From d68e993cb0298edce601102d18bb82edde72cb5c Mon Sep 17 00:00:00 2001
From: DewanaGustavus <76590469+DewanaGustavus@users.noreply.github.com>
Date: Mon, 9 Oct 2023 13:18:36 +0700
Subject: [PATCH] fix: redirect unauthorized users
---
src/App/controller/cart/CartController.php | 5 ++++-
.../controller/{category => cart}/CheckoutController.php | 0
src/App/controller/category/AddCategoryController.php | 5 ++++-
src/App/controller/category/CategoryController.php | 5 ++++-
src/App/controller/login/LoginController.php | 3 ++-
src/App/controller/login/RegisterController.php | 3 ++-
src/App/controller/product/AddProductController.php | 6 ++++--
src/App/controller/product/EditProductController.php | 5 ++++-
src/App/controller/product/ProductController.php | 4 +++-
9 files changed, 27 insertions(+), 9 deletions(-)
rename src/App/controller/{category => cart}/CheckoutController.php (100%)
diff --git a/src/App/controller/cart/CartController.php b/src/App/controller/cart/CartController.php
index b46f235..ab3c256 100644
--- a/src/App/controller/cart/CartController.php
+++ b/src/App/controller/cart/CartController.php
@@ -2,8 +2,11 @@
class CartController extends Controller {
public function index($page = 1) {
- if($this->userRole !== 1) {
+ if($this->userRole === 2) {
throw new Exception("You are not allowed to view this page", 405);
+ }else if($this->userRole === 0) {
+ header("Location: /login");
+ exit();
}
$isCheckout = false;
diff --git a/src/App/controller/category/CheckoutController.php b/src/App/controller/cart/CheckoutController.php
similarity index 100%
rename from src/App/controller/category/CheckoutController.php
rename to src/App/controller/cart/CheckoutController.php
diff --git a/src/App/controller/category/AddCategoryController.php b/src/App/controller/category/AddCategoryController.php
index 4ccc459..6c85a8a 100644
--- a/src/App/controller/category/AddCategoryController.php
+++ b/src/App/controller/category/AddCategoryController.php
@@ -2,8 +2,11 @@
class addCategoryController extends Controller{
public function post(){
- if($this->userRole !== 2) {
+ if($this->userRole === 1) {
throw new Exception("You are not allowed to view this page", 405);
+ }else if($this->userRole === 0) {
+ header("Location: /login");
+ exit();
}
$category_name = $_POST["category_name"];
diff --git a/src/App/controller/category/CategoryController.php b/src/App/controller/category/CategoryController.php
index 16c9be4..7ce39dd 100644
--- a/src/App/controller/category/CategoryController.php
+++ b/src/App/controller/category/CategoryController.php
@@ -2,8 +2,11 @@
class CategoryController extends Controller{
public function index($page = 1){
- if($this->userRole !== 2) {
+ if($this->userRole === 1) {
throw new Exception("You are not allowed to view this page", 405);
+ }else if($this->userRole === 0) {
+ header("Location: /login");
+ exit();
}
$categoryModel = $this->model("CategoryModel");
diff --git a/src/App/controller/login/LoginController.php b/src/App/controller/login/LoginController.php
index ffe7802..a97677a 100644
--- a/src/App/controller/login/LoginController.php
+++ b/src/App/controller/login/LoginController.php
@@ -3,7 +3,8 @@
class LoginController extends Controller{
public function index() {
if($this->userRole !== 0) {
- throw new Exception("You are not allowed to view this page", 405);
+ header("Location: /");
+ exit();
}
$dir = __DIR__;
diff --git a/src/App/controller/login/RegisterController.php b/src/App/controller/login/RegisterController.php
index 13c2422..864670e 100644
--- a/src/App/controller/login/RegisterController.php
+++ b/src/App/controller/login/RegisterController.php
@@ -3,7 +3,8 @@
class RegisterController extends Controller{
public function index() {
if($this->userRole !== 0) {
- throw new Exception("You are not allowed to view this page", 405);
+ header("Location: /");
+ exit();
}
$dir = __DIR__;
diff --git a/src/App/controller/product/AddProductController.php b/src/App/controller/product/AddProductController.php
index 1b50c0b..9fdbede 100644
--- a/src/App/controller/product/AddProductController.php
+++ b/src/App/controller/product/AddProductController.php
@@ -1,10 +1,12 @@
<?php
class AddProductController extends Controller{
-
public function index(){
- if($this->userRole !== 2) {
+ if($this->userRole === 1) {
throw new Exception("You are not allowed to view this page", 405);
+ }else if($this->userRole === 0) {
+ header("Location: /login");
+ exit();
}
$categoryModel = $this->model("CategoryModel");
diff --git a/src/App/controller/product/EditProductController.php b/src/App/controller/product/EditProductController.php
index 1a02261..1626fb3 100644
--- a/src/App/controller/product/EditProductController.php
+++ b/src/App/controller/product/EditProductController.php
@@ -3,8 +3,11 @@
class EditProductController extends Controller{
public function index($id){
- if($this->userRole !== 2) {
+ if($this->userRole === 1) {
throw new Exception("You are not allowed to view this page", 405);
+ }else if($this->userRole === 0) {
+ header("Location: /login");
+ exit();
}
$productModel = $this->model("ProductModel");
diff --git a/src/App/controller/product/ProductController.php b/src/App/controller/product/ProductController.php
index c575cb3..748453e 100644
--- a/src/App/controller/product/ProductController.php
+++ b/src/App/controller/product/ProductController.php
@@ -4,7 +4,9 @@
class ProductController extends Controller{
public function index($id){
- if($this->userRole !== 1) {
+ if($this->userRole === 2) {
+ throw new Exception("You are not allowed to view this page", 405);
+ }else if($this->userRole === 0) {
header("Location: /login");
exit();
}
--
GitLab