public function __isAllowed() { //hardcoded api_key=>role for brevity $roles = array('12345' => 'user', '67890' => 'admin'); $userClass = Defaults::$userIdentifierClass; if (isset($_GET['api_key'])) { if (!array_key_exists($_GET['api_key'], $roles)) { $userClass::setCacheIdentifier($_GET['api_key']); return false; } } else { return false; } static::$role = $roles[$_GET['api_key']]; $userClass::setCacheIdentifier(static::$role); Defaults::$accessControlFunction = 'AccessControl::verifyAccess'; return static::$requires == static::$role || static::$role == 'admin'; }