When a user logs into their account, the flexi auth library authenticates their credentials are valid and then sets data into their current session related to their login method, user group and user privileges.
Once the user has been authenticated, flexi auth offers numerous different methods of checking the users credentials, which can then be used to determine whether a user should have access to either specific pages within a site, or should be able to see specific sections within a page.
To properly demonstrate the privilege checks on this page, try logging into all 3 demo accounts and then revisit this page to view the differences.
Check the status of whether a user is currently logged in.
This includes whether they logged into this session via entering their password, or via using a 'Remember me' cookie.
Check how a logged in user logged into their current session.
Users that have logged in via a password have positively confirmed their identity for this session, whilst a user logged in via a "Remember me" cookie should have limited access rights, until they confirm their identity via a password.
An example of limited access would be to allow users access to their account, but prevent data from being updated until they login via a password.
Check whether a logged in user is considered an 'Admin'.
This function should be considered as an indicator that the user is trusted to use 'backend' areas of the site, however, that does not mean they would necessarily have read/write permissions to all areas.
Specific permissions can be further allocated to users via the 'User Group' and 'User Account Privileges' that are displayed below.
Check which group a logged in user is assigned to.
By grouping users, specific access rights can be granted/prohibited based on their custom group.
Check the specific privileges a logged in user currently has.
Specific privileges can be granted for any specific custom task, and can then be assigned on an individual user basis.