Access Control
BackendPro comes with an advanced access control system unlike most other applications. It uses access control lists to control group access to resources. If you do not know what access control lists are read this Wiki page. There are two systems used for BackendPro, there is the front end management system, and there is the backend system provided by KhACL and a Nested Sets Model. It is not required to fully understand these systems to use BackendPro but you may find them interesting.
Note: Access Control is initialized automatically by the system so there is no need to do it manually.
Features:
- Allows user groups to be created
- Provides facilities to create resources and restrict access to them upon a group basis
- Allows 'actions' to be created to increase the complexity of the security
Important: DO NOT DELETE PERMISSIONS UNLESS YOU FULLY UNDERSTAND WHAT THE REPERCUSSION WILL HAVE ON YOUR SYSTEM. IN DOING SO YOU COULD LOCK YOURSELF OUT OF YOUR SYSTEM. YOU HAVE BEEN WARNED.
Restricting Access to a Controller/Method
As stated above access is determined on a group basis for certain resources. To make sure a user has sufficent permission to access a page all you need is a simple function call.
check(resource,action,redirect);
The first parameter resource denotes the resource name which will guard this controller/method. Examples of such names can be seen in the Default Resources section.
The second optional parameter denotes an action, which the user must also have access to on the specifed resource to be allowed to view the page.
The third optional parameter if set to FALSE will instead of redirecting them to a warning page informing them of their insufficent access, will just return FALSE. Now this can be usefull say if you only want to show them a link to a page if they have access to it, otherwise they will not be shown the link.
Lets look at some examples:
// This line will check the user has access to the settings resource. If they do
// not then it will redirect them away from the page and display and error message.
check('Settings');
// This line will check the user has permission to use the delete action on the members
// resource. If they do not, it will redirect them.
check('Members','Delete');
// These several lines will check the user has access to the members resource. But
// if they do not instead of redirecting them it will return FALSE. Therefore only
// if they have access will the link be created.
if( check('Members',NULL,FALSE))
{
print anchor('auth/admin/members','Members');
}
Managing Permissions and Access
From the many systems I looked at, I found it very difficult to be able to know what permissions had an affect on what groups. For this reason I created a very simple tool, which when used you can query the system and see exactly what access rights a user has.
As you can see in the screenshot above, by selecting what group you want to query you can straight away see what resources they have access to.
Default User Groups
By default BackendPro comes with several user groups pre-created for you. You cannot delete these due to them having a possible effects on the system. The items in the table are intendented to show how they are nested in the system.
| Group | Description |
|---|---|
| Member | This is the root node of the group tree, all website members will inherit from this group. |
| Administrator | This is the basic group for administrators. |
Default Resource
By default BackendPro comes with several resources pre-created for you. You cannot delete these since they provide the basic access to the control panel. The items in the table are intendented to show how they are nested in the system.
| Resource | Description |
|---|---|
| Site | This is the root node of the resource tree, all other website resource will stem from this resource. |
| Control Panel | This resource guards access to the website control panel. |
| System | This resource guards access to all system pages included Members/Settings/Utilities/Access Control. |
| Settings | This resource guards access to the website settings page. |
| Members | This resource guards access to the member administration page. |
| Utilities | This resource guards access to the website utilities page. |
| Access Control | This resource guards access to the access control management page. |
| Actions | This resource guards access to the page allowing administration of the websites actions. |
| Groups | This resource guards access to the page allowing administration of the websites groups. |
| Resources | This resource guards access to the page allowing administration of the websites resources. |
| Permissions | This resource guards access to the page allowing administration of the websites permissions. |