Mojavi provides two levels of security to control access to actions: the first requires the user to be logged in, the seconds checks for a specific privilege.
Basic Authentication
For basic authentication, the following three methods are of importance:
User::setAuthenticated() User::isAuthenticated() Action::isSecure()
To implement an action that only logged in users can access, simply overwrite the Action::isSecure() method in your action:
function isSecure()
{
return true;
}
This will instruct the controller to check $user->isAuthenticated(). If this method returns false, the request will be redirected to the AUTH_MODULE/AUTH_ACTION defined in the configuration file (default is Default/Login).
You can implement the Default/Login Action to call $user->setAuthenticated(TRUE) if a valid username and password was entered.
Privileges
Privileges are used to differentiate between logged in users. The following methods are important:
User::hasPrivilege() User::addPrivilege() Action::getPrivilege()
In addition to Action:isSecure() also overwrite the Action::getPrivilege() method in your action:
function isSecure()
{
return true;
}
function getPrivilege()
{
return array('ADMIN');
}
The controller will check if the user has the specified privilege and redirect to the login module/action if this is not the case.
The User::addPrivilege() method can be used to grant a user a certain privilege.
Please have a look at the PrivilegeUser class for more information. This tutorial includes a good example of user authentication in action.
Add A Comment