Authentication using tank auth

[eluser]ozy123[/eluser]
I'm using tank auth and just trying to figure out how best to implement it.

I have a bookings system.
I have controllers to retrieve a booking, to delete a booking etc I don't want a user to be able to copy and paste a URL to delete bookings. Therefore should I do a check that the user is logged in before the controller loads views etc

i.e. I begin my controller as such :

if ($this->tank_auth->is_logged_in()) {

$this->load->view;

}
else {redirect('/auth/login/');};

?

Or is there a better way?

Sorry if its an obvious question, still grappling. Thanks in advance

[eluser]jmadsen[/eluser]
Hi ozy,

Yes, you have the idea. I generally have a Private_Controller & Public_Controller extending MY_Controller, then in the Private_Controller I put similar code to yours in the construct.

Then each controller extends Private_Controller if logged in status is required.

Don't forget in addition,you'll want to get your user_id & check they have the correct privileges to do the action (deleting, editing, whatever)

[eluser]regal2157[/eluser]
I would also put it before the actions. Not at the loading view level. Just to make sure the controller doesn't do the leg work, then display a "You're not authorized" message, while in the background - they just did what you wanted them not to do.

[eluser]ozy123[/eluser]
[quote author="regal2157" date="1340885283"]I would also put it before the actions. Not at the loading view level. Just to make sure the controller doesn't do the leg work, then display a "You're not authorized" message, while in the background - they just did what you wanted them not to do.[/quote]

Good call. Thanks all for the advice, appreciate it massively.