Skip to content

Commit

Permalink
Merge pull request #1026 from kenjis/docs-improve-filter-explanation
Browse files Browse the repository at this point in the history
docs: improve descriptions for filters
  • Loading branch information
kenjis authored Feb 15, 2024
2 parents 6bb80f7 + 5aeca30 commit f930da1
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
8 changes: 7 additions & 1 deletion docs/quick_start_guide/using_session_auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,13 @@ command.

## Protecting Pages

If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the **app/Config/Filters.php** file.
By default, Shield does not protect pages. To make certain pages accessible only
to logged-in users, set the `session`
[controller filter](../references/controller_filters.md).

For example, if you want to limit all routes (e.g. `localhost:8080/admin`,
`localhost:8080/panel` and ...), you need to add the following code in the
**app/Config/Filters.php** file.

```php
public $globals = [
Expand Down
8 changes: 4 additions & 4 deletions docs/references/controller_filters.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ $aliases = [

| Filters | Description |
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| session | The `Session` authenticator. |
| tokens | The `AccessTokens` authenticator. |
| session | Restricts access to users who are not authenticated by the `Session` authenticator. |
| tokens | Restricts access to users who are not authenticated by the `AccessTokens` authenticator. |
| chained | The filter will check authenticators in sequence to see if the user is logged in through either of authenticators, allowing a single API endpoint to work for both an SPA using session auth, and a mobile app using access tokens. |
| jwt | The `JWT` authenticator. See [JWT Authentication](../addons/jwt.md). |
| hmac | The `HMAC` authenticator. See [HMAC Authentication](../guides/api_hmac_keys.md). |
| jwt | Restricts access to users who are not authenticated by the `JWT` authenticator. See [JWT Authentication](../addons/jwt.md). |
| hmac | Restricts access to users who are not authenticated by the `HMAC` authenticator. See [HMAC Authentication](../guides/api_hmac_keys.md). |
| auth-rates | Provides a good basis for rate limiting of auth-related routes. |
| group | Checks if the user is in one of the groups passed in. |
| permission | Checks if the user has the passed permissions. |
Expand Down

0 comments on commit f930da1

Please sign in to comment.