How do I 'properly' protect a controller? |
A controller is called by a route; so really its about (in my thinking protecting your route) lets say i have a url segment after domain /removeBlog which is defined in a route :
Code: $routes->get('removeBlog','Blog::delBlogForm'); Using a filter and code i can first before going using Class and method (Blog::delBlogForm) do some checking via a filter. I have a class called " MyFilter3.php" (located in apache at /var/www/htdocs/CI4.0.4/app/Filters/) which has : Code: public function before(RequestInterface $request, $arguments = null) how this works is that if admin is not logged in and therefore a SESSION variable is not set/null etc then what happens is that for the url : http://mydomain.com/removeBlog they will (if not logged in) simply be brushed off to a custom page "does not exist " Note you have to declare your filters in app/Config/Filters.php as example : Code: public $filters = [ if admin "IS Loggedin " and goes to url /removeBlog then they will see loaded a "view" which has a form where arguments such as blogId can be entered. The form gets submitted via "POST" to another Blog Class method to process. I have similar filter protection on that as well ! |
Messages In This Thread |
How do I 'properly' protect a controller? - by blaasvaer - 09-23-2020, 03:42 AM
RE: How do I 'properly' protect a controller? - by captain-sensible - 09-24-2020, 08:13 AM
|