[Solar-talk] Auth process in closed apps
Antti Holvikari
anttih at gmail.com
Thu Aug 10 04:20:02 PDT 2006
On 8/10/06, Rodrigo Moraes <rodrigo.moraes at gmail.com> wrote:
> Simple question about best practices: in an app where people must be
> authenticated to perform or see anything (a classic "admin area", to
> be clear), is it correct to put the authenticathion process in
> _preAction(), e.g., if($auth == false) { $this->_action = 'login'; } ?
> And _preAction() is a nice place to perform general permissions
> checkings too?
I'm doing *exactly* like this with Aquamdb. Take a look at
http://svn.sourceforge.net/viewvc/aquamdb/trunk/Aquamdb/App/Manage.php?view=markup,
line 303. I think _preRun() is exactly the right place for this
permission check.
--
Antti Holvikari <http://phphalo.com>
More information about the solar-talk
mailing list