Adam Rifat
Reputation: 573
How to protect view in Joomla 3.0
In Joomla 3.0 what is the best way to protect a view based on the id. For example I have a url like:
/administrator/index.php?option=com_helloworld&view=unitversions&layout=edit&id=158733
I don't want a user to be able to see this page if they don't 'own' that id. I understand that the controller will authorise based on ACL but just redirects to a URL similar to the above.
I'm thinking a plugin might be the best approach? Perhaps using the onContentBeforeDisplay trigger.
Does anyone have a better suggestion?
Thanks!
Upvotes: 1
Views: 170
Answers (1)
Adam Rifat
Reputation: 573
I think this is probably the best way as is done in the CMS core files.
// Check for edit form.
if ($vName == 'category' && $lName == 'edit' && !$this->checkEditId('com_categories.edit.category', $id))
{
// Somehow the person just went to the form - we don't allow that.
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_UNHELD_ID', $id));
$this->setMessage($this->getError(), 'error');
$this->setRedirect(JRoute::_('index.php?option=com_categories&view=categories&extension='.$this->extension, false));
return false;
}
Upvotes: 2
Related Questions
- How to prevent access to component/users/?view=registration in Joomla 2.5?
- Prevent direct access to a page in Joomla
- PHP MVC OOP protecting views when not logged in
- Protect joomla article with password
- Password protect a view
- Joomla site security
- Reduce security from views folder MVC
- php security with Joomla
- how to restrict direct access to a view for registered users, in a custom component, in joomla?
- Restricted Access in Joomla file