Users that are already logged in (i.e. through a password reset) should be forwarded to the dashboard ONLY if they have permission, otherwise, send them back to the index page
This commit is contained in:
@@ -47,6 +47,35 @@ class ServicesProvider
|
|||||||
return $classMapper;
|
return $classMapper;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns a callback that forwards to dashboard if user is already logged in.
|
||||||
|
*
|
||||||
|
* @return callable
|
||||||
|
*/
|
||||||
|
$container['redirect.onAlreadyLoggedIn'] = function ($c) {
|
||||||
|
/*
|
||||||
|
* This method is invoked when a user attempts to perform certain public actions when they are already logged in.
|
||||||
|
*
|
||||||
|
* @todo Forward to user's landing page or last visited page
|
||||||
|
* @param \Psr\Http\Message\ServerRequestInterface $request
|
||||||
|
* @param \Psr\Http\Message\ResponseInterface $response
|
||||||
|
* @param array $args
|
||||||
|
* @return \Psr\Http\Message\ResponseInterface
|
||||||
|
*/
|
||||||
|
return function (Request $request, Response $response, array $args) use ($c) {
|
||||||
|
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
|
||||||
|
$authorizer = $c->authorizer;
|
||||||
|
|
||||||
|
$currentUser = $c->authenticator->user();
|
||||||
|
|
||||||
|
if ($authorizer->checkAccess($currentUser, 'uri_dashboard')) {
|
||||||
|
return $response->withHeader('UF-Redirect', $c->router->pathFor('dashboard'));
|
||||||
|
} else {
|
||||||
|
return $response->withHeader('UF-Redirect', $c->router->pathFor('index'));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Returns a callback that handles setting the `UF-Redirect` header after a successful login.
|
* Returns a callback that handles setting the `UF-Redirect` header after a successful login.
|
||||||
*
|
*
|
||||||
|
|||||||
Reference in New Issue
Block a user