From 0cbda6a18808c18b3a864708bba4deefc3550864 Mon Sep 17 00:00:00 2001
From: Alexander Jason <alexanderjason526@gmail.com>
Date: Mon, 13 Nov 2023 19:53:09 +0700
Subject: [PATCH] fix: add protected route
---
app/controllers/AuthorController.php | 10 ++++++++++
app/controllers/BookController.php | 10 ++++++++++
app/controllers/GenreController.php | 10 ++++++++++
3 files changed, 30 insertions(+)
diff --git a/app/controllers/AuthorController.php b/app/controllers/AuthorController.php
index 8f79d09..98d582c 100644
--- a/app/controllers/AuthorController.php
+++ b/app/controllers/AuthorController.php
@@ -15,9 +15,19 @@ class AuthorController extends Controller implements ControllerInterface
public function add()
{
+ if (!isset($_SESSION['username'])) {
+ http_response_code(301);
+ header("Location: /user/login", true, 301);
+ exit;
+ }
try {
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
+ if ($_SESSION['role'] != UserRole::Admin) {
+ $unauthorizedView = $this->view('.', 'UnauthorizedView');
+ $unauthorizedView->render();
+ exit;
+ }
// show the register page
$addBookView = $this->view('admin', 'AddAuthorView');
$addBookView->render();
diff --git a/app/controllers/BookController.php b/app/controllers/BookController.php
index 567aafe..134b4df 100644
--- a/app/controllers/BookController.php
+++ b/app/controllers/BookController.php
@@ -57,9 +57,19 @@ class BookController extends Controller implements ControllerInterface{
public function add()
{
+ if (!isset($_SESSION['username'])) {
+ http_response_code(301);
+ header("Location: /user/login", true, 301);
+ exit;
+ }
try {
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
+ if ($_SESSION['role'] != UserRole::Admin) {
+ $unauthorizedView = $this->view('.', 'UnauthorizedView');
+ $unauthorizedView->render();
+ exit;
+ }
// show the add book page
$addBookView = $this->view('admin', 'AddBookView');
$addBookView->render();
diff --git a/app/controllers/GenreController.php b/app/controllers/GenreController.php
index 4278626..aaccffc 100644
--- a/app/controllers/GenreController.php
+++ b/app/controllers/GenreController.php
@@ -15,9 +15,19 @@ class GenreController extends Controller implements ControllerInterface
public function add()
{
+ if (!isset($_SESSION['username'])) {
+ http_response_code(301);
+ header("Location: /user/login", true, 301);
+ exit;
+ }
try {
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
+ if (!isset($_SESSION['username'])) {
+ http_response_code(301);
+ header("Location: /user/login", true, 301);
+ exit;
+ }
// show the register page
$addGenreView = $this->view('admin', 'AddGenreView');
$addGenreView->render();
--
GitLab