In my before() methods I have several checks to make sure the user has access to that function. Can be looking for a group, a user status (disabled) or permissions etc.
But the only way I can think as to how to handle the response is to set a flag and check it in the controller's action and then return an error response (403 or similar).
Something like:
public function get_index($show_default=false)
{
// Make sure the user has the required permissions/access
$this->has_permission('read');
if ( $this->is_halted() ){
return $this->make_error_response();
}
....
}
I keep repeating those lines at the beginning of EVERY rest controller action.
I was wondering if it was possible to return the response in before() and not continue with the action method.
No, the before() method is a prepping method, it has no option to return anything. Ideally it should not abort as well, although technically you can, either via an exception, or via a redirect.
If you want generic access checks, it's probably best to define a base controller, give that a router() method, use that to check for access. Unlike before(), router() can return a response. If acccess is granted, have the method call the requested method, and return it's response.
Donate
