Published on 2015-05-23 by John Collins. Socials: YouTube - X - Spotify - Amazon Music - Apple Podcast |
In the new HTTP routing API under development in Alpha 2.0, a typical route would be set up in the FrontController like so:
$this->addRoute('/cache', function($request) { $controller = new CacheController(); return $controller->process($request); });
This is great for routing /cache requests to the CacheController, but what about applying permissions, i.e. who can access the CacheController? Presently in Alpha 1.x, a controller sets it's rights group level permissions on construction, and then proceeds to check if the current user belongs to that group before allowing them access to the controller. This proposal is designed to improve on that.
In the above closure, the following would be added:
$controller->grantAccess($rightsGroup, array('POST', 'PUT', 'DELETE')); $controller->grantAccess('Public', array('GET'));
So we can make multiple grantAccess() calls to give different rights groups access to different controller methods.
The main benefits are:
There are some code implications to this change that will require some refactoring:
The ticket to track this change is on Github here.