Welcome Guest, Not a member yet? Register   Sign In
Writing Admin/User/Public controllers to insure authentication

(This post was last modified: 02-20-2015, 09:38 AM by RWCH.)

Going back to the original question...


sneakyimp wrote: "Also, I'm wondering if using hooks as described in the article is in fact the recommended way to go."

Avenir wrote: "Well... If you are talking about best practices, the best practice would be to have only a MY_Controller"

My opinion. Avenir is totally right.

Why? Simple: There is no need to use hooks. With hooks you can 'tap into' the inner workings of the framework. Why would you?
You would if you need something to be done before you call your own controller logic (My_Controller). Well you simply don't need to do that!
The controller is responsible for loading the right model and view. If a user needs authorization to access a view, YOUR controller has to arrange that. That can be done perfectly after the base controller code was executed. Because you want it to be arranged for every view (a user is authorized or not to view it), you make it part of your own base controller (My_Controller).

Do you need multiple controllers to arrange this? No of course not. Your controller uses a class with authorization/authentication logic, and this class tells the controller the user can view the page or not. It is that simple. I really do not understand the whole discussion about hooks, multiple controllers, autoload mechanisms, Composer etcetra.

And why have a front-end controller and a back-end controller? How do they differ?
Why not ALWAYS use authorization and authentication. If u user is not specifically granted access, he does NOT have access. This is a well known security rule/ best practice.

My €0.02. Keep things simple.

Messages In This Thread
RE: Writing Admin/User/Public controllers to insure authentication - by RWCH - 02-20-2015, 09:10 AM

Theme © iAndrew 2016 - Forum software by © MyBB