreach ($m_perms as $p)
        {
            $perms[] = $p->perm_id;
        }

        $perms           = array_unique($perms);
        $this->is_loaded = TRUE;
        $this->CI->session->set_userdata('_mACL', $perms);

    }


    public function is_allowed($perm_needed)
    {
        return is_array($this->my_perms) && in_array($perm_needed, $this->my_perms);
    }

    public function destroy() {
        $this->session->unset_userdata('_mACL');
    }

}

/* End of file MicroACL.php */
/* Location: ./application/libraries/MicroACL.php */