I'm using the fresh new Codeigniter 3 framework but it seems that it lacks any Role Based Access Control List feature. I know that there are some libraries for that purpose but they seem overkill for my needs.
I use CAS for authorization so we can take this out of the equation. It seems to me that there are basically 3 approaches to this:
Using Sessions
Using Hooks
Using a Access Control List (ACL) library
The simpler, super basic approch that I have now is using Sessions like this in my Main controller:
(...)
public function index()
{
//Loading the CAS authentication library:
$this->load->library('cas');
$this->cas->force_auth();
$user = $this->cas->user();
//Seek for the user role in a database table
$this->load->model("get_db");
$role = $this->get_db->getPermissions($user->userlogin);
//We save user information in the session
$newData = array(
'username' => $user->userlogin,
'rol' => $role[0]->rol,
'isLoggedIn' => TRUE
);
$this->session->set_userdata($newData);
(...)
And then I have a function that checks whether a user is logged in or not:
public function is_loggedIn(){
$check_login = $this->session->userdata('isLoggedIn');
if($check_login === FALSE)
{
//redirect('user');
}
}
And I call that function in every method in every controller. This is kinda unefficient. What would be a better approach to it? Bear in mind that my roles are a few ones and very basic so that a complex library would be overkill.
Thanks.