We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Security Plugin

Hi, I have one question , I know how to securityPlugin works (//Private area resources AND Public area resources)

and if user not sign-in System he can not use privateResources, i want (if user not sign-in, redirect to other Page )

Hi, If I understand you correctly, This is my solution for current project:

plugins\Access.php

class Access extends PhPlugin
{
    const ROLE_GUESTS = "Guests";
    const ROLE_USERS = "Users";

    /**
     * @var \Phalcon\Acl\Adapter\Memory|Memory
     */
    protected $_acl;

    /**
     * @var \Application\Authentication\Core
     */
    protected $_auth;

    public function __construct()
    {
        $this->_auth = $this->getDI()->getShared('auth');
    }

    /** Acl resource and roles define **/
    public function getAcl()
    {
        ...
    }

    public function beforeExecuteRoute(PhEvent $event, PhDispatcher $dispatcher)
    {
        $role = $this->_auth->hasIdentity() ? SELF::ROLE_USERS : SELF::ROLE_GUESTS;

        if($role = SELF::ROLE_GUESTS) { // Just forward user to LOGIN controller
            $dispatcher->forward(
                array(
                    'controller' => 'session',
                    'action' => 'login'
                )
            );
        }
    }
}

That's it. Hope helps.