I know that this question has been as asked many times but as I am learning to write a better code. So need some suggestions.
Suppose, I have a controller and method as shown below:
:Account
login();
home();
manage_user();
logout();
:Company
add();
view();
edit();
delete();
:Service
add();
delete();
:Page
default();
about_us();
contact_us();
There are three types of user groups (eg. system admin, company user and general user) for which i need to specify permission to access these methods/pages.
I have a database structure as
group(id, name);
user(id, parent_id, group_id, company_id, username, password, email);
permission(id, group_id, uri, allowed);
uri field may contain values like, "company/add", "service/add", "company/view" ... etc.
I have an autoloaded library class as User having a method check_permission(), this method has been called on MY_Controller constructor.
So my question, is mapping controller/function to database field to permit access is a good practice? or do you have any other options which is more efficient than this?
As per my opinion, it is always good to save the group permissions of each user in DB & have a permission mapping table. So that in future you can upgrade or downgrade the user's permission without touching the code (From admin panel)
Also you need not make DB query in constructor of MY_Controller (in case if you are). When a user logs in, you can save his permission/group value in Session and just keep using that for further reference. This will save your query :)