We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Dispatcher events sequence

I want to use ACL in my app. But I met some problem. If the controller/action (other words — some route) doesn't exist, the acl don't know about that fact. The acl just checks controller/action by name. So user can get "access denied" for routes don't exist, and user will think they do...

As I had noticed, beforeException is executed before beforeExecuteRoute, and beforeNotFoundAction goes before beforeException. So, potentially, I can catch "not found" before the acl checks if I use beforeExecuteRoute in the acl's events manager. My question is, does it guaranteed executed in sequence I had noticed? Is it determined? I just want to be ensure that guest will not get access to the existing private resources, but anybody will see "not found" for any nonexistent ones.



98.9k

'beforeExecuteRoute' is only executed if the action exists on the handler, otherwise beforeNotFoundAction is executed. So the Acl is only running on actions that actually exist.