Restrict
in package
implements
RouteAttributeInterface
Restrict Attribute
Restricts access to controller methods or entire controllers based on environment, hostname, or subdomain conditions. Throws PageNotFoundException when restrictions are not met.
Limitations:
- Throws PageNotFoundException (404) for all restriction failures
- Cannot provide custom error messages or HTTP status codes
- Subdomain detection may not work correctly behind proxies without proper configuration
- Does not support wildcard or regex patterns for hostnames
- Cannot restrict based on request headers, IP addresses, or user authentication
Security Considerations:
- Environment checks rely on the ENVIRONMENT constant being correctly set
- Hostname restrictions can be bypassed if Host header is not validated at web server level
- Should not be used as the sole security mechanism for sensitive operations
- Consider additional authorization checks for critical endpoints
- Does not prevent direct access if routes are exposed through other means
Attributes
- #[Attribute]
- \Attribute::TARGET_CLASS | \Attribute::TARGET_METHOD | \Attribute::IS_REPEATABLE
Table of Contents
Interfaces
Properties
- $environment : array<string|int, mixed>|string|null
- $hostname : array<string|int, mixed>|string|null
- $subdomain : array<string|int, mixed>|string|null
Methods
- __construct() : mixed
- after() : ResponseInterface|null
- Process the attribute after the controller is executed.
- before() : RequestInterface|ResponseInterface|null
- Process the attribute before the controller is executed.
- checkEnvironment() : void
- checkHostname() : void
- checkSubdomain() : void
Properties
$environment
public
array<string|int, mixed>|string|null
$environment
= null
$hostname
public
array<string|int, mixed>|string|null
$hostname
= null
$subdomain
public
array<string|int, mixed>|string|null
$subdomain
= null
Methods
__construct()
public
__construct([array<string|int, mixed>|string|null $environment = null ][, array<string|int, mixed>|string|null $hostname = null ][, array<string|int, mixed>|string|null $subdomain = null ]) : mixed
Parameters
- $environment : array<string|int, mixed>|string|null = null
- $hostname : array<string|int, mixed>|string|null = null
- $subdomain : array<string|int, mixed>|string|null = null
after()
Process the attribute after the controller is executed.
public
after(RequestInterface $request, ResponseInterface $response) : ResponseInterface|null
Parameters
- $request : RequestInterface
- $response : ResponseInterface
Return values
ResponseInterface|null —Return ResponseInterface to replace the response Return null to use the existing response
before()
Process the attribute before the controller is executed.
public
before(RequestInterface $request) : RequestInterface|ResponseInterface|null
Parameters
- $request : RequestInterface
Return values
RequestInterface|ResponseInterface|null —Return RequestInterface to replace the request Return ResponseInterface to short-circuit and send response Return null to continue normal execution
checkEnvironment()
protected
checkEnvironment() : void
checkHostname()
private
checkHostname(RequestInterface $request) : void
Parameters
- $request : RequestInterface
checkSubdomain()
private
checkSubdomain(RequestInterface $request) : void
Parameters
- $request : RequestInterface