Enforcing Authentication

The whole point of an authentication system is to make sure that only specific people are allowed to see certain stuff, and with Community Auth the way that you authenticate is by wrapping the contents a controller’s method with a special if statement. We can make sure that a certain type of user is logged in, either by auth level or user role. We could also enforce authentication by limiting access to a group of users.

Only use 1 authentication method per request! See the following blog post for more information: How Not to Use Authentication Methods

Require a User by Role

This is probably the most useful, and easiest way to make sure a certain role is logged in. Check the example controller, and you will see that the index method requires authentication by an admin, so the entire contents of the method is wrapped inside an if statement like this:

if( $this->require_role('admin') )
    // Admin sees this ...  

If an admin is not logged in and tries to access the index method, they will be redirected to the login form.

Require a User in a Set of Roles

We can authenticate more than one type of user at the same time:

if( $this->require_role('admin,manager') )
    // Admins and Managers see this ...  

If an admin or manager is not logged in and tries to access this method, they will be redirected to the login form.

Require a User with Level Greater Than or Equal to X

If your auth levels have been created in such a way that permissions are linear in nature, such as admin who can alter managers who can alter customers, and the admin is level 9, the managers are level 6, and the customers are level 1, then we can authenticate and allow access to the admin and managers by using the following inside the method of one of your controllers:

if( $this->require_min_level(6) )
    // Users level 6 and up see this ...

Require a User in a Group

Since you can create groups of users, you can require a member of the group to login. Here we can enforce authentication by an admin or manager, because they are members of the employees group:

if( $this->require_group('employees') )
    // The employees group sees this ...  

Make Sure Anyone is Logged In

if( $this->require_min_level(1) )
    // Anyone that is logged in would see this ...