• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Writing Admin/User/Public controllers to insure authentication

#32
Going back to the original question...

Recap:

sneakyimp wrote: "Also, I'm wondering if using hooks as described in the article is in fact the recommended way to go."

Avenir wrote: "Well... If you are talking about best practices, the best practice would be to have only a MY_Controller"

My opinion. Avenir is totally right.

Why? Simple: There is no need to use hooks. With hooks you can 'tap into' the inner workings of the framework. Why would you?
You would if you need something to be done before you call your own controller logic (My_Controller). Well you simply don't need to do that!
The controller is responsible for loading the right model and view. If a user needs authorization to access a view, YOUR controller has to arrange that. That can be done perfectly after the base controller code was executed. Because you want it to be arranged for every view (a user is authorized or not to view it), you make it part of your own base controller (My_Controller).

Do you need multiple controllers to arrange this? No of course not. Your controller uses a class with authorization/authentication logic, and this class tells the controller the user can view the page or not. It is that simple. I really do not understand the whole discussion about hooks, multiple controllers, autoload mechanisms, Composer etcetra.

And why have a front-end controller and a back-end controller? How do they differ?
Why not ALWAYS use authorization and authentication. If u user is not specifically granted access, he does NOT have access. This is a well known security rule/ best practice.

My €0.02. Keep things simple.
Reply


Messages In This Thread
RE: Writing Admin/User/Public controllers to insure authentication - by RWCH - 02-20-2015, 09:10 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.