Why do I see the admin panel with access denied? #245
-
|
In the config, I specified the middleware I try to go to the admin url with no admin user and see the edges of the admin panel on the background of the 404 page. |
Beta Was this translation helpful? Give feedback.
Replies: 0 comments 2 replies
-
|
Removed check in file It is better to think over this point otherwise there may be security problems in the admin area. |
Beta Was this translation helpful? Give feedback.
-
|
@AlexKomMsk what is the contents of If I return If you are talking about @if(backpack_user()->hasRole('admin'))
//show items only available for users with admin role
@endifAlso you should add those permission checks in your controllers so that even if someone try direct access to the resource url, the controller would deny the access. Cheers |
Beta Was this translation helpful? Give feedback.
@AlexKomMsk what is the contents of
App\Http\Middleware\CheckIfAdmin::class?If I return
falsefromcheckIfUserIsAdmin()I don't see any sidebar.If you are talking about
rolesandpermissions, you should add your checks directly in thesidebarfile:Also you should add those permission checks in your controllers so that even if someone try direct access to the resource url, the controller would deny the access.
You can control that access with
$this->crud->allowAccess(['list','create'])anddenyAccess->in your controllers.Cheers