SHIELD - Protecting Pages |
Yesterday I started adding Shield 1.0.0 to my CodeIgniter site, and made a surprising amount of progress in day 1 (so kudos to the team that developed it!)
My aim is to create a CMS for my website. I'm currently protecting individual routes using Shield's built-in filter at the end of the route statement, like this: PHP Code: $routes->get('/url/to/edit/blogpost/page', [AdminBlogController::class, 'edit'], ['as' => 'admin-edit-blogpost', 'filter' => 'session:admin.access']); This works (a non-logged in user can't access the page, a user logged in with the appropriate permissions can), but I have a couple of follow-up questions to any more experienced Shield developers: 1. Should I also be checking user permissions at other stages (e.g. in the controller's method e.g. in the 'edit' method of AdminBlogController) to employ a "defence in depth" approach?, and 2. If the answer to the above is "yes", how do I check the user's permissions in the controller?
Shield User Guide - Using Authorization - Check If a User Has Permission
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
|
Welcome Guest, Not a member yet? Register Sign In |