Beispiel #1
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $this->_initAcl();
     if ($this->_auth->hasIdentity()) {
         $ident = $this->_auth->getIdentity();
         $date = new Zend_Date();
         $ident->last_login = $date->get(DATABASE_DATE_FORMAT);
         $ident->save();
     }
     if ($request->getControllerName() != 'admin' && $request->getModuleName() != 'admin') {
         return;
     }
     // if this is not admin skip the rest
     if (!$this->_auth->hasIdentity() && !($request->getControllerName() == 'auth' && $request->getActionName() == 'login' && $request->getModuleName() == 'admin')) {
         $redirect = new Zend_Controller_Action_Helper_Redirector();
         $redirect->gotoSimple('login', 'auth', 'admin');
     }
     if ($request->getModuleName() == 'user' && $request->getControllerName() == 'admin' && $request->getActionName() == 'profile') {
         return;
     }
     // the profile is a free resource
     $resource = $request->getModuleName() . '_' . $request->getControllerName();
     $hasResource = $this->_acl->has($resource);
     if ($hasResource && !$this->_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $request->getActionName())) {
         throw new FansubCMS_Exception_Denied('The user is not allowd to do this');
     }
 }
Beispiel #2
0
 /**
  * @param Zend_Controller_Request_Abstract $oHttpRequest
  */
 public function preDispatch(Zend_Controller_Request_Abstract $oHttpRequest)
 {
     $sControllerName = $oHttpRequest->getControllerName();
     $sActionName = $oHttpRequest->getActionName();
     $aRequestedParams = $oHttpRequest->getUserParams();
     $sQuery = '';
     unset($aRequestedParams['controller']);
     unset($aRequestedParams['action']);
     // Define user role
     if (Zend_Auth::getInstance()->hasIdentity()) {
         $aData = Zend_Auth::getInstance()->getStorage()->read();
         $sRole = $aData['role'];
     } else {
         // Default role
         $sRole = 'guest';
     }
     // Check access
     if (!$this->_oAcl->isAllowed($sRole, $sControllerName, $sActionName)) {
         $oHttpRequest->setParam('referer_controller', $sControllerName);
         $oHttpRequest->setParam('referer_action', $sActionName);
         $aParams = array();
         if (count($aRequestedParams)) {
             foreach ($aRequestedParams as $sKey => $sValue) {
                 $aParams[] = $sKey;
                 $aParams[] = $sValue;
             }
             $sQuery = implode('/', $aParams) . '/';
         }
         $oHttpRequest->setParam('query', $sQuery);
         $oHttpRequest->setControllerName('auth')->setActionName('login');
         $this->_response->setHttpResponseCode(401);
     }
 }
Beispiel #3
0
 public function setAcl(Zend_Acl $acl)
 {
     if (!$acl->has($this->getResourceId())) {
         $acl->add($this)->deny(Model_Role::GUEST, $this, array('view', 'delete'));
     }
     $this->_acl = $acl;
 }
Beispiel #4
0
 protected function _setupPrivileges()
 {
     $menu = new Application_Model_DbTable_MenuPermissaoPerfil();
     $listaPermissao = $menu->listaPermissaoPapel();
     //Zend_Registry::get('logger')->log($listaPermissao, Zend_Log::INFO);
     //$this->_acl->allow( 'guest', 'index', array('logout', 'login','index','edit-alterar-perfil','ajuda','lista-centro-custo','edit-centro-custo','add-centro-custo','delete-centro-custo','lista-compra','add-compra','edit-compra','delete-compra','add-projeto','add-servico','add-plano-acao','add-contato','add-noticia','edit-noticia','delete-noticia','lista-projeto','lista-tipo-projeto','edit-tipo-projeto','delete-tipo-projeto','lista-status-projeto','edit-status-projeto','delete-status-projeto') )
     //  ->allow( 'guest', 'error', array('error', 'forbidden') );
     // $this->_acl->allow( 'user', 'index', array('index','logout','lista-remessa','view-remessa','add-projeto') );
     //$this->_acl->allow( 'negocio', 'index', array('index', 'ranking-executivo-negocio','lista-fotos-evento','logout') );
     //$this->_acl->allow( 'gerente', 'index', array('index', 'ranking-gerente','lista-fotos-evento','logout') );
     // $this->_acl->allow( 'produtor', 'index', array('index','lista-fotos-evento','logout','observacao-evento') );
     //$this->_acl->allow( 'produtor', 'upload', array('media','uploadjqAction','uploadjq','lista-videos','videos') );
     //$this->_acl->allow( 'admin', 'index' );
     //$this->_acl->allow( 'admin', 'upload' );
     //$this->_acl->allow( 'Operador', 'index', array('index', 'add-pcp') );
     //$this->_acl->allow( 'Operador', 'index', array('add-pcp','index') );
     $arrayPermissao = array();
     $arrayPerfil = array();
     foreach ($listaPermissao as $value) {
         //$this->_acl->addRole( new Zend_Acl_Role($value['nome']) );
         $arrayPermissao[] = $value["NM_PAGINA"];
         $arrayPerfil[] = $value["nome"];
         $this->_acl->allow($value["nome"], 'index', array($value["NM_PAGINA"], 'index', 'logout', 'error', 'forbidden'));
     }
     //Zend_Registry::get('logger')->log($arrayPermissao, Zend_Log::INFO);
     //Zend_Registry::get('logger')->log($arrayPerfil, Zend_Log::INFO);
     //Zend_Registry::get('logger')->log(array('add-pcp','index'), Zend_Log::INFO);
 }
Beispiel #5
0
 /**
  * Check the acl
  *
  * @param string $resource
  * @param string $privilege
  * @return boolean
  */
 public function isAllowed($resource = null, $privilege = null)
 {
     if (null === $this->_acl) {
         return null;
     }
     return $this->_acl->isAllowed($this->getIdentity(), $resource, $privilege);
 }
Beispiel #6
0
 /**
  * Get acl for role
  *
  * @param Zend_Acl_Role_Interface $role
  * @return Zend_Acl
  */
 public function getAcl(Zend_Acl_Role_Interface $role)
 {
     if (isset($this->cache[$role->getRoleId()])) {
         return $this->cache[$role->getRoleId()];
     }
     $acl = new Zend_Acl();
     // set resources
     $resources = $this->getResources();
     foreach (array_keys($resources) as $resource) {
         $acl->addResource($resource);
     }
     // get role parents if possible
     $method = self::PARENTS_METHOD;
     $parents = NULL;
     if (method_exists($role, $method)) {
         foreach ($role->{$method}() as $parent) {
             $parents[] = $parent;
             $acl->addRole($parent);
             $this->addRules($acl, $parent);
         }
     }
     // set role
     $acl->addRole($role, $parents);
     $this->addRules($acl, $role);
     return $this->cache[$role->getRoleId()] = $acl;
 }
Beispiel #7
0
 protected function _isAuthorized($resource, $action)
 {
     $user = $this->_auth->hasIdentity() ? $this->_auth->getIdentity() : 'guest';
     if (!$this->_acl->has($resource) || !$this->_acl->isAllowed($user, $resource, $action)) {
         return false;
     }
     return true;
 }
Beispiel #8
0
 public function isAllowed($resource = null, $privilege = null, $role = null)
 {
     // Default business rule to return null instead of throwing exceptions for non-known resources
     if (!$this->_acl->has($resource)) {
         $resource = null;
     }
     return $this->_acl->isAllowed($resource, $privilege, $role);
 }
 public static function getAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('everyone'));
     $acl->addRole(new Zend_Acl_Role('blocked'), 'everyone');
     $acl->addRole(new Zend_Acl_Role('self'), 'everyone');
     return $acl;
 }
Beispiel #10
0
 public function testDeniesProfileEditToNonAdmin()
 {
     $mapper = new Default_Model_Mapper_Mongo_UserMapper();
     $user = $mapper->findByUserName('foo');
     $profile = $mapper->findByUserName('admin');
     $b = $this->_acl->isAllowed($user, $profile, 'update');
     $this->assertFalse($b);
 }
Beispiel #11
0
 /**
  * 是否有权限
  * 
  * @param string $action
  * @param string $controller
  * @param string $module
  * @param array $params
  * @return boolean
  */
 public function isAllowed($action, $controller, $module, $params = array())
 {
     $resource = ZtChart_Model_Acl_Resource::parsePageMvc($action, $controller, $module);
     if (!$this->_acl->has($resource)) {
         return true;
     } else {
         return $this->_acl->isAllowed($this->_role(), $resource, $this->_privileges());
     }
 }
Beispiel #12
0
 /**
  * Get ACL lists
  * 
  * @return Zend_Acl
  */
 public function getAcl()
 {
     if (null === $this->_acl) {
         $acl = new Zend_Acl();
         $acl->add(new Zend_Acl_Resource('admin'))->add(new Zend_Acl_Resource('kap'))->add(new Zend_Acl_Resource('members'))->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('kap'), 'guest')->addRole(new Zend_Acl_Role('admin'), 'kap')->deny()->allow('admin', 'admin')->allow('admin', 'members')->allow('admin', 'kap')->allow('kap', 'kap')->allow('kap', 'members')->allow('guest', 'members', array('index', 'team', 'player', 'turnir', 'old', 'regno'));
         $this->_acl = $acl;
     }
     return $this->_acl;
 }
 public function testApplyPermissions()
 {
     $acl = new Zend_Acl();
     $this->setExpectedException('Zend_Acl_Role_Registry_Exception');
     $acl->isAllowed($this->guestRole, 'documents');
     $roleConfig = new Application_Security_RoleConfig('guest');
     $roleConfig->applyPermissions($acl);
     $this->assertTrue($acl->isAllowed($this->guestRole, 'documents'), "Expected role 'guest' can access resource 'documents'");
 }
Beispiel #14
0
 protected function _isAuthorized($controller, $action)
 {
     $this->_acl = Zend_Registry::get('acl');
     $user = $this->_auth->getIdentity();
     if (!$this->_acl->has($controller) || !$this->_acl->isAllowed($user, $controller, $action)) {
         return false;
     }
     return true;
 }
Beispiel #15
0
 /**
  * Checks if user has the right to do privilege on resource
  * 
  * @param Zend_Acl_Resource $resource
  * @param string $privilege
  * @return boolean
  */
 public function isAllowed($resource, $privilege)
 {
     if (empty(self::$_acl)) {
         self::$_acl = Zend_Registry::get('Zend_Acl');
     }
     if (!self::$_acl->has($resource)) {
         return true;
     }
     return self::$_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $privilege);
 }
Beispiel #16
0
 /**
  * Get ACL lists
  *
  * @return Zend_Acl
  */
 public function getAcl()
 {
     if (null === $this->_acl) {
         $acl = new Zend_Acl();
         $this->_loadAclClasses();
         $acl->add(new Zend_Acl_Resource('page'))->addRole(new Brightfame_Acl_Role_Guest())->addRole(new Brightfame_Acl_Role_Member(), 'guest')->addRole(new Brightfame_Acl_Role_Administrator(), 'member')->deny()->allow('guest', 'page', array('view'))->allow('member', 'page', array('comment'))->allow('administrator', 'page', array('add', 'edit', 'delete', 'buildindex'));
         $this->_acl = $acl;
     }
     return $this->_acl;
 }
Beispiel #17
0
 /**
  * Get an ACL object for this post. 
  *
  * For now this is generic for all posts, but in the future may be post 
  * specific
  *
  * @return Zend_Acl
  */
 public function getAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole('guest')->addRole('user', 'guest')->addRole('admin');
     // Guests can view and comment
     $acl->allow('guest', null, array('view', 'comment'));
     // Admin can do anything
     $acl->allow('admin');
     return $acl;
 }
Beispiel #18
0
 public function checkAccess(Zend_Controller_Request_Abstract $request)
 {
     $resource = new User_Model_Acl_Resource();
     $resource->getPrivileges($request);
     if (!$resource->privileges || !$resource->resource_id) {
         //error in getting resource privileges or nobody is allowed access, deny access and redirect to forbidden
         return false;
     }
     $acl = new Zend_Acl();
     $acl->add(new Zend_Acl_Resource($resource->resource_id));
     foreach ($resource->privileges as $key => $privilege) {
         if (!$acl->hasRole($privilege["role_id"])) {
             $acl->addRole(new Zend_Acl_Role($privilege["role_id"]));
             $acl->allow($privilege["role_id"], $resource->resource_id);
         }
     }
     $authorization = Zend_Auth::getInstance();
     if ($authorization->hasIdentity()) {
         $user = $authorization->getIdentity();
         if ($acl->hasRole($user['role_id']) && $acl->isAllowed($user['role_id'], $resource->resource_id)) {
             //role has access
             return true;
         }
         //user role does not have access to this resource
         return false;
     } else {
         $aclrole = new User_Model_Acl_Role();
         $aclrole->getDefaultRole();
         if (!$aclrole->default