Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Access to ACL / Resources

hi.

I'm using the security plugin like INVO demo project, so how can I access to the resources or acls lists in other controllers?

example, I'm in http://project.local/backend/products/index and i need to check is controller products is private or public.

regards



84.5k

You need to register the plugin in the dispatcher related to that module in the same way as it was registered in invo



7.8k
edited Jul '14

hi,

it's registered but which class/functions do I use to check acl's/resources ?

Sorry and thank you



84.5k

The security plugin implements a method 'beforeDispatch', this is the same name as an event triggered by the dispatcher: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L84

We need to get the current user or profile in session to validate the access against the Acl: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L87

Here, we get the acl: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L97

And perform the validation: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L99

If the user does not have access, we forward him/her to the index page: https://github.com/phalcon/invo/blob/master/app/plugins/Security.php#L102



7.8k
edited Jul '14

Thank you for the explanation.

Sorry Phalcon I'm not explaining myself well... I have that code well implemented. So now in other controllers for example products I need to check if products controller is private or not etc...

regards



7.8k

Yes its like that ! :) thank you