我为codeigniter 2.1.3设置了Ion Auth。
一切运作良好。
在我的控制器中,auth.php我有下面的函数index()代码:
function index()
{
// if not logged in - go to home page
if (!$this->ion_auth->logged_in())
{
//redirect them to the login page
redirect('auth/login', 'refresh');
}
// if user is an admin go to this page
elseif ($this->ion_auth->is_admin())
{
echo "Admin User";
// if an admin, go to admin area
//set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
//list the users
$this->data['users'] = $this->ion_auth->users()->result();
foreach ($this->data['users'] as $k => $user)
{
$this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result();
}
$this->_render_page('auth/view_users', $this->data);
}
//if user is part of the master data team
elseif ($this->ion_auth->in_group("master_data"))
{
echo "master data group";
//redirect them to the master_data page
$data['title']="Master Data Home Page";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_master_data");
$this->load->view("site_footer");
}
elseif ($this->ion_auth->in_group("planning"))
{
echo "Planning";
//redirect them to the master_data page
$data['title']="IMS Planning";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_planning");
$this->load->view("site_footer");
}
else
{
echo "Generic user";
//redirect them to the default home page
$data['title']="IMS Home Page";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_home");
$this->load->view("site_footer");
}
}
我的思维过程是控制器只有在用户位于正确的组中时才会加载。这可以正常工作,并为每个用户加载正确的视图。我的问题是我仍然可以直接浏览任何视图,例如http://localhost/logico/application/views/content_master_data.php
如何限制对视图/控制器的访问权限,以便未登录的人和不在正确组中的人访问该页面。
答案 0 :(得分:1)
您必须将每个用户组重定向到不同的控制器,而不是加载不同的视图。
验证索引
function index()
{
// if not logged in - go to home page
if (!$this->ion_auth->logged_in())
{
//redirect them to the login page
redirect('auth/login', 'refresh');
}
// if user is an admin go to this page
elseif ($this->ion_auth->is_admin())
{
echo "Admin User";
// if an admin, go to admin area
//set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
//list the users
$this->data['users'] = $this->ion_auth->users()->result();
foreach ($this->data['users'] as $k => $user)
{
$this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result();
}
$this->_render_page('auth/view_users', $this->data);
}
//if user is part of the master data team
elseif ($this->ion_auth->in_group("master_data"))
{
//redirect them to the master controller
redirect('master','refresh');
}
elseif ($this->ion_auth->in_group("planning"))
{
//redirect them to the planning controller
redirect('planning',refresh);
}
else
{
//redirect them to the generic controller
redirect('generic','refresh');
}
}
主控制器
class Master extends CI_Controller {
function __construct()
{
parent::__construct();
if (!$this->ion_auth->in_group('master_data'))
{
redirect('auth/login', 'refresh');
}
}
function index()
{
$data['title']="Master Data Home Page";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_master_data");
$this->load->view("site_footer");
}
}
类似规划和通用控制器的构造函数必须包含相应的身份验证检查。这将防止通过URL执行不需要的方法。