class URLSpecialsMiddleware extends PermissionAwareConfirmationMiddleware (View source)

Check the request for the URL special variables.

Performs authorisation, confirmation and actions for some of those.

WARNING: Bypasses only disable authorisation and confirmation, but not actions nor redirects

The rules are:

  • flush GET parameter
  • isDev GET parameter
  • isTest GET parameter
  • dev/build URL

Traits

Schedule flush operation for a following request

Implements switching user session into Test and Dev environment types

Methods

__construct()

Initializes the middleware with the required rules

$this
setDeclineUrl(string $url)

Override the default decline url

bool
canBypass(HTTPRequest $request)

Check whether the rules can be bypassed without user confirmation

Item[]
getConfirmationItems(HTTPRequest $request)

Extract the confirmation items from the request and return

process(HTTPRequest $request, callable $delegate)

Generate response for the given request

$this
setConfirmationStorageId(string $id)

Override the confirmation storage ID

$this
setConfirmationFormUrl(string $url)

Override the confirmation form url

$this
setBypasses(Bypass[] $bypasses)

Set the list of bypasses for the confirmation

string[]
getAffectedPermissions()

Returns the list of permissions that are affected

$this
setAffectedPermissions(string[] $permissions)

Set the list of affected permissions

bool
getEnforceAuthentication()

Returns flag whether we want to enforce authentication or not

$this
setEnforceAuthentication(bool $enforce)

Set whether we want to enforce authentication

bool
hasAccess(HTTPRequest $request)

Check whether the user has permissions to perform the target operation Otherwise we may want to skip the confirmation dialog.

bool
scheduleFlush(HTTPRequest $request)

Schedules the manifest flush operation for a following request

bool
setSessionEnvType(HTTPRequest $request)

Checks whether the request has GET flags to control environment type and amends the user session accordingly

buildImpactRedirect(HTTPRequest $request)

Looks up for the special flags passed in the request and schedules the changes accordingly for the next request.

Details

__construct()

Initializes the middleware with the required rules

$this setDeclineUrl(string $url)

Override the default decline url

Parameters

string $url

Return Value

$this

bool canBypass(HTTPRequest $request)

Check whether the rules can be bypassed without user confirmation

Parameters

HTTPRequest $request

Return Value

bool

Item[] getConfirmationItems(HTTPRequest $request)

Extract the confirmation items from the request and return

Parameters

HTTPRequest $request

Return Value

Item[]

list of confirmation items

HTTPResponse process(HTTPRequest $request, callable $delegate)

Generate response for the given request

Parameters

HTTPRequest $request
callable $delegate

Return Value

HTTPResponse

$this setConfirmationStorageId(string $id)

Override the confirmation storage ID

Parameters

string $id

Return Value

$this

$this setConfirmationFormUrl(string $url)

Override the confirmation form url

Parameters

string $url

Return Value

$this

$this setBypasses(Bypass[] $bypasses)

Set the list of bypasses for the confirmation

Parameters

Bypass[] $bypasses

Return Value

$this

string[] getAffectedPermissions()

Returns the list of permissions that are affected

Return Value

string[]

$this setAffectedPermissions(string[] $permissions)

Set the list of affected permissions

If the user doesn't have at least one of these, we assume they don't have access to the protected action, so we don't ask for a confirmation

Parameters

string[] $permissions

list of affected permissions

Return Value

$this

bool getEnforceAuthentication()

Returns flag whether we want to enforce authentication or not

Return Value

bool

$this setEnforceAuthentication(bool $enforce)

Set whether we want to enforce authentication

We either enforce authentication (redirect to a login form) or silently assume the user does not have permissions and so we don't have to ask for a confirmation

Parameters

bool $enforce

Return Value

$this

bool hasAccess(HTTPRequest $request)

Check whether the user has permissions to perform the target operation Otherwise we may want to skip the confirmation dialog.

WARNING! The user has to be authenticated beforehand

Parameters

HTTPRequest $request

Return Value

bool

bool scheduleFlush(HTTPRequest $request)

Schedules the manifest flush operation for a following request

WARNING! Does not perform flush, but schedules it for another request

Parameters

HTTPRequest $request

Return Value

bool

true if flush has been scheduled, false otherwise

bool setSessionEnvType(HTTPRequest $request)

Checks whether the request has GET flags to control environment type and amends the user session accordingly

Parameters

HTTPRequest $request

Return Value

bool

true if changed the user session state, false otherwise

null|HTTPResponse buildImpactRedirect(HTTPRequest $request)

Looks up for the special flags passed in the request and schedules the changes accordingly for the next request.

Returns a redirect to the same page (with a random token) if there are changes introduced by the flags. Returns null if there is no impact introduced by the flags.

Parameters

HTTPRequest $request

Return Value

null|HTTPResponse

redirect to the same url