nette/application 3.2: attribute #[Requires]
- David Grudl
- Nette Core | 8253
I've added a new #[Requires]
attribute to Nette Application 3.2.
(Currently in the 3.2.x-dev branch).
With this attribute, for example, you can allow access to the presenter only for certain HTTP methods:
(This setting bypasses and replaces the $allowedMethods
array in
the presenter.)
You can require an AJAX request:
You can require access only from the same domain:
You can require that the presenter can be accessed only indirectly via
forward()
:
You can allow access only to certain actions:
All these values can be combined.
Attributes on Methods
The use becomes much more interesting due to the fact that the attribute can be applied not only to the class but also to these methods:
action<Name>()
render<Name>()
handle<Name>()
createComponent<Name>()
The last two methods also apply to all components!
So, for example, you can control that an action is executable only by an AJAX POST request:
Or that the render method will be available only if it is accessed indirectly
(forward or setView()
in the action method):
Or, for example, control that a component will be available only in certain actions:
For handle methods #[Requires(sameOrigin: false)]
replaces the
#[CrossOrigin]
attribute.
Alternative notation
Attributes can also be written in this way:
Custom Combinations
You can also inherit the attribute and have a specific configuration under one name:
I would be glad if you could test this and write any comments and suggestions.
Update: the final description of how it works can be found at https://doc.nette.org/…ute-requires