Remote API - better permissions handling

Discussion in 'General' started by mrtnzlml, Mar 21, 2015.

  1. mrtnzlml

    mrtnzlml New Member

    Hi, I am working with quite old system and I am looking for the better approach. This system is widely working with remote API and there is need for checking user rights. Unfortunately it's not very nice. For example:
    PHP:
    public function handleDelete($id) {
        try {
            
    $groupid $this->clients->client_get_groupid($this->presenter->user->id);
            
    $cron $this->sites->sites_cron_get(array("id" => $id));
            if (isset(
    $cron[0]['sys_groupid']) && $cron[0]['sys_groupid'] == $groupid) {
                
    $this->sites->sites_cron_delete($id);
                
    $this->presenter->flashMessage('CRON úloha byla úspěšně vymazána.''success');
            } else {
                
    $this->presenter->flashMessage(PERMISSION_DENIED'danger');
            }
        } catch (\
    SoapFault $exc) {
            
    $this->presenter->flashMessage($exc->getMessage(), 'danger');
        }
        
    $this->redirect('this');
    }
    Is there a better way how to handle user permissions? I don't like this one. Maybe it's possible to create remote access for every single user? Thank you for the idea...
     
  2. mrtnzlml

    mrtnzlml New Member

    Anyone?
     

Share This Page