Skip to content
Snippets Groups Projects
Commit 0cbda6a1 authored by Alexander Jason's avatar Alexander Jason
Browse files

fix: add protected route

parent cfd2298d
Branches
Tags
No related merge requests found
...@@ -15,9 +15,19 @@ class AuthorController extends Controller implements ControllerInterface ...@@ -15,9 +15,19 @@ class AuthorController extends Controller implements ControllerInterface
public function add() public function add()
{ {
if (!isset($_SESSION['username'])) {
http_response_code(301);
header("Location: /user/login", true, 301);
exit;
}
try { try {
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'GET': case 'GET':
if ($_SESSION['role'] != UserRole::Admin) {
$unauthorizedView = $this->view('.', 'UnauthorizedView');
$unauthorizedView->render();
exit;
}
// show the register page // show the register page
$addBookView = $this->view('admin', 'AddAuthorView'); $addBookView = $this->view('admin', 'AddAuthorView');
$addBookView->render(); $addBookView->render();
......
...@@ -57,9 +57,19 @@ class BookController extends Controller implements ControllerInterface{ ...@@ -57,9 +57,19 @@ class BookController extends Controller implements ControllerInterface{
public function add() public function add()
{ {
if (!isset($_SESSION['username'])) {
http_response_code(301);
header("Location: /user/login", true, 301);
exit;
}
try { try {
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'GET': case 'GET':
if ($_SESSION['role'] != UserRole::Admin) {
$unauthorizedView = $this->view('.', 'UnauthorizedView');
$unauthorizedView->render();
exit;
}
// show the add book page // show the add book page
$addBookView = $this->view('admin', 'AddBookView'); $addBookView = $this->view('admin', 'AddBookView');
$addBookView->render(); $addBookView->render();
......
...@@ -15,9 +15,19 @@ class GenreController extends Controller implements ControllerInterface ...@@ -15,9 +15,19 @@ class GenreController extends Controller implements ControllerInterface
public function add() public function add()
{ {
if (!isset($_SESSION['username'])) {
http_response_code(301);
header("Location: /user/login", true, 301);
exit;
}
try { try {
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'GET': case 'GET':
if (!isset($_SESSION['username'])) {
http_response_code(301);
header("Location: /user/login", true, 301);
exit;
}
// show the register page // show the register page
$addGenreView = $this->view('admin', 'AddGenreView'); $addGenreView = $this->view('admin', 'AddGenreView');
$addGenreView->render(); $addGenreView->render();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment