Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to make a plugin's URL publicly accessible?

businessdadbusinessdad Stealth contributor MVP
edited March 2012 in Vanilla 2.0 - 2.8

I think I'm getting a grasp of Vanilla's logic, but I'm still stuck on a few things. This one gives me the feeling that I'm missing something obvious. It's super-late here (as usual) and I may very well have the issue in front of my nose and not seeing it.

Long story short, I wrote a Controller_MyPublicMethod method in my plugin, and it's fired correctly when I open the URL http://localhost/plugin/myplugin/mypublicmethod. However, this happens only if I'm logged in as Administrator. If I log in with a normal user, or as anonymous, and try to open the URL, I get a Permission Denied error. I'd like that URL and related method to be accessible by everybody, including anonymous users. My new Controller method just contains echo "OK";, without checking any permission.

Any suggestion about what I could be doing wrong is very welcome, thanks. :)

Best Answer

  • ToddTodd Chief Product Officer Vanilla Staff
    Answer ✓

    By default your methods should be public. Look for a call to $Sender->Permission() or something like that.


  • ToddTodd Chief Product Officer Vanilla Staff
    Answer ✓

    By default your methods should be public. Look for a call to $Sender->Permission() or something like that.

  • businessdadbusinessdad Stealth contributor MVP

    @Todd Thanks, you were right. I had a Permission call lying around in the wrong place.

    Now I'm facing another issue: when an anonymous User opens the URL, Vanilla fires my plugin's method correctly, but then it outputs the login page. I'd like to let my plugin handle the rendering and display only what I need.
    For example, I'm trying to just display a message (e.g. "You're anonymous") on an empty page, but I can't find a way to do it. I tried the following:

    • Creating a specific View containing the message and calling Render().
    • Using a simple echo and immediately returning from Controller method.

    No matter what, Vanilla renders the login page. Is it possible to override this behaviour?

    Thanks again.

  • businessdadbusinessdad Stealth contributor MVP

    I find a partial answer to my last question: I set Sender->MasterView to "empty" and I can now render my plugin's view inside an (almost) empty page. There are still unneeded elements in it (mostly JavaScript), but it's good enough for my purpose. :)

  • ToddTodd Chief Product Officer Vanilla Staff

    Okay. So there is some other method still calling Gdn_Controller->Permission(). If you can go to library/core/class.controller.php and call:


    This will let you see what's still calling Permission() and may help us uncover a bug.

    A few more tips:

    1. You can use $Sender->MasterView = 'None'; to get a truly empty page if you wish.
    2. When checking permissions you can check a permission without any side-effects by calling Gdn::Session()->CheckPermission('PermissionName') which is useful if you want to display different stuff depending on permissions.
  • businessdadbusinessdad Stealth contributor MVP

    @Todd Thanks, all permission issues are resolved, and I can finally have an empty page in response to a call. Just a note: to get an empty page, the command should be $Sender->MasterView = 'none';, "none" must be in lower-case. It's not to be pedantic, just to help other inexperienced readers who could get an exception by writing it wrong. :)

Sign In or Register to comment.