i'm trying to control the session to forbid the access to some pages of my web app. The way is simple, a boolean session variable. The thing is there's one page for every action, but, i think is not elegant at all to ask in every action if the user is logged or not. How can i do this elegantly in a MVC architecture? It looks crappy this way. I was thinking that there is a parent action that redirects t开发者_JAVA百科o the final one, the one that renders the page, is it right? maybe i could make the check there.
public function createAction(Request $request){
$sess = $this->getRequest()->getSession();
if ($sess->get('logged') == true) {
// ---- ACTION CODE GOES HERE ---- //
}
}
In Symfony2, if the sections of the site that need authorization are under the same path, you can use the access_control section in the security configuration:
# app/config/security.yml
security:
# ...
access_control:
- { path: ^/secured/area, roles: ROLE_USER }
You can find more ways to secure your app in the book
精彩评论