We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Security plugin persistent ACL problem

I have a problem with my Security Plugin. Since 1 year in each project my security plugin works well and all role are affected. But in my lastest projects under phalcon 2.0.11 inside my getAclt action I have this :

if (!isset($this->persistent->acl)) {

And this is always empty so the security plugins doesn't affect role to controllers and actions.

My Plugin looks like the this Plugin

Do you know why $this->persistent->acl is always empty ?

persistent is only available if your classes extends \Phalcon\Di\Injectable or \Phalcon\Mvc\Controller

I edited my link because I failed. But could you tell me why in the example in phalcon project they use if (!isset($this->persistent->acl)) { ?

persistent is only available if your classes extends \Phalcon\Di\Injectable or \Phalcon\Mvc\Controller

I have not used ACL in that way.

But officialy: Controller, components and classes that extends Phalcon\Di\Injectable may inject a Phalcon\Session\Bag. This class isolates variables for every class. Thanks to this you can persist data between requests in every class in an independent way.

The data added to the session ($this->session) are available throughout the application, while persistent ($this->persistent) can only be accessed in the scope of the current class.


Ok, so I should remove this condition if (!isset($this->persistent->acl)) { and It will works right ?

I'm not saying that it would, you can try though. When I work with persistent that's how I handle it and works.

Especially since you state it used to work prior to v2.0.11, it might be version issue. Try to compile v2.0.10 and see if it works on same setup.


I got a problem inside my condition $allowed != Acl::ALLOW I don't know why I set return true instead of return flase :/ this is why I got this problem.

Sorry for this mistake