Debugging ci-acl

[layer67tech]

Hey Dfreerksen,

Are you still supporting this acl? Thank you for putting this acl together. It seem very self explanatory but I've not had success getting it to work. After troubleshooting few areas of the application/libraries/Acl.php and the config/acl.php, I am still receiving "An Error Was Encountered You do not have access to this section". What I am not really sure about is the $config['acl_user_session_key'] = 'user_id';

[dfreerksen]

To be honest, I haven't touched this code or even Codeigniter is probably 2 years. I'm at work right now so I can't dig into it as much as I'd like. I'll take a deeper look at it this weekend if needed.

In the mean time, I checked it out at a high level (without actually running the code). In libraries/Acl.php on line 216, it is $this->CI->session that is looking for the $this->_config['acl_user_session_key']) config value. The the session is looking for a key named acl_user_session_key to store the information. In this case the key it is looking for is "user_id" which you may or may or may not have changed.

So ci-acl generally assumes the user is logged in and the user ID is known. Can you verify that the key in the session is getting set and has the correct value? If it isn't getting set or is getting set but with the incorrect value, that's the issue.

Also keep in mind this code is around 2 years old. Things may have changed with Codeigniter that breaks this code. If that is the case, maybe we can work together to get it updated?

[layer67tech]

Okay. So, with that said I am on the right track with debugging. Because the application/config/acl.php or Acl.php library isn't recognizing me as a user when I'm logged in. My session dump looks like this: array(7) { ["session_id"]=> string(32) "9871497936976b29f583204ee5672578" ["ip_address"]=> string(13) "1.1.1.1" ["user_agent"]=> string(72) "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0" ["last_activity"]=> int(1402087441) ["user_data"]=> string(0) "" ["username"]=> string(25) "avizium" ["is_logged_in"]=> bool(true) }

When you say user_id, are we talking about CodeIgniter ["username"] or ["session_id"]? This is where I am currently debugging and the Acl denies my access to my controller/methods.

[dfreerksen]

Unless your code is changing things in the code I wrote, by user_id I mean the unique ID of the user from the DB.

It's been so long since I worked with this code. There is a "user_data" key in the session. I can't remember if "user_id" is supposed to be set inside of there or if "user_id" is a root key in the session.

Are there any errors getting thrown either in the Apache or PHP logs that could help out with debugging?

[layer67tech]

I have been debugging from the code level and haven't looked at the Apache error or access logs. However, when I debugged the" this-acl-has_access(); I received a NULL or false. This indicates the user_id (ID) from the database isn't being recognized or pull...

[dfreerksen]

Check out the README.md file. If any of the tables have been renamed, those changes will have to be reflected in the config. If that's not the case and you are still getting a null or false, at what point are you getting that value?

[layer67tech]

I have a custom user table with the id and role_id columns available like the original user table. I am receiving a NULL or false at: if (!$this->acl->has_access) { show_error("You do not have access to this section"); }

[dfreerksen]

Which one are you getting? null or false? Since I'm not able to see any of your code, I'd recommend using Xdebug and stepping through and make sure you are getting what you expect when you expect it. If you don;t have Xdebug, get inside /libraries/Acl.php and throw some var_dump() methods where you feel needed. I'd recommend starting with the _session_user() method. Add a var_dump($user); on line 217.

[layer67tech]

