• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Better approach to restricting users access to managed controllers?

#2
[eluser]CroNiX[/eluser]
I take a similar approach but issue a 404 instead of redirect. If they don't have proper permission, the page doesn't exist for them.

I store the controllers that users have access to in the users table, which all gets loaded into session upon successful login. Then, in MY_Controller (so I only have to do this in one place), it checks the (routed) request to see what controller is being called and compares that to the allowed controllers in the users session data. If allowed access to the requested controller, continue. If not, issue a 404.


Messages In This Thread
Better approach to restricting users access to managed controllers? - by El Forum - 07-12-2012, 12:19 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.