private function _authorize(array $constraints) { if (count($constraints) === 0) { // for those action which do not need a user logged in return true; } if ($this->_user instanceof User === false) { $this->_session->set('referer', $this->_request->url()); $this->redirect('/login'); } $authorized = true; foreach ($constraints as $constraint) { $authorized = $authorized && $constraint->authorize($this); } return $authorized; }