We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

beforeDispatch not work - how to test it?

Hello! I am trying to implement authentification on my site due to INVO tutorial. Add EventsManager, Session, ACL. But it have no affect on any part of my application. I understand that is somewhere mistake, but I have no idea how to test it - even If put "forward" at start of my 'bedoreDispatch".

Please, can you guide me - where can be problem? I run it on Windows with nginx+php NTS (run from binaries, not WAMP or something else). Thank you!

What I have now: In my index.php

        $di->set('dispatcher', function() {
            $eventsManager = new EventsManager;
            $eventsManager->attach('dispatch:beforeDispatch', new SecurityPlugin);
            $eventsManager->attach('dispatch:beforeException', new NotFoundPlugin);
            $dispatcher = new Dispatcher();
            return $dispatcher;
        }); 

My SecurityPlugin.php

<?php

use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Acl\Adapter\Memory as AclList;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;

class SecurityPlugin extends Plugin
{
    public function getAcl()
    {
        if (!isset($this->persistent->acl))
        {
            $acl = new AclList();

            $acl->setDefaultAction(Acl::DENY);

            $roles = array(
                'user' => new Role('User'),
                'guest' => new Role('Guest')
            );
            foreach ($roles as $role)
            {
                $acl->addRole($role);
            }

            $privateResources = array(
                'admin' => array('index')
            );
            foreach ($privateResources as $resource => $actions)
            {
                $acl->addResource(new Resource($resource), $actions);
            }
            foreach ($privateResources as $resource => $actions) {
                foreach ($actions as $action){
                    $acl->deny('Guest', $resource, $action);
                }
            }
            foreach ($privateResources as $resource => $actions) {
                foreach ($actions as $action){
                    $acl->deny('User', $resource, $action);
                }
            }
        }
    }

    public function beforeDispatch(Event $event, Dispatcher $dispatcher)
    {

        $auth = $this->session->get('auth');
        if (!$auth)
        {
            $role = 'Guest';
        }
        else
        {
            $role = 'User';
        }

        $controller = $dispatcher->getControllerName();
        $action = $dispatcher->getActionName();

        $acl = $this->getAcl();
        $allowed = $acl->isAllowed($role, $controller, $action);
        $this->logger->log($allowed);
        if ($allowed != ACL::ALLOW) {
            //Redirect user without priviledges to main page
            $dispatcher->forward(
                array(
                    'controller' => 'index',
                    'action' => 'index'
                )
            );

            return false;
        }
    }
}

my SessionController.php

<?php

use Phalcon\Mvc\Controller;

class SessionController extends Controller
{
    private function _registerSession($user)
    {
        $this->session->set('auth', array(
            'id'   => $user->id,
            'name' => $user->name
        ));
    }

    public function loginAction()
    {
        if ($this->request->isPost())
        {
            $email = $this->request->getPost('email');
            $password = $this->request->getPost('password');

            $user = User::findFirst(array(
                "email = :email: AND password = :password:",
                'bind' => array('email' => $email,'password' => sha1($password))
                ));

                $this->logger->log(sha1($password));

            if ($user != false)
            {
                $this->_registerSession($user);
                $this->logger->log('I.G.I.');
                return $this->response->redirect('/admin', true);
            }

            return $this->response->redirect('/', true);

        }
    }

    public function logoutAction()
    {
        $this->session->remove('auth');
        return $this->response->redirect('/', true);
    }
}

What do you want to achieve?

Thank you for your attention!

I just want to protect my backend, like it shown in INVO - for start, just close 'Admin::index' for Guests. But in my case beforeDispatch not work at all. :) And I have no idea how to debug it - it just not work, like it not attached. But I check for typos and etc.

Maybe, you can push me in right direction? :)



5.2k
Accepted
answer

Opps, I am sorry, I found problem :)