使用codeigniter和IonAuth保護視圖

Question

我已經爲codeigniter 2.1.3設置了Ion Auth。

一切正常。

在我的控制器，auth.php我有一個功能指數（）下面的代碼：

function index() 
{ 
    // if not logged in - go to home page 
    if (!$this->ion_auth->logged_in()) 
    { 
     //redirect them to the login page 
     redirect('auth/login', 'refresh'); 
    } 
    // if user is an admin go to this page 
    elseif ($this->ion_auth->is_admin()) 
    { 
     echo "Admin User"; 
     // if an admin, go to admin area 

     //set the flash data error message if there is one 
     $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message'); 

     //list the users 
     $this->data['users'] = $this->ion_auth->users()->result(); 
     foreach ($this->data['users'] as $k => $user) 
     { 
      $this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result(); 
     } 

     $this->_render_page('auth/view_users', $this->data);     
    } 
    //if user is part of the master data team 
    elseif ($this->ion_auth->in_group("master_data")) 
    { 
     echo "master data group"; 
     //redirect them to the master_data page 
     $data['title']="Master Data Home Page"; 
     $this->load->view("site_header",$data); 
     $this->load->view("site_nav"); 
     $this->load->view("content_master_data"); 
     $this->load->view("site_footer"); 

    } 
    elseif ($this->ion_auth->in_group("planning")) 
    { 
     echo "Planning"; 
     //redirect them to the master_data page 
     $data['title']="IMS Planning"; 
     $this->load->view("site_header",$data); 
     $this->load->view("site_nav"); 
     $this->load->view("content_planning"); 
     $this->load->view("site_footer"); 

    } 
    else 
    { 
     echo "Generic user"; 
     //redirect them to the default home page 
     $data['title']="IMS Home Page"; 
     $this->load->view("site_header",$data); 
     $this->load->view("site_nav"); 
     $this->load->view("content_home"); 
     $this->load->view("site_footer"); 
    } 
} 

我的思維過程是，如果他們的用戶是在正確的組控制器只會被加載。這工作正常，併爲每個用戶加載正確的視圖。我的問題是，我仍然可以直接瀏覽任何視圖，例如http://localhost/logico/application/views/content_master_data.php

如何限制對視圖/控制器的訪問，以便無法訪問未登錄的用戶和不在的用戶正確的組。

Answer 1

而不是加載不同的意見你必須重定向每個用戶組到不同的控制器。

驗證指數

function index() 
{ 
    // if not logged in - go to home page 
    if (!$this->ion_auth->logged_in()) 
    { 
     //redirect them to the login page 
     redirect('auth/login', 'refresh'); 
    } 
    // if user is an admin go to this page 
    elseif ($this->ion_auth->is_admin()) 
    { 
     echo "Admin User"; 
     // if an admin, go to admin area 

     //set the flash data error message if there is one 
     $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message'); 

     //list the users 
     $this->data['users'] = $this->ion_auth->users()->result(); 
     foreach ($this->data['users'] as $k => $user) 
     { 
      $this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result(); 
     } 

     $this->_render_page('auth/view_users', $this->data);     
    } 
    //if user is part of the master data team 
    elseif ($this->ion_auth->in_group("master_data")) 
    {   
     //redirect them to the master controller 
     redirect('master','refresh');   

    } 
    elseif ($this->ion_auth->in_group("planning")) 
    { 
//redirect them to the planning controller 
     redirect('planning',refresh);   
    } 
    else 
    { 
//redirect them to the generic controller 
redirect('generic','refresh'); 

    } 
} 

主控制器

class Master extends CI_Controller { 

    function __construct() 
    { 
    parent::__construct(); 
    if (!$this->ion_auth->in_group('master_data')) 
    { 
       redirect('auth/login', 'refresh'); 
      } 
     } 
function index() 
{ 
      $data['title']="Master Data Home Page"; 
      $this->load->view("site_header",$data); 
      $this->load->view("site_nav"); 
      $this->load->view("content_master_data"); 
      $this->load->view("site_footer"); 
} 
} 

規劃相若方式和通用控制器的構造函數必須包含相應的認證check.This將防止不必要的方法執行通過URL。