Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Handle 403 response on HMVC request
  • gizmogizmo
    Hello together

    i am developing a web application which uses a controller action based access rights system.
    (Means: All controllers and controller actions are stored inside the database. The controller actions can be connected to roles, which can be connected to users (user_role) and give the user access to the controller action.)
    The access rights get checked, when the user calls an action. (Inside the before() method in the base controller i extend in each controller).
    If the user has no access right to the action he called, a 403 error is thrown and a "You don't have the access right to.." - view is rendered instead of executing the action. (the same way as here: http://fuelphp.com/forums/discussion/8677)

    This works fine for standard GET and POST requests as well as ajax requests but if i am doing a HMVC request, the 403 view gets rendered, which looks very weird if the HMVC request was just used to render a small comment controller box or something like this. It would be better, if there would be a "empty" HTML response, so that the user just does not see the box, if he don't has the access right to see it.

    At the moment i use a custom function which does a access rights check first and only executes the HMVC request if the user has an access right to execute this action. Otherwhise an empty string will be returned.
    But this means, every access rights check for a HMVC request is done twice which is not very nice.

    I tried to "check" inside httpaccessdeniedexception.php if the request was HMVC ( if (Request::is_hmvc()) and then just return an "empty" response but if i do it like this, the rendering of the whole page, which contains this hmvc output, seems to get aborted...

    Do you have any ideas how to do this?

    Greetings from switzerland
    Danny

  • HarroHarro
    Accepted Answer
    In case of an HMVC call, the exception will just bubble up.

    So use something like this in your controllers:

    try
    {
        $hmvc = \Request::forge('some/hmvc/url');
    }
    catch (\HttpNotFoundException $e)
    {
        // handle the fact that the requested HMVC url could not be routed to
    }
    catch (\HttpNoAccessEcception $e)
    {
        // handle the access violation
    }
    catch (\Exception $e)
    {
        // handle other exceptions
    }

    This off course requires that you have used the standard Fuel exceptions to handle your access violation, or used a custom exception. The post you referred to was a discussion about Fuel 1.1, and no longer valid.

    The current Fuel version throws exceptions for 403, 404 and 500 type errors, which are handled in your index.php unless you catch them.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion