I am new to codeigniter. I have a system where I have three users: superadmin, admin and just the user. The superadmin can create admin and the admin can create users and view them but cannot see other admins created by superadmin. Now I want users to only view only their own profile and not all the users in database. How can I accomplish this?
The Controller:
public function index ()
{
// Fetch all users
$this->data['users'] = $this->client_m->get();
// Load view
$this->data['subview'] = 'client/user/index';
$this->load->view('client/_layout_main', $this->data);
}
//get function returns all the users in database but i want only the current user
The Model:
public function login ()
{
$user = $this->get_by(array(
'email' => $this->input->post('email'),
'password' => $this->hash($this->input->post('password')),
), TRUE);
if (count($user)) {
// Log in user
$data = array(
'email' => $user->email,
'id' => $user->id,
'loggedin' => TRUE,
);
$this->session->set_userdata($data);
}
}
The View:
<div class="jumbotron">
<section>
<table class="table table-hover">
<thead>
<tr class="success">
<th>Name</th>
<th>Email</th>
<th>Balance</th>
<th>Edit</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php if(count($users)): foreach($users as $user): ?>
<tr class="info">
<td><?php echo anchor('client/user/edit/' . $user->id, $user->name); ?></td>
<td><?php echo anchor('client/user/edit/' . $user->id, $user->email); ?></td>
<td><?php echo anchor('client/user/edit/' . $user->id, $user->balance); ?></td>
<td><?php echo btn_edit('client/user/edit/' . $user->id); ?></td>
<td><?php echo btn_delete('client/user/delete/' . $user->id); ?></td>
</tr>
<?php endforeach; ?>
<?php else: ?>
<tr>
<td colspan="3">We could not find any users.</td>
</tr>
<?php endif; ?>
</tbody>
</table>
</section>
</div>
I am fetching all users currently but i just want to show the user only his profile and not other users details.
Instead of
$this->client_m->get();
make and use something like this
$this->client_m->get_users_profile();
Since you are storing the logged in user in a session, use that and in get_users_profile() do something like this (using your own column and table names of course):
$this->db->select('uid, name, balance, etc');
$query = $this->db->get_where('users_profiles', array('id' => $this->session->userdata('id')));
return $query->result();
That alone will do what you want to do, but you should have some logic in your controller to make decisions based on permission level. Since you are using sessions, I would suggest one more session variable, "role", where you can store the users permission level. Then in your controllers you can make deciisons based on role. For example, if you have an admin controller that shows an admin page, you can check the role of the logged in user and if they are not an admin, you can redirect them. This may also help you in profiles since you may want combinations of things to work like if you're an admin, you can see all profiles but if you are a regular user you can only see yours. In other words, you need the extra level of information everywhere to make better decisions, so you may as well store role and use it in combination with other data to make decisions.
When you're using flexi auth, you can create privileges from admin panel for User Groups. When an user logins, he will be logged in with session values such as name, email, group, and all his privileges. (Which he got from the Group). You could then use the flexi auth privilege checking condition
if (! $this->flexi_auth->is_privileged('View Users'))
{
$this->session->set_flashdata('message', '<p class="error_msg">You do not have privileges to view user accounts.</p>');
redirect('auth_admin');
}
else{
//User has the View Users privilege. Do this..
}
Download the demo files and check... It will be much easier.