URLSpecialsMiddleware
class URLSpecialsMiddleware extends PermissionAwareConfirmationMiddleware (View source)
Check the request for the URL special variables.
Performs authorisation, confirmation and actions for some of those.
WARNING: Bypasses only disable authorisation and confirmation, but not actions nor redirects
The rules are:
- flush GET parameter
- isDev GET parameter
- isTest GET parameter
- dev/build URL
Traits
Schedule flush operation for a following request
Implements switching user session into Test and Dev environment types
Properties
protected | string | $confirmationId | The confirmation storage identifier |
from ConfirmationMiddleware |
protected | string | $confirmationFormUrl | Confirmation form URL WARNING: excluding SS_BASE_URL |
from ConfirmationMiddleware |
protected | Rule[] | $rules | The list of rules to check requests against |
from ConfirmationMiddleware |
protected | Bypass[] | $bypasses | The list of bypasses |
from ConfirmationMiddleware |
Methods
The URL of the confirmation form ("Security/confirm/middleware" by default)
Returns the URL where the user to be redirected when declining the action (on the confirmation form)
Extract the confirmation items from the request and return
Initialize the confirmation session storage with the confirmation items and return an HTTPResponse redirecting to the according confirmation form.
Process the confirmation items and either perform the confirmedEffect and pass the request to the next middleware, or return a redirect to the confirmation form
The middleware own effects that should be performed on confirmation
Returns flag whether we want to enforce authentication or not
Check whether the user has permissions to perform the target operation Otherwise we may want to skip the confirmation dialog.
Returns HTTPResponse with a redirect to a login page
Checks whether the request has GET flags to control environment type and amends the user session accordingly
Looks up for the special flags passed in the request and schedules the changes accordingly for the next request.
Details
__construct()
Initializes the middleware with the required rules
protected string
getConfirmationUrl(HTTPRequest $request, string $confirmationStorageId)
The URL of the confirmation form ("Security/confirm/middleware" by default)
protected string
generateDeclineUrlForRequest(HTTPRequest $request)
Returns the URL where the user to be redirected when declining the action (on the confirmation form)
$this
setDeclineUrl(string $url)
Override the default decline url
bool
canBypass(HTTPRequest $request)
Check whether the rules can be bypassed without user confirmation
Item[]
getConfirmationItems(HTTPRequest $request)
Extract the confirmation items from the request and return
protected HTTPResponse
buildConfirmationRedirect(HTTPRequest $request, Storage $storage, array $confirmationItems)
Initialize the confirmation session storage with the confirmation items and return an HTTPResponse redirecting to the according confirmation form.
protected HTTPResponse
processItems(HTTPRequest $request, callable $delegate, Item[] $items)
Process the confirmation items and either perform the confirmedEffect and pass the request to the next middleware, or return a redirect to the confirmation form
protected null|HTTPResponse
confirmedEffect(HTTPRequest $request)
The middleware own effects that should be performed on confirmation
This method is getting called before the confirmation storage cleanup so that any responses returned here don't trigger a new confirmtation for the same request traits
HTTPResponse
process(HTTPRequest $request, callable $delegate)
Generate response for the given request
$this
setConfirmationStorageId(string $id)
Override the confirmation storage ID
$this
setConfirmationFormUrl(string $url)
Override the confirmation form url
$this
setBypasses(Bypass[] $bypasses)
Set the list of bypasses for the confirmation
string[]
getAffectedPermissions()
Returns the list of permissions that are affected
$this
setAffectedPermissions(string[] $permissions)
Set the list of affected permissions
If the user doesn't have at least one of these, we assume they don't have access to the protected action, so we don't ask for a confirmation
bool
getEnforceAuthentication()
Returns flag whether we want to enforce authentication or not
$this
setEnforceAuthentication(bool $enforce)
Set whether we want to enforce authentication
We either enforce authentication (redirect to a login form) or silently assume the user does not have permissions and so we don't have to ask for a confirmation
bool
hasAccess(HTTPRequest $request)
Check whether the user has permissions to perform the target operation Otherwise we may want to skip the confirmation dialog.
WARNING! The user has to be authenticated beforehand
protected HTTPResponse
getAuthenticationRedirect(HTTPRequest $request)
Returns HTTPResponse with a redirect to a login page
bool
scheduleFlush(HTTPRequest $request)
Schedules the manifest flush operation for a following request
WARNING! Does not perform flush, but schedules it for another request
bool
setSessionEnvType(HTTPRequest $request)
Checks whether the request has GET flags to control environment type and amends the user session accordingly
null|HTTPResponse
buildImpactRedirect(HTTPRequest $request)
Looks up for the special flags passed in the request and schedules the changes accordingly for the next request.
Returns a redirect to the same page (with a random token) if there are changes introduced by the flags. Returns null if there is no impact introduced by the flags.