Changes between Version 4 and Version 5 of iPeerSecurity


Ignore:
Timestamp:
2010-05-31T22:44:24Z (14 years ago)
Author:
Serge Okon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • iPeerSecurity

    v4 v5  
    66=== app_controller->checkAccess() ===
    77The method will check the requested controller name against the database (specifically, the contents of `sysContainer->getActionList())`), and if any entry with this controller is found, it keep processing the page. Otherwise, it redirects the client to `loginlout/login`. Specifically which method will the client requests to be invoked, is, apparently, no concidered.
    8 
     8{{{
     9                        //check permission
     10                        if (!$this->rdAuth->check($this->params['controller'], $this->sysContainer->getActionList()))
     11                        {
     12                                $this->Session->write('URL', $URL);
     13                                $this->Session->write('AccessErr', 'NO_PERMISSION');
     14                                $redirect = 'loginout/login';
     15                                $this->redirect($redirect);
     16                                exit;
     17                        }
     18}}}
    919=== Users_controller ===
    1020Each potentialy sensitive method in users_controller checks the user role agains 'S' (or Student). If a Student should not be able to access this function, they are re-directed away from the page. If any other user type is logged on, the requested action will proceed.