AllowedFor wip

src/Application/Attributes/AllowedFor.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nette\Application\Attributes;
+
+use Attribute;
+
+
+#[Attribute(Attribute::TARGET_METHOD | Attribute::TARGET_CLASS)]
+class AllowedFor
+{
+	public function __construct(
+		public ?bool $httpGet = null,
+		public ?bool $httpPost = null,
+		public ?bool $forward = null,
+		public ?array $actions = null,
+		public ?bool $crossOrigin = null,
+	) {
+	}
+}

src/Application/UI/Component.php

@@ -134,6 +134,13 @@ public function checkRequirements($element): void
 		) {
 			$this->getPresenter()->detectedCsrf();
 		}
+
+		if ($attrs = $element->getAttributes(Nette\Application\Attributes\AllowedFor::class)) {
+			$method = strtolower($this->getPresenter()->getRequest()->getMethod());
+			if (empty($attrs[0]->newInstance()->$method)) {
+				throw new Nette\Application\BadRequestException("Method '$method' is not allowed.");
+			}
+		}
 	}