Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Better approach to restricting users access to managed controllers?
Better approach to restricting users access to managed controllers?
  • El Forum
    Guest
  •  
#3
07-12-2012, 12:38 PM

[eluser]gwerner[/eluser]
I thought about using a 404. I thought it might be better to serve the user a specific message as to why they can't access a particular page. Something along the lines of "You don't have permission to view this page etc." Only so the user isn't in the dark if they made an honest mistake.

You also mention that you load the variables into the session data. I thought about this too. What about in a scenario like this? User A has complete authority over the entire admin and changes user B's permissions to no longer allow access to area C. If the variables are stored in the session data that user will still have access until they either log out or time out. How do you handle this? Update the login time further back in time to force a time out?

Thanks in advance!


Messages In This Thread
Better approach to restricting users access to managed controllers? - by El Forum - 07-12-2012, 12:38 PM



Theme © iAndrew 2016 - Forum software by © MyBB