We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

To Check URL is authorized or not to the user

Hi, I am new in Phalcon Framework. I am trying to prevent url from those user are not authorized to access.

Example : We have 3 type of user

  1. Admin , 2. Manager 3. Guest

Admin Can access : can delete all type of user but Manager can do only Guest type user but not type of manager

before that i also want to know which type of user is logged in in system .

Can you help me out !

Thanking You.

edited Feb '16
    private function _registerSession(Users $user)

        $this->session->set('auth', array(
            'role' => $user->role
 $userInfo = $this->session->get("auth");

                     if(!$userInfo) {

          $data  = [

                  "users" => ["status" => 0,  "error" => ["type" => "session"]]];

                   //echo json_encode($data);



          if($userInfo['role'] == 'admin') { 

          } elseif($userInfo['role'] == 'Manager') {

          } else {

                //Guest logic 

There are really a lot of components that you have requested in this question so i am going to direct you to the demo app that shows all fo these functions.

The Vokuro sample app from phalcon will show you a lot of the functionality you are looking for.


It uses an Auth library for authorizing users. Each user has a Porfile with their own personal settings profiles (ACL).

then run everything through a base controller. First see if they have access to the controller.

then once they make it through that you can set up your other settings. the example above shows this last step for hte most part.

The phalcon ACL (Access Controll Layer) to control whether or not a user can do things.

You can use the ACL for more than just controller controll as they do in the demo app. You can set an arbitrary number of permissions on each controller.

edited Feb '16

In phalcon 2.1.x i added some functionallity to ACL, to extend it with custom logic, you can add some functions which will return true/false when checking isAllowed method. Also it can operate now on objects. Check 2.1.x branch. If you need documentation you can also check docs repo in master branch on phalcon cuz i wrote about it too.