Welcome Guest, Not a member yet? Register   Sign In
Filter works almost but not consistent
#1

(This post was last modified: 03-12-2020, 11:06 AM by Hielemedia.)

Hello all, first post here ! 

I do have a filter to check if a user has admin rights.
The filter should work for all admin/* and admin url's.
But, it works for admin/dashboard but doesn't work on other url's in admin, like 'admin/users' or 'admin/menus' for example.
My question is: How come ?

The filter file:
PHP Code:
<?php
// application/Filters/AdminOnlyFilter.php
declare(strict_types=1);
 
namespace 
App\Filters;
 
use 
CodeIgniter\Filters\FilterInterface;
use 
CodeIgniter\HTTP\RequestInterface;
use 
CodeIgniter\HTTP\ResponseInterface;
use 
Config\Services;
 
final class 
AdminOnlyFilter implements FilterInterface
{
    protected $session;
    public function before(RequestInterface $request)
    {
        $this->session = \Config\Services::session();
        if(!$this->session->has('session_id')) $this->session->start();
        if($this->session->has("is_admin"))
        {
            if(!($this->session->get('is_admin')==1) ) return redirect()->to(base_url('error/show/nonadmin'));
        
        else
        {
            return redirect()->to(base_url('error/show/nonadmin'));
        }
    }
 
    public function after(RequestInterface $requestResponseInterface $response)
    {
    }


The filter config:

PHP Code:
<?php namespace Config;

use 
CodeIgniter\Config\BaseConfig;
use 
App\Filters\AdminOnlyFilter;

class 
Filters extends BaseConfig
{
    
// Makes reading things below nicer,
    // and simpler to change out script that's used.
    
public $aliases = [
        
'csrf'     => \CodeIgniter\Filters\CSRF::class,
        
'toolbar'  => \CodeIgniter\Filters\DebugToolbar::class,
        
'honeypot' => \CodeIgniter\Filters\Honeypot::class,
        
'adminOnlyFilter' => AdminOnlyFilter::class,
    ];

    
// Always applied before every request
    
public $globals = [
        
'before' => [
            
//'honeypot'
            // 'csrf',
        
],
        
'after'  => [
            
'toolbar',
            
//'honeypot'
        
],
    ];

    
// Works on all of a particular HTTP method
    // (GET, POST, etc) as BEFORE filters only
    //     like: 'post' => ['CSRF', 'throttle'],
    
public $methods = [];

    
// List filter aliases and any before/after uri patterns
    // that they should run on, like:
    //    'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
    
public $filters = [
        
'adminOnlyFilter' => [
            'before' => [
                'admin/*''admin',
            ],
        ],
    ];


What is wrong ? It works for one url and not for others in admin/....
Reply
#2

(This post was last modified: 04-19-2020, 06:04 AM by Gary.)

Seems like both outcomes in the filter are redirecting to the same location: 'error/show/nonadmin'.

As an aside, I believe the namespace is supposed to be the very first item after the opening tag: <?php namespace...
Reply




Theme © iAndrew 2016 - Forum software by © MyBB