Luis Posted January 4, 2013 Share Posted January 4, 2013 Hey, i´m building a little $user dashboard profile like thingy. In my Pagetree I got the following: Home -- . . clients -- . . client -- . Dashboard . Data . Pages How could I now prevent the $user of simply going back in the browserbar to get access to other pages? My first thoughts are to just redirect the $user if he goes back. I´m achieving it like this: $userFolder = $user->id.$user->name; $allowedPage = $pages->get("/clients/{$userFolder}/dashboard/"); if ($allowedPage->parent === $page OR $allowedPage->parent->parent == $page) $session->redirect("$allowedPage->url"); But, this is not feeling right, works but I think there are better solutions. Any Ideas? Maybe I overlooked sth. Link to comment Share on other sites More sharing options...
Soma Posted January 4, 2013 Share Posted January 4, 2013 Hmm not sure, this would be easier (back to root) using parents->has() if ($allowedPage->parents->has($page)) $session->redirect("$allowedPage->url"); Another option would be to test in the clients, and client template to check if access is granted and redirect. So simply a role, permission based solution. Link to comment Share on other sites More sharing options...
Luis Posted January 4, 2013 Author Share Posted January 4, 2013 Thanks for your efforts Soma. I think big buildung around this issue is just cosmetics, I try your snippet saves some little space. Link to comment Share on other sites More sharing options...
Soma Posted January 4, 2013 Share Posted January 4, 2013 Yeah cosmetic, but my snippets is more scalable or doesn't matter how many leves, where you would end up with ->parent->parent->parent About snippets like this people often ask if there's a simpler way or more elegant. I often wonder what it would take in other CMS' to archive this Link to comment Share on other sites More sharing options...
Luis Posted January 4, 2013 Author Share Posted January 4, 2013 Have u ever worked with Wordpress? Try to implement custom fields, I bet u will end up crying like a little girl 2 Link to comment Share on other sites More sharing options...
Luis Posted January 5, 2013 Author Share Posted January 5, 2013 Quick note: if ($allowedPage->parents->has($page)) $session->redirect("$allowedPage->url"); This allows the User to open the dashboard of other users if he knows his id and name. This snippet prevents to open other users dash: $userFolder = $user->id.$user->name; //form the name of the actuall logedIn User $userDashboard = $pages->get("/clients/{$userFolder}/dashboard/"); //get the logged in User´s Dashboard $allowed = $userDashboard->siblings("include=hidden"); //define the siblings of the dashboard as allowed pages for the user //Check if the user tries to open a site which he not owns, if so redirect to own dashboard if (!$allowed->has($page)) $session->redirect("$userDashboard->url"); // ^- if pageID is not equal to allowed IDs ---> redirect to Dashboard Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now