Changes between Version 1 and Version 2 of iPeerSecurity


Ignore:
Timestamp:
2010-05-31T22:39:41Z (14 years ago)
Author:
Serge Okon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • iPeerSecurity

    v1 v2  
    33=== Overview ===
    44The stats for the logged in user are kept inside the rdAuth object. This object is stored into the session on login with `rdAuth->setFromData()`, and loaded on by the parent class AppController with `$this->rdAuth->loadFromSession()` in `checkAccess()`.
     5
     6=== app_controller->checkAccess() ===
     7The method will check the requested controller name against the database (specifically, the contents of `sysContainer->getActionList())`), and if any entry with this controller is found, it keep processing the page. Otherwise, it redirects the client to `loginlout/login`. Specifically which method will the client requests to be invoked, is, apparently, no concidered.
     8
     9=== Users_controller ===
     10Each potentialy sensitive method in users_controller checks the user role agains 'S' (or Student). If a Student should not be able to access this function, they are re-directed away from the page. If any other user type is logged on, the requested action will proceed.
     11<pre>
     12                if ($this->rdAuth->role == 'S') {
     13                        $this->redirect('home/index');
     14                        exit();
     15                }
     16</pre