Tuesday, May 29, 2012

Re: Unauthorized users don't get redirected to login action

@Rihad

If a user that is not logged in is directed to your app somehow (a
link from somewhere, or types in a URL manually), then you would
expect them to be redirected to the login page with a notice that they
must be logged in in order to access that resource.

If a user is logged in and attempts to access a resource for which
they do not have permissions, then they should probably be redirected
back to the last page visited, with a notice that they do not have
access to the requested resource. Sending them to a login page would
imply that the same person has multiple credentials that he or she
would use to access different resources on your site.

The best solution, I would think, is not offer resources (links) in
the view if the currently logged in user does not have sufficient
permissions to access them.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

No comments: