localhost.test/teacher/marklist
- teacher
is controller and marklist is view page.
A student
logging in and typing the above url
will display the page.
How to prevent this?
localhost.test/teacher/marklist
- teacher
is controller and marklist is view page.
A student
logging in and typing the above url
will display the page.
How to prevent this?
There are many ways to prevent it but the suggested way in Zend is to use Zend_Acl and make roles: Student, Teacher and resources.
You can read more about Zend Access Control List here.
From Zend Page:
Zend_Acl provides a lightweight and flexible access control list (ACL) implementation for privileges management. In general, an application may utilize such ACL's to control access to certain protected objects by other requesting objects.
For the purposes of this documentation:
a resource is an object to which access is controlled.
a role is an object that may request access to a Resource
So basicly you need to make: