Version 2 (modified by 14 years ago) ( diff ) | ,
---|
iPeer Security
Overview
The stats for the logged in user are kept inside the rdAuth object. This object is stored into the session on login with rdAuth->setFromData()
, and loaded on by the parent class AppController with $this->rdAuth->loadFromSession()
in checkAccess()
.
app_controller->checkAccess()
The method will check the requested controller name against the database (specifically, the contents of sysContainer->getActionList())
), and if any entry with this controller is found, it keep processing the page. Otherwise, it redirects the client to loginlout/login
. Specifically which method will the client requests to be invoked, is, apparently, no concidered.
Users_controller
Each potentialy sensitive method in users_controller checks the user role agains 'S' (or Student). If a Student should not be able to access this function, they are re-directed away from the page. If any other user type is logged on, the requested action will proceed. <pre>
if ($this->rdAuth->role == 'S') {
$this->redirect('home/index'); exit();
}
</pre