prepare new MVC framework to use legacy ACL structure

src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php

@@ -28,6 +28,7 @@
  */
 namespace OPNsense\Base;
 
+use OPNsense\Core\ACL;
 use Phalcon\Mvc\Controller;
 
 /**
@@ -59,6 +60,12 @@ class ApiControllerBase extends Controller
             $this->response->redirect("/", true);
         }
 
+        // Authorization using legacy acl structure
+        $acl = new ACL();
+        if (!$acl->isPageAccessible($this->session->get("Username"), $_SERVER['REQUEST_URI'])) {
+            $this->response->redirect("/", true);
+        }
+
         // check for valid csrf on post requests
         $csrf_tokenkey = $this->request->getHeader('X_CSRFTOKENKEY');
         $csrf_token =   $this->request->getHeader('X_CSRFTOKEN');

src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php

@@ -29,6 +29,7 @@
 namespace OPNsense\Base;
 
 use OPNsense\Core\Config;
+use OPNsense\Core\ACL;
 use Phalcon\Mvc\Controller;
 use Phalcon\Translate\Adapter\NativeArray;
 
@@ -75,6 +76,14 @@ class ControllerBase extends Controller
             if ($this->session->has("Username") == false) {
                 $this->response->redirect("/", true);
             }
+
+            // Authorization using legacy acl structure
+            $acl = new ACL();
+            if (!$acl->isPageAccessible($this->session->get("Username"), $_SERVER['REQUEST_URI'])) {
+                $this->response->redirect("/", true);
+            }
+
+
             // check for valid csrf on post requests
             if ($this->request->isPost() && !$this->security->checkToken()) {
                 // post without csrf, exit.