Jump to content

Auto Redirect if $user try to go to parent of allowed Site


Luis
 Share

Recommended Posts

Hey,

i´m building a little $user dashboard profile like thingy.

In my Pagetree I got the following:

Home --

.

.

clients --

.

.

client --

. Dashboard

. Data

. Pages

How could I now prevent the $user of simply going back in the browserbar to get access to other pages?

My first thoughts are to just redirect the $user if he goes back.

I´m achieving it like this:

$userFolder = $user->id.$user->name;
   $allowedPage = $pages->get("/clients/{$userFolder}/dashboard/");
   if ($allowedPage->parent === $page OR $allowedPage->parent->parent == $page)
       $session->redirect("$allowedPage->url");

But, this is not feeling right, works but I think there are better solutions.

Any Ideas? Maybe I overlooked sth.

Link to comment
Share on other sites

Hmm not sure, this would be easier (back to root) using parents->has()

if ($allowedPage->parents->has($page)) $session->redirect("$allowedPage->url");

Another option would be to test in the clients, and client template to check if access is granted and redirect. So simply a role, permission based solution.

Link to comment
Share on other sites

Yeah cosmetic, but my snippets is more scalable or doesn't matter how many leves, where you would end up with ->parent->parent->parent ;)

About snippets like this people often ask if there's a simpler way or more elegant. I often wonder what it would take in other CMS' to archive this :)

Link to comment
Share on other sites

Quick note:

if ($allowedPage->parents->has($page)) $session->redirect("$allowedPage->url");

This allows the User to open the dashboard of other users if he knows his id and name.

This snippet prevents to open other users dash:

   $userFolder = $user->id.$user->name;   //form the name of the actuall logedIn User
   $userDashboard = $pages->get("/clients/{$userFolder}/dashboard/");  //get the logged in User´s Dashboard
   $allowed = $userDashboard->siblings("include=hidden");    //define the siblings of the dashboard as allowed pages for the user

   //Check if the user tries to open a site which he not owns, if so redirect to own dashboard
   if (!$allowed->has($page)) $session->redirect("$userDashboard->url");
//    ^- if pageID is not equal to allowed IDs ---> redirect to Dashboard
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...