CIzACL has 6 main areas:
In this user guide we suppose that your site is www.example.com.
Make sure that your project runs with CodeIgniter 3.x and that it has this structure:
/ /application /system /index.php
So, unzip the files of the "httpdocs" folder in the root of your CodeIgniter project and if you are prompted to replace the files click YES ALL.
Unzip the "cizacl.sql" dump file from the "Sql" folder and import it to the MySQL database.
Go to /application/config/cizacl.php and set as true the cizacl_status setting.
Go to /application/config/autoload.php and insert acl in the Auto-load Libraries section as follows:
$autoload['libraries'] = array('cizacl');
Go to /application/config/config.php and insert this line after the $config['language'] setting:
$config['language_abbr'] = 'en';
Go to /application/config/config.php and make sure that $config['encryption_key'] has a value.
Go to /application/config/config.php and configure the "Session Variables" setting:
$config['sess_driver'] = 'database'; $config['sess_save_path'] = 'ci_sessions'; $config['sess_match_ip'] = TRUE;
Go to /application/config/database.php and configure the database settings with your database connection values.
Credentials for the first login:
Username: admin
Password: admin
The Login controller allows users to sign in your site. To use it, you can make a link to this address: http://www.example.com/index.php/login
Also the Login controller provides to the user logout. To use the logout function you can make a link to this address: http://www.example.com/index.php/login/logout
Once you have logged in succesfully, the system will memorize the following information in the session:
'user_id' 'user_name' 'user_surname' 'user_lastaccess' 'user_cizacl_role_id'
You can use this data in your website through the command $this->session->userdata('item'). Please, see the Codeigniter user guide for more details.
CIzACL is a powerful ACL system for CodeIgniter based on Zend Framework that manages users access for different resources. The resources are the set of controllers and functions of your CodeIgniter project.
CIzACL allows you to create unlimited roles for unlimited users and resources and combine them with unlimited rules, without adding additional code in the resources that you want to protect.
You have a website with these resources:
Go to the Resources management page and click the "add" botton on the right and add all theese resources as "Controller" (in the Resources paragraph we will explain the differences between the "Controller" and "Function" options).
Your website also has these roles:
You would like that the guest users can only view the articles of your website.
The staff users can only edit, submit and revise the articles of your website. They can also do everything the guest users do.
The editor users can only publish, archive and delete the articles of your website. They can also do everything the staff users do.
The administrator users can do everything.
Go to the Roles Management page and click the "Add" button on the right. Start adding the roles with less privileges.
When you add the guest role make sure that the "Default Role" field is selected on "Yes", because it is the role that all users (even without an account) will have.
When you add the staff role make sure to select "Guest" from the"Inherit by" field.
When you add the editor role make sure to select "Staff" from the "Inherit by" field.
The order field is very important especially when you inherit privileges from other roles. If you assign 1 to the Editor order field and assign 2 to the Staff order field the system will display an error, because the system reads Editor (that inherits privileges from the Staff role) first and doesn't yet know the Staff role.
So make sure that the role from which you inherit privileges has a lower order value.
You also would like to add new rules to manage the use of resources:
Guest => View
Staff => Edit, Submit, Revise (inherit Guest privileges)
Editor => Publish, Archive, Delete (inherit Staff privileges)
Administrator => [Granted all access]
Go to the rules management page and click on the "Add" button on the right. Select the role that you want to set and click on the "New Rule" button on the right.
For example, for the editor role, you will click on the "New Rule" button three times.
The first time you select the "publish" option in the "Controller" field, the second time you select "archive" and the third time you select "delete".
If you don't want that the editor role to be allowed to edit articles (it inherits the edit privilege from the staff role), you can add a new rule where you deny the access to the edit controller.
For the administrator role, you only have to add one rule and select in the controller and the function fields the "All" option.
By default there is a deny rule that prevents that the roles have unwanted privileges.
The Users controller provides to manage the users subscription of your site.
To add a new user, click on the "Add" button on the right. A new window will open.
Fill the fields and click on the "Add" button at the bottom. All fields are required.
To edit a user you have to select the user from the list and then click on the"Edit" button on the right.
As in the edit user procedure, you have to select the user that you want delete and click on the "Delete" button on the right.
The Roles controller provides to manage the users' roles of your site.
To add a new role, click on the "Add" button on the right. A new window will open.
Fill the fields and click on the "Add" button at the bottom.
| Role Name | It is the name of the role that you would like to create. This filed is required. |
| Inherit by | You can select one or more roles from which to take privileges. Make sure that the role from which you inherit privileges has a lower order value. |
| After login, redirect to | It is a list of all the resources added in the system. Allow to redirect the users that have this role to the page selected after the login procedure. This filed is required. |
| Description | It is a description of the role that you are creating. |
| Default role | Set "Yes" if you would like this role to become the default role for the users that aren't logged. There must be at least a default role. |
| Order | It iss the order in which the system reads the roles. This field is required. |
To edit a role you have to select the role from the list and then click on the"Edit" button on the right.
As in the edit role procedure, you have to select the user that you want to delete and click on the "Delete" button on the right.
All users and all rules that have been created with the role that you would like to delete will be deleted.
The Resources controller provides to manage the resources of your site.
To add a new role, click on the "Add" button on the right. A new window will open.
Fill the fields and click on the "Add" button at the bottom.
| Type | It can be set as "Controller" or as "Function". Please, see the Codeigniter user guide for more details. If the "Function" option is set, a new field called "Controller" will be displayed that will indicate the origin of the function. This filed is required. |
| Name | It is the name of the resource. |
| Controller | It indicates to which controller the function belongs to . |
| Description | It is a description of the resource that you are creating. |
To edit a resource you have to select the resource from the list and then click on the"Edit" button on the right.
As in the edit resource procedure, you have to select the resource that you want delete and click on the "Delete" button on the right.
The Rules controller provides to manage access rules between roles and resources of your site.
To add a new rule, click on the "Add" button on the right. A new window will open.
Fill the fields and click on the "Add" button at the bottom.
|
Set the rules for the following role |
It sets the role that will be managed by this rule. This filed is required. |
| Rule | It can be set as "Allow" or "Deny". Set "Allow" if you would like the rule to allow the access to controllers and functions, otherwise set "Deny". |
| Controller | It sets the controller that will be managed by this rule. You can add more controllers by clicking on the "+" button. |
| Function | It sets the function that will be managed by this rule. You can add more functions by clicking on the "+" button. |
| State | It sets the state of the rule. If is set on "Disabled" the rule will be ignored. |
| Description | It is a description of the rule that you are creating. |
To edit a rule you have to select the rule from the list and then click on the"Edit" button on the right.
As in the edit rule procedure, you have to select the rule that you want delete and click on the "Delete" button on the right.
The Sessions controller provides to manage the sessions of your site.
You can delete the session for one or more users who are visiting your site.
CIzACL has three main tools that help you to manage users access for different resources:
check_hasRole($role) |
This function returns true if the role exists or false if it doesn't. The parameter role allows you to add the role name or the role ID that you have to check. For example:
var_dump($this->cizacl->check_hasRole('Administrator'));
var_dump($this->cizacl->check_hasRole(1));
Output of the above example bool(true) bool(true) |
| check_has($resource) | This function returns true if the controller or the function exist or false if they don't. The parameter resource allows you to add the controller name or the function name. For example:
var_dump($this->cizacl->check_has('Edit'));
var_dump($this->cizacl->check_has('Other'));
Output of the above example bool(true) bool(false) |
| check_isAllowed($role, $controller, $function) | This function returns true if the role is allowed to access the resource or false if it doesn't. The parameter role allows you to add the role name or the role ID. The parameter controller allows you to add the controller name. The parameter function allows you to add the function name. This parameter is optional. For example:
var_dump($this->cizacl->check_isAllowed('Administrator', 'Edit'));
var_dump($this->cizacl->check_isAllowed('Guest', 'Edit'));
Output of the above example bool(true) bool(false) |
All the above examples refer to the Practical Example paragraph.
CIzACL allows you to switch easily into your language.
Go to /application/config/config.php and set the language and the language_abbr variable with your language. For example, I would like to translate CIzACL into Italian:
$config['language'] = 'italiano'; $config['language_abbr'] = 'it';
Go to /application/language and copy the "english" folder. Rename it into "italiano". Then open and translate all files into the folder that you have copied.
English version:
$lang["library_not_loaded"] = "ACL library not loaded!";
Italian version:
$lang["library_not_loaded"] = "La libreria ACL non è stata caricata!";
Many scripts in CIzACL have already been translated and are loaded automatically by the system. If the system can not find the language file for the scripts it will automatically load the English language.
Don't rename the files in the folder language.
Don't rename the variable's key in the language files.