2009年12月30日星期三

Re: [fw-auth] redirect after login from restricted page

> You can use the flash messenger to record the request_uri, redirect to a
> login form, and then check for it on valid login. If it exists,
> redirect. Otherwise, serve the default protected screen.

Ok, so you start with a request object, and likely, you have a plugin
that retrieves the role of the requesting client and compares the
requested resource against a set of rules.

Hence, when the user has a certain role (e.g., "guest") he may not be
granted access to a certain resource as it's not listed in the ACL.

So, maybe that resource exists, maybe it doesn't. How would you know?


Best regards,

Andreas

没有评论: