Basic App

An open source simple CMS based on CodeIgniter 4

Restrict access to application backend in CodeIgniter 4

The easiest way to restrict access to application backend, is to check the address of the current page, and if it starts with /admin, then check a logged user rights. This can be implemented through filters, that appeared in the fourth version of the framework.

1. Add a "Basic App Core" library contains an admin filter via Composer.

```composer require "basic-app/core:dev-master"```

2. Set up a new filter in filters config: "/Config/Filters.php".

```
public $aliases = [
    ...
    'admin' => \BasicApp\AdminFilter::class
];

...

public $filters = [
    ...
    'admin' => [
        'before' => ['admin', 'admin/*']
    ]
];
```

If you have an another implementation of users and rights, then you can inherit your class from BasicApp\BaseAdminFilter and override currentUserId(), checkAccess() and getUser() methods.

Posted on 2019-01-25