Last active
August 29, 2015 14:10
-
-
Save atuttle/08906000d3ec9eec09ce to your computer and use it in GitHub Desktop.
Securing FW/1 applications; segmented by controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
component accessors="true" { | |
property framework; | |
property memberService; | |
function before( rc ){ | |
local.safeEvents = 'main:member.login,main:member.forgot,main:member.resetpassword'; | |
//require login for everything in this controller except login method | |
if (!structKeyExists(session, 'user')){ | |
if (listFindNoCase(local.safeEvents, rc.action) eq 0){ | |
//redirect to member.login | |
rc.next = rc.action; | |
return framework.redirect('main:member.login','next'); | |
} | |
}else{ | |
rc.user = memberService.getById( session.user.getMemberId() ); | |
//if loading login page but already logged in *AND* specifying post-login action, skip login and redirect | |
if (rc.action == 'member.login' && structKeyExists(rc, 'next')){ | |
return framework.redirect(rc.next); | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
component | |
accessors=true | |
extends="adminBase" | |
{ | |
//every action in this controller is protected by adminBase::before() | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment