jmhobbs

Clean Auth module usage in Kohana

I've been learning the Kohana framework for a project at work, and I have to say I really like it. It has a lot of the things I liked about rails, and it stays out of my way, unlike CakePHP.

I thought I'd highlight my authentication solution that uses the built in Auth module and a base controller that I call Site_Controller. Keep in mind that all of my controllers derive from this one.

So, what's it boil down to? Essentially you set up Auth and my base controller, then in your children controllers you can set $access_control to an array of methods you want protected. It works with key == method and value == access level. For values you can have "*" which means anyone logged in can use the method, or a string providing a specific role. Take a look at the controller then I'll show you an example usage.

application/views/site.php

session = Session::instance();

      // Check permissions
      if( array_key_exists( router::$method, $this->access_control ) ) {
        if( '*' == $this->access_control[router::$method] ) {
          if( ! Auth::instance()->logged_in() )
            url::redirect( $this->access_denied );
        }
        else if( is_array( $this->access_control[router::$method] ) ) {
          $can_proceed = false;
          foreach( $this->access_control[router::$method] as $role )
            if( Auth::instance()->logged_in( $role ) )
              $can_proceed = true;

          if( ! $can_proceed )
            url::redirect( $this->access_denied );
        }
        else {
          if( ! Auth::instance()->logged_in( $this->access_control[router::$method] ) )
            url::redirect( $this->access_denied );
        }
      }
    }

    public function __call( $method, $arguments ) {
      $this->template->title = "404";
      $this->template->content = new View( 'errors/404');
    }
  }

Here's an example controller. In this case anyone can access login, anyone logged in can access index and only logged in admins can access adminsonly.

application/controllers/user.php

 "*",
        "adminsonly" => "admin"
      );

    function  index () {
      $this->template->content = "index";
    }
    
    function login () {
      $this->template->content = "login";
    }
    
    function adminsonly () {
      $this->template->content = "admins only";
    }
  }

I haven't done a ton of testing and it's not the most robust solution, but I like it and it was easy to write.