-
Notifications
You must be signed in to change notification settings - Fork 53
silgy_set_auth_level
Jurek Muszyński edited this page Oct 10, 2019
·
16 revisions
Sets required authorization level for the path.
level can have one of the following values:
| macro | value | notes |
|---|---|---|
| AUTH_LEVEL_NONE | 0 | No user session is required. |
| AUTH_LEVEL_ANONYMOUS | 1 | Anonymous user session is required. If there's no valid as cookie, anonymous user session is started. |
| AUTH_LEVEL_LOGGEDIN | 2 | Logged in user session is required. If request does not have valid ls cookie, it's redirected to URI defined in silgy_app.h APP_LOGIN_URI. |
| AUTH_LEVEL_USER AUTH_LEVEL_CUSTOMER AUTH_LEVEL_STAFF AUTH_LEVEL_MODERATOR AUTH_LEVEL_ADMIN AUTH_LEVEL_ROOT |
10 20 30 40 50 100 |
User has to have at least matching auth_level. Otherwise request will receive 404 (security by obscurity). |
| AUTH_LEVEL_NOBODY | 125 | Provided for whitelist-based access model, when high security is required. Meant only for DEF_RES_AUTH_LEVEL. If set to AUTH_LEVEL_NOBODY, only resources explicitly set via silgy_set_auth_level() will be accessible. |
Resources not set with silgy_set_auth_level() get default level specified in silgy_app.h DEF_RES_AUTH_LEVEL. For more information see Sessions in Silgy.
Static resources always have AUTH_LEVEL_NONE.
None
// in silgy_app_init()
silgy_set_auth_level("about", AUTH_LEVEL_NONE);
silgy_set_auth_level("dashboard", AUTH_LEVEL_LOGGEDIN);
silgy_set_auth_level("blockIP", AUTH_LEVEL_ADMIN);
silgy_set_auth_level("api/users*", AUTH_LEVEL_ADMIN);