/**
 * CodeIgniter ACL Class
 *
 * This class enables you to apply permissions to controllers, controller and models, as well as more fine tuned
 * permissions at code level.
 *
 * @package     CodeIgniter
 * @subpackage  Libraries
 * @category    Libraries
 * @author      David Freerksen
 * @link        https://github.com/dfreerksen/ci-acl
 */
class Acl {
    protected $CI;
    protected $user = 0;
    protected $role = 0;
    protected $permissions = array();
    protected $_config = array(
        'acl_table_users' => 'admin_user',
        'acl_users_fields' => array(
            'id' => 'id',
            'role_id' => 'role_id'
        ),
        'acl_table_permissions' => 'permissions',
        'acl_permissions_fields' => array(
                'id' => 'id',
                'key' => 'key'
        ),
        'acl_table_role_permissions' => 'role_permissions',
        'acl_role_permissions_fields' => array(
            'id' => 'id',
            'role_id' => 'role_id',
            'permission_id' => 'permission_id'
        ),
        'acl_user_session_key' => 'user_id',
        'acl_restricted' => array() // @TODO: Add IP based access to acl_restricted
    );
    /**
     * Constructor
     *
     * @param   array   $config
     */
    public function __construct($config = array())
    {
        $this->CI = &get_instance();
        // Load Session library
        $this->CI->load->library('session');
        // Load ACL model
        $this->CI->load->model('adminuiacl_model');
        if ( ! empty($config))
        {
            $this->initialize($config);
        }
        log_message('debug', 'ACL Class Initialized');
    }
    // --------------------------------------------------------------------
    /**
     * Initialize config values
     *
     * @access  public
     * @param   array
     */
    public function initialize($config = array())
    {
        foreach ($config as $key => $val)
        {
            if ($key == 'acl_restricted')
            {
                foreach ($val as $k => $v)
                {
                    // In case they aren't defined, we need default values
                    $allow_roles = ( ! array_key_exists('allow_roles', $v)) ? array() : (array)$v['allow_roles'];
                    $allow_users = ( ! array_key_exists('allow_users', $v)) ? array() : (array)$v['allow_users'];
                    $error_msg = ( ! array_key_exists('error_msg', $v)) ? 'You do not have access to this section.' : $v['error_msg'];
                    // Set the restrictions
                    $this->_config[$key][$k] = array(
                        'allow_roles' => $allow_roles,
                        'allow_users' => $allow_users,
                        'error_msg' => $error_msg
                    );
                }
            }
            else
            {
                if (array_key_exists($key, $this->_config))
                {
                    $this->_config[$key] = $val;
                }
            }
        }
    }
    // --------------------------------------------------------------------
    /**
     * get magic method
     *
     * @param   $key
     * @return  mixed
     */
    public function __get($key)
    {
        return array_key_exists($key, $this->_config) ? $this->_config[$key] : NULL;
    }
    // --------------------------------------------------------------------
    /**
     * set magic method
     *
     * @param   $key
     * @param   $value
     * @return  void
     */
    public function __set($key, $value)
    {
        if (array_key_exists($key, $this->_config))
        {
            $this->_config[$key] = $value;
        }
    }
    // --------------------------------------------------------------------
    /**
     * Check is controller/method has access for role
     *
     * @access  public
     * @param   string
     * @return  bool
     */
    public function has_access()
    {
        foreach ($this->_config['acl_restricted'] as $key => $restriction)
        {
            // Make sure it is in controller/method format
            $uri = explode('/', $key);
            if ( ! array_key_exists(0, $uri))
            {
                $uri[0] = '*';
            }
            if ( ! array_key_exists(1, $uri))
            {
                $uri[1] = '*';
            }
            // Only run it if we are inside the controller/method
            if ($uri[0] === '*' OR $uri[0] === $this->CI->uri->rsegment(1))
            {
                if ($uri[1] === '*' OR $uri[1] === $this->CI->uri->rsegment(2))
                {
                    // Default allow roles array
                    if ( ! array_key_exists('allow_roles', $restriction))
                    {
                        $restriction['allow_roles'] = array();
                    }
                    // Default deny roles array
                    if ( ! array_key_exists('deny_roles', $restriction))
                    {
                        $restriction['deny_roles'] = array();
                    }
                    // Deny for roles they are denied access as well as roles that are not in the list of allowed roles
                    if ( ! in_array($this->_user_role(), $restriction['allow_roles']) OR in_array($this->_user_role(), $restriction['deny_roles']))
                    {
                        return FALSE;
                    }
                }
            }
        }
        return TRUE;
    }
    // --------------------------------------------------------------------
    /**
     * Test if user has permission (permissions set in database)
     *
     * @access  public
     * @param   string
     * @return  bool
     */
    public function has_permission($key = '')
    {
        return $this->CI->adminuiacl_model->has_permission($key);
    }
    // --------------------------------------------------------------------
    /**
     * Return the value of user id from the session. Returns 0 if not logged in
     *
     * @access  private
     * @return  int
     */
    private function _session_user()
    {
        if ($this->user == NULL)
        {
            $user = $this->CI->session->userdata($this->_config['acl_user_session_key']);
            if ($user === FALSE)
            {
                $user = 0;
            }
            $this->user = $user;
        }
        return $this->user;
    }
    // --------------------------------------------------------------------
    /**
     * Return user role
     *
     * @return  int
     */
    public function role()
    {
        return $this->_user_role();
    }
    // --------------------------------------------------------------------
    /**
     * Return the role id user
     *
     * @access  private
     * @return  int
     */
    private function _user_role()
    {
        if ($this->role == NULL)
        {
            // Current user
            $user = $this->_session_user();
            // Set the role
            $this->role = $this->CI->adminuiacl_model->user_role($user);
        }
        return $this->role;
    }
}
// END Acl class
/* End of file Acl.php */
/* Location: ./application/libraries/Acl.php */

[layer67tech]

I am receiving NULL, but I was able to set the "user_id" with the "user_data" session. This can be accomplished by using:

$user = $this->data_model->get_by_user($user = $this->input->post("username"))->row(); $data = array( "username" => $this->input->post("username"), "is_logged_in" => TRUE, "user_id" => $user->id ); $this->session->set_userdata($data);

[dfreerksen]

So it looks like changes in Codeigniter as some point are breaking this library. If you want to submit a pull request I'd be happy to check out out. If you'd like to take over the project, I would be fine with that as well. This is 2 year old library. I no longer work with Codeigniter so I'm not really maintaining it anymore.

[layer67tech]

Yes. Codeigniter has changed over the course of the past 2 years. I'll definitely figure out the Acl library issue and perhaps continued to maintain Git Repo (ci-acl). I'll submit a pull later this evening. Thank you very much for your support and early contribution to this awesome library.