Permissions at router level

Bill Lions
Member | 47
+
0
-

After reading through https://doc.nette.org/…thentication, authorization is performed in a presenter.

if( isAllowed(...){...

Is it possible to check permission on a route?
Eg: isAllowed(), or maybe hasPermission() would check if a user has permission to access a given route.
In this way, the presenter would never be loaded.

David Matějka
Moderator | 6445
+
0
-

Hi, it could be possible bt I wouldn't recommend it. IMHO it is far more easier to overlook something.
E.g. when you create a catch all route (like the one in webproject) then all presenters will be accessible no matter what.

dkorpar
Member | 136
+
+2
-

I would just add that it's not Router concern to deal with user permissions.