Beispiel #1
0
 /**
  * validate the current user's request
  *
  * @param Zend_Controller_Request_Abstract $request
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $this->_identity = Digitalus_Auth::getIdentity();
     $this->_acl = new Digitalus_Acl();
     $role = Model_Group::GUEST_ROLE;
     if (!empty($this->_identity)) {
         $role = $this->_identity->role;
     }
     $module = $request->module;
     $controller = $request->controller;
     $action = $request->action;
     if ($module != 'public' && $controller != 'public') {
         //go from more specific to less specific
         $moduleLevel = $module;
         $controllerLevel = $moduleLevel . '_' . $controller;
         $actionLevel = $controllerLevel . '_' . $action;
         if ($this->_acl->has($actionLevel)) {
             $resource = $actionLevel;
         } else {
             if ($this->_acl->has($controllerLevel)) {
                 $resource = $controllerLevel;
             } else {
                 $resource = $moduleLevel;
             }
         }
         if ($this->_acl->has($resource) && !$this->_acl->isAllowed($role, $resource)) {
             if (!$this->_identity || Model_Group::GUEST_ROLE == $role) {
                 $request->setModuleName($this->_noAuth['admin']['module']);
                 $request->setControllerName($this->_noAuth['admin']['controller']);
                 $request->setActionName($this->_noAuth['admin']['action']);
                 $request->setParam('authPage', 'login');
             } else {
                 $request->setModuleName($this->_noAcl['admin']['module']);
                 $request->setControllerName($this->_noAcl['admin']['controller']);
                 $request->setActionName($this->_noAcl['admin']['action']);
                 $request->setParam('authPage', 'noauth');
             }
         }
     } else {
         $resource = Digitalus_Toolbox_Page::getCurrentPageName();
         // write pageName to registry when coming from a page
         if ('index' == $controller && 'index' == $action) {
             Zend_Registry::set('Digitalus_Page_Name', $resource);
         }
         $resource = strtolower(Digitalus_Toolbox_String::replaceUnderscore($resource));
         // only check Acl if page is NOT homepage
         if (!empty($resource) && '' != $resource && Digitalus_Toolbox_Page::getHomePageName() != $resource) {
             if ($this->_acl->has($resource) && !$this->_acl->isAllowed($role, $resource)) {
                 if (!$this->_identity || Model_Group::GUEST_ROLE != $role) {
                     $request->setModuleName($this->_noAcl['public']['module']);
                     $request->setControllerName($this->_noAcl['public']['controller']);
                     $request->setActionName($this->_noAcl['public']['action']);
                     $request->setParam('authPage', 'login');
                 } else {
                     $request->setModuleName($this->_noAcl['public']['module']);
                     $request->setControllerName($this->_noAcl['public']['controller']);
                     $request->setActionName($this->_noAcl['public']['action']);
                     $request->setParam('authPage', 'noauth');
                 }
             }
         }
     }
 }