我已经为 codeigniter 2.1.3 设置了 Ion Auth。
一切运作良好。
在我的控制器 auth.php 中,我有以下函数 index() 的代码:
function index()
{
// if not logged in - go to home page
if (!$this->ion_auth->logged_in())
{
//redirect them to the login page
redirect('auth/login', 'refresh');
}
// if user is an admin go to this page
elseif ($this->ion_auth->is_admin())
{
echo "Admin User";
// if an admin, go to admin area
//set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
//list the users
$this->data['users'] = $this->ion_auth->users()->result();
foreach ($this->data['users'] as $k => $user)
{
$this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result();
}
$this->_render_page('auth/view_users', $this->data);
}
//if user is part of the master data team
elseif ($this->ion_auth->in_group("master_data"))
{
echo "master data group";
//redirect them to the master_data page
$data['title']="Master Data Home Page";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_master_data");
$this->load->view("site_footer");
}
elseif ($this->ion_auth->in_group("planning"))
{
echo "Planning";
//redirect them to the master_data page
$data['title']="IMS Planning";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_planning");
$this->load->view("site_footer");
}
else
{
echo "Generic user";
//redirect them to the default home page
$data['title']="IMS Home Page";
$this->load->view("site_header",$data);
$this->load->view("site_nav");
$this->load->view("content_home");
$this->load->view("site_footer");
}
}
我的想法是,只有当他们的用户在正确的组中时,控制器才会被加载。这可以正常工作,并为每个用户加载正确的视图。我的问题是我仍然可以直接浏览到任何视图,例如http://localhost/logico/application/views/content_master_data.php
如何限制对视图/控制器的访问,以使未登录的人和不在正确组中的人无法访问该页面。