Protect pages that are loaded inside the template - Kohana

Question

Protect pages that are loaded inside the template - Kohana

Navigation

#1 by (1 votes)

1

I'm doing an admin here that loads its pages in the middle. I know how to allow them to be accessed only after login, but I do not know if the way I'm doing is the correct mode. See Template:

class Controller_Administracao extends Controller_Template {
        //put your code here
        public $template = 'template_admin';

        public function before() {
            parent::before();
            if($this->auto_render){
                $this->template->content = '';
            }
        }
        public function after() {
            parent::after();

        }
    }

So far so good, here I call action and make her "protection":

public function action_home(){
            //Aqui uso o Auth do Kohana, está tudo normal
            //Se não estiver feito o login, volta para a tela inicial
            $user = Auth::instance()->get_user();
            if(!$user){
                $this->redirect('/');
            }
            //Feito o login, vai para o Dashboard
            else{
                $this->template->content = View::factory('admin/default');
            }
        }

My question is: Do I need to check with Auth::instance()->get_user() on all actions that will be called within the template or have some way to protect all actions without having to do this verification? Is it possible to do this in the template itself?

php kohana

asked by anonymous 08.06.2014 / 05:19

1 answer

Process Synchronization (Fork) - "segmentation fault" SqlDataAdapter Query with Parameters

score 1 · Answer 1

I've had very superficial contact with Kohana , I do not know the details, but generic based model MVC , I can make some considerations that may help.

You can do this in the template itself

If you have a system that has login, when the user accesses - change their data, the controller will validate the session and decide the action that will be performed.

1. When the user is logged in and accessing the profile, the personal data will be displayed. 2 . If the session is not validated, the controller will capture and execute a redirect to the login screen or simply load the login form.

See that this is a exclusive responsibility of controller . Keeping any type of access control or data validation in view is an error.

My question is: Do I need to check with Auth::instance()->get_user() on all actions that will be called within the template or have some way to protect all the actions without having to do this verification?

If all methods of your Controller_Administration need to be validated, you should use the before method that will run BEFORE the method invoked.

public function before() {
     parent::before();

     // template definido
     $this->template->content = View::factory('admin/default');

     // usuário não identificado - executa o redirecionamento
     if( ! $user ){
        $this->redirect('/');
     }
}

Note that I will not go into the details of Kohana for not knowing so well, but the before method is what you need not to repeat the same authenticity check on all other methods of your controller.