• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Better approach to restricting users access to managed controllers?

#3
[eluser]gwerner[/eluser]
I thought about using a 404. I thought it might be better to serve the user a specific message as to why they can't access a particular page. Something along the lines of "You don't have permission to view this page etc." Only so the user isn't in the dark if they made an honest mistake.

You also mention that you load the variables into the session data. I thought about this too. What about in a scenario like this? User A has complete authority over the entire admin and changes user B's permissions to no longer allow access to area C. If the variables are stored in the session data that user will still have access until they either log out or time out. How do you handle this? Update the login time further back in time to force a time out?

Thanks in advance!


Messages In This Thread
Better approach to restricting users access to managed controllers? - by El Forum - 07-12-2012, 12:38 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.