I have 2 Admin contollers.
PostContoller
CategoriesController
How can I Create them inside Blog Plugin, If I want. Can a plugin have more than one Controller, Admin or Public.
I tried to Create PostAdminContoller and extend AdminController, but dont know how to Call it like
?aa=Post.index
There are three controllers that are available by default:
AdminController
SiteController
PublicController
If you want more controllers, use routes (http://www.impresspages.org/docs/routing) but then you have to do security checks on your own:
\Ip\Internal\Admin\Backend::userId() //check if admin is logged in
ipAdminPermission($plugin) //check if current admin has right to access plugin.
Related
I use latest prestashop 1.6.1.4, I want to every customer firstly login on site and then they have access all over pages of website, without login user can't do anything on site.
So, I want know that there is any configuration at backoffice side and if Yes then how can do that?
There is no built in function to do this, but you can easily override the FrontController to achieve this behavior.
Put this code inside /override/classes/controller/FrontController.php:
<?php
class FrontController extends FrontControllerCore
{
public function init()
{
parent::init();
if (!$this->context->customer->isLogged() && $this->php_self != 'authentication' && $this->php_self != 'password')
{
Tools::redirect('index.php?controller=authentication?back=index');
}
}
}
If the user is not on an authentication page or a forgot password page he will be redirected to the authentication page. After log in he will be redirected to the home.
EDIT:
If the file FrontController.php doesn't exist, you will have to create it and delete the file /cache/class_index.php. class_index caches every classes path on your website. So if you create a new Class File, you need to delete it to let Prestashop search for newly created ones.
There is no such configuration for this in back office. You can only achieve this by developing a custom module for your store, that uses a hook that is called on all the pages (hookDisplayHeader or hookDisplayTop etc.)
If you don't want to create a module for this then you can also achieve the same by overriding FrontController.php as it is called on each and every page of PrestaShop.
I am creating my first framework based project using YII framework. I have a main site and a module based backend to manage the site(CMS). First I used the same layout for both ends, but now I want two different layouts for front end and backend. I changed my module layout by adding a layouts folder to the module view file and I added “$controller->layout = 'main';” to the base module file of my module folder. Now the layout has been changed but when I logged in as a admin to the backend I cannot view any admin controller action, it means I am just a guest user. This issue is solved when I change my layout to the main site layout.
Please let me know if there is anything to do for this?
if the backend and frontend you created like module I think this will help:
$this->layoutPath = Yii::getPathOfAlias('(application.views.layouts or path/to/layouts)');
and in controllers of module just pasting layout name:
public $layout = 'login';
I'm working on a web application in ASP.NET MVC. When the user logs in, I want to retrieve his navigation (varies between user accounts) and his information from the database, and keep the info between controllers.
I'm displaying the navigation in _Layout.cshtml so I'm wondering best practices to pull the navigation and other user info from the database and storing it between controllers. This information is only retrieved once and stored through-out the user "log-in session".
What is the ideal solution? Should I create a BaseController which other controllers inherit and put my logic in the constructor and put the info in a global ViewBag? Or should I use the Session object in the Login method? Or should I create a static method and call it directly from _Layout.cshtml?
What should I do? I want to do this globally once, so I don't have to do this in each controller action.
Is there a way to use the AuthorizeAttribute to restrict access base on user type? I have an admin login and an intern log in.
As of right now, both of these logins will show all tabs on my admin page. what I want is to restrict the # of tabs that the intern login sees.
Can I use the AuthorizeAttribute to do that? Please advise.
Many thanks
The AuthorizeAttribute is placed on controller or action methods to prevent them from executing for unauthorize individuals.
In your case, what you want to do is prevent a menu from being displayed based on the type of users.
For this, you would use Roles that determine what permissions each user has.
Then on the view, you would use the User.IsInRole("roleName") to determine if they are in the role and act accordingly.
For instance, here is how you would only show the "Manage Users" menu item to an admin:
#if(User.IsInRole("Admin"))
{
<li>Manage Users
}
Also, in the Users action method, you would decorate it with the AuthorizeAttribute to prevent users that are not in the "Admin" role from accessing the page.
[Authorize(Roles("Admin"))]
public ActionResult Users()
{
//...
}
I don't want to sign-up new user to (active admin) admin panel..so that I want to customize the login page of active admin.
How can I remove the sign-up link from the admin-login page in active admin.
How can I do the same...?
The question is quite old, but I just came across the same problem. My solution is:
mkdir -p app/views/active_admin/devise/shared
touch app/views/active_admin/devise/shared/_links.erb
I have also disabled the routes:
devise_for :users, ActiveAdmin::Devise.config.merge(skip: [:confirmations, :passwords, :registrations, :unlocks])
If this rule applies to all of your admin pages, you could use a different layout file that didn't include the links (or the partial that included them.
You could set a variable in the controller (e.g. #hide_login) then conditionally display them (e.g. <%= link_to("Sign Up", sign_up_path) unless #hide_login %>)
I have worked on a number of applications where the admin interface is really a separate part of the app, accessible only to internal users, and in this case it can be helpful to put your administrative models/views/controllers in their own namespace ( e.g. Admin::ManageUsers) which makes it easy to globally apply certain rules in a before_filter (including, possibly defining the default layout).
There are several posibilities to do this as you know you should have a controller (I mostly use AdminController) wich has an index action.
then in de index view there probably is a render partial wich renders the login/sign-up form
you can locate the elemement wich renders the sign-up link.
If you somehow can't find this you can go to your Terminal/CMD
end type
grep -lr "sign-up" *
this will find the sign-up link somewhere then just delete it or hide it like above message suggests