Skip to content

Commit f930da1

Browse files
kenjiskenjis
authored
Merge pull request #1026 from kenjis/docs-improve-filter-explanation
docs: improve descriptions for filters
2 parents 6bb80f7 + 5aeca30 commit f930da1

File tree

2 files changed

+11
-5
lines changed

2 files changed

+11
-5
lines changed

docs/quick_start_guide/using_session_auth.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,13 @@ command.
9494

9595
## Protecting Pages
9696

97-
If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the **app/Config/Filters.php** file.
97+
By default, Shield does not protect pages. To make certain pages accessible only
98+
to logged-in users, set the `session`
99+
[controller filter](../references/controller_filters.md).
100+
101+
For example, if you want to limit all routes (e.g. `localhost:8080/admin`,
102+
`localhost:8080/panel` and ...), you need to add the following code in the
103+
**app/Config/Filters.php** file.
98104

99105
```php
100106
public $globals = [

docs/references/controller_filters.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,11 @@ $aliases = [
2727

2828
| Filters | Description |
2929
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
30-
| session | The `Session` authenticator. |
31-
| tokens | The `AccessTokens` authenticator. |
30+
| session | Restricts access to users who are not authenticated by the `Session` authenticator. |
31+
| tokens | Restricts access to users who are not authenticated by the `AccessTokens` authenticator. |
3232
| chained | The filter will check authenticators in sequence to see if the user is logged in through either of authenticators, allowing a single API endpoint to work for both an SPA using session auth, and a mobile app using access tokens. |
33-
| jwt | The `JWT` authenticator. See [JWT Authentication](../addons/jwt.md). |
34-
| hmac | The `HMAC` authenticator. See [HMAC Authentication](../guides/api_hmac_keys.md). |
33+
| jwt | Restricts access to users who are not authenticated by the `JWT` authenticator. See [JWT Authentication](../addons/jwt.md). |
34+
| hmac | Restricts access to users who are not authenticated by the `HMAC` authenticator. See [HMAC Authentication](../guides/api_hmac_keys.md). |
3535
| auth-rates | Provides a good basis for rate limiting of auth-related routes. |
3636
| group | Checks if the user is in one of the groups passed in. |
3737
| permission | Checks if the user has the passed permissions. |

0 commit comments

Comments
 (0)