We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Access to ACL / Resources

hi.

I'm using the security plugin like INVO demo project, so how can I access to the resources or acls lists in other controllers?

example, I'm in https://project.local/backend/products/index and i need to check is controller products is private or public.

regards



98.9k

You need to register the plugin in the dispatcher related to that module in the same way as it was registered in invo



11.5k
edited Jul '14

hi,

it's registered but which class/functions do I use to check acl's/resources ?

Sorry and thank you



98.9k

The security plugin implements a method 'beforeDispatch', this is the same name as an event triggered by the dispatcher: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L84

We need to get the current user or profile in session to validate the access against the Acl: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L87

Here, we get the acl: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L97

And perform the validation: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L99

If the user does not have access, we forward him/her to the index page: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L102



11.5k
edited Jul '14

Thank you for the explanation.

Sorry Phalcon I'm not explaining myself well... I have that code well implemented. So now in other controllers for example products I need to check if products controller is private or not etc...

regards



11.5k

Yes its like that ! :) thank you