Protect pages that are loaded inside the template - Kohana

Asked

Viewed 80 times

1

I’m doing an admin here who blows their pages. I know how to allow them to be accessed only after login, but I don’t know if the way I’m doing it is the right way. Look at the Template:

class Controller_Administracao extends Controller_Template {
        //put your code here
        public $template = 'template_admin';

        public function before() {
            parent::before();
            if($this->auto_render){
                $this->template->content = '';
            }
        }
        public function after() {
            parent::after();

        }
    }

So far so good, here I call the action and do her "protection":

public function action_home(){
            //Aqui uso o Auth do Kohana, está tudo normal
            //Se não estiver feito o login, volta para a tela inicial
            $user = Auth::instance()->get_user();
            if(!$user){
                $this->redirect('/');
            }
            //Feito o login, vai para o Dashboard
            else{
                $this->template->content = View::factory('admin/default');
            }
        }

My question is: I need to check with the Auth::instance()->get_user() in all actions that will be called within the template or has some way to protect all actions without having to do this? There is the possibility to do this in the template itself?

1 answer

1

I’ve had very superficial contact with Kohana, I don’t know the details, but in a way generic model-based MVC, I can make some considerations that may help.

There is the possibility to do this in the template itself

If you have a system that has login, when the user is going to access - change your data, the controller will validate the session and decide the action that will be executed.

1 . When the user is logged in and access the profile, personal data will be displayed.
2 . If the session is not validated, the controller will capture and execute a redirect to the login screen or simply load the login form.

See that this is a responsibility exclusive of controller. Maintain any kind of access control or data validation in the view is a mistake.


My question is: I need to check with the Auth::instance()->get_user() in all actions that will be called inside the template or have some way to protect all actions without having to keep checking?

If all the methods of your Controller_administration must be validated, you must use the method before which will be executed BEFORE the method invoked.

public function before() {
     parent::before();

     // template definido
     $this->template->content = View::factory('admin/default');

     // usuário não identificado - executa o redirecionamento
     if( ! $user ){
        $this->redirect('/');
     }
}

Note that I won’t go into Kohana’s own details because I don’t know so well, but the method before is what you need to not repeat the same authenticity check on all other methods of your controller.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.