How does nette know when a page is backend

4 years ago
kevin.waterson@gmail.com
Member | 81
+
0
-

If I have this code in my admin presenter, how does nette decide that this is in the backend or not?
I am trying to understand the program flow.

<?php

        protected function startup(): void
        {
                parent::startup();
                if (!$this->getUser()->isAllowed('backend')) {
                        throw new Nette\Application\ForbiddenRequestException;
                }
        }
?>
4 years ago
CZechBoY
Member | 3608
+
+1
-

It is just a resource defined in your authorizator https://doc.nette.org/…thentication#…

4 years ago
kevin.waterson@gmail.com
Member | 81
+
0
-

CZechBoY wrote:

It is just a resource defined in your authorizator https://doc.nette.org/…thentication#…

Does the authorizator need to be called via the config somehow?
Or is this done from the presenter?

4 years ago
CZechBoY
Member | 3608
+
0
-

Check the documentation.

If you want custom authorizator you should implement IAuthorizator interface and register it as service in config.
I often use just AuthorizationFactory which returns Nette\Security\Permission object in create method, then you register this factory as you can see in documentation.

Last edited by CZechBoY (2019-12-08 16:24)

4 years ago
kevin.waterson@gmail.com
Member | 81
+
0
-

CZechBoY wrote:

Check the documentation.

If you want custom authorizator you should implement IAuthorizator interface and register it as service in config.
I often use just AuthorizationFactory which returns Nette\Security\Permission object in create method, then you register this factory as you can see in documentation.

That was another query I had.
What is the difference between using IAuthorizator, and Permission?
They seem to achieve the same goal of checking a users ability to perform and action on a resource.

4 years ago
MajklNajt
Member | 471
+
+1
-

Nette\Security\IAuthorizator is interface, Nette\Security\Permission is one implementation of this interface, you can write own implementation as wrote CZechBoY

kevin.waterson@gmail.com wrote:

CZechBoY wrote:

Check the documentation.

If you want custom authorizator you should implement IAuthorizator interface and register it as service in config.
I often use just AuthorizationFactory which returns Nette\Security\Permission object in create method, then you register this factory as you can see in documentation.

That was another query I had.
What is the difference between using IAuthorizator, and Permission?
They seem to achieve the same goal of checking a users ability to perform and action on a resource.