-1

I would like to use Kohana 3.3 as a replacement for my self written "framework" which I am currently using for my webapp. Could you please tell me if it is possible to fulfill the following requirements and how to achieve this?

  1. My app consists of several controllers, which I want to access via menu. This menu should be dynamically created, so that a newly created controller will show up immediately. Additionally the menu should exclude controllers which are not accessible for the currently logged in user.

  2. Each controller must be able to check the user's role before executing an action (e.g. global admin, controller-specific admin, regular user). Depending on this role each controller must be able to permit or prohibit access. (Thought about a group membership based method).

  3. I want to use a separate template (as far as I know aka partial) for the menu and for each controller output. They all should be merged with a "frame" template (with header, footer,login info, etc.). I saw there is a special controller for templates (template_controller iirc) - is this the right one to use as my base controller? And should I create a base controller which manages my "template" and nest the other controllers in it somehow?!

  4. Additionally it would be nice if each controller had the ability to recognize the current request as ajax or non-ajax and adjust the rendering accordingly (in most cases "rendering" the whole site again is not desired with ajax).

I would be grateful for every answer! Thanks in advance.

Apollo13
  • 119
  • 1
  • 1
  • 11

1 Answers1

1

  1. Yes, but you'd have to search for the controller files yourself AFAIK.

  2. Yes, see before(),

    2.1 If you want to keep it in one place you would only have to write a little extra something to specifiy which action requires what privileges. Check out Kohana's Request class for some nice stuff you could use for this (I'd say take a look at the url, uri and request methods, I don't know by hard what exactly they do)

    2.2 You could also do it on a per-controller basis; e.g. Controller_Admin could do the following ugly one-liner (check snippet for 2.2 below). I suggest splitting it up a little bit though, e.g. giving your base controller a protected $_user variable which it fills in it's before() method and then use $this->_user instead of Auth stuff.

  3. It's Controller_Template but yes, you got that right ;)

  4. Like this? Request::$current->is_ajax() (http://kohanaframework.org/3.3/guide-api/Request#is_ajax)

Snippet for 2.2:

if ( ! Auth::instance()->get_user()->has('role', ORM::factory('Role', array('name' => 'admin')))
   throw new HTTP_Exception_403('Permission denied!');
AmazingDreams
  • 3,136
  • 2
  • 22
  • 32
  • Your answer is very helpful, thanks! I have seen all things before (except is_ajax - don't know why I missed that), but didn't know how to use it. But one question remains concerning the menu creation. Searching for the controllers shouldn't be a problem (though I thought it is possible to extract the controllers from the route array) but where should I place this function/method? Also in before()? Or in a Controller_Menu which I call from my main controller? This is quite new to me, so please excuse my stupid questions. – Apollo13 Dec 18 '13 at 17:28
  • I'd probably put it in a dedicated `Controller_Menu`. Kohana is a `HMVC` framework so you can fire internal requests and put the responses of those requests in the template. I'd put this in `public function after() { if ( ! $this->auto_render OR ! $this->request->is_ajax()) { $this->template->menu = Request::factory('menu')->execute(); }}` or something like it – AmazingDreams Dec 20 '13 at 09:01
  • Yes, you will be able to `$this->request->controller()` but that won't give you every possible controller in your application. Extracting all controllers from the routes array will force you to define every route seperately whilst the default route in `bootstrap.php` covers most general applications. I suggest going for some array you write yourself defining controllers and privileges, or let every controller implement its own check. – AmazingDreams Dec 20 '13 at 09:02
  • I suppose the predefined array is the easiest method. I already thought about defining a method "GetRestrictions" or similar in the abstract base controller and implement it in each controller implementation. But to use this function I have to instantiate every controller at least once or use late static binding and especially in larger environments this is too resource consuming, right? – Apollo13 Dec 20 '13 at 14:23
  • Well yes, you'd have to find every controller and include the file at the very least, you could cache this though, Kohana provides easy to use caching methods, it would be the most flexible. This cache could be kept forever and if you use `git` you can use a ['post-pull'](http://stackoverflow.com/a/4185449/1567737) hook to clear the cache, and just disable it in your development environment. – AmazingDreams Dec 20 '13 at 14:46