Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices SHIELD - Protecting Pages
SHIELD - Protecting Pages
  • Offline lazcorp
    Newbie
  • *
  • Posts: 6
    Threads: 1
    Joined: Nov 2023
    Reputation: 0
#1
12-29-2023, 05:31 AM

Yesterday I started adding Shield 1.0.0 to my CodeIgniter site, and made a surprising amount of progress in day 1 (so kudos to the team that developed it!)
My aim is to create a CMS for my website. I'm currently protecting individual routes using Shield's built-in filter at the end of the route statement, like this:

PHP Code:
$routes->get('/url/to/edit/blogpost/page', [AdminBlogController::class, 'edit'], ['as' => 'admin-edit-blogpost''filter' => 'session:admin.access']); 


This works (a non-logged in user can't access the page, a user logged in with the appropriate permissions can), but I have a couple of follow-up questions to any more experienced Shield developers:

1. Should I also be checking user permissions at other stages (e.g. in the controller's method e.g. in the 'edit' method of AdminBlogController) to employ a "defence in depth" approach?, and
2. If the answer to the above is "yes", how do I check the user's permissions in the controller?
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,354
    Threads: 293
    Joined: Oct 2014
    Reputation: 236
#2
12-30-2023, 12:22 AM

Shield User Guide - Using Authorization - Check If a User Has Permission
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline lazcorp
    Newbie
  • *
  • Posts: 6
    Threads: 1
    Joined: Nov 2023
    Reputation: 0
#3
12-30-2023, 04:28 AM

Thank you - I'd missed that bit of the docs!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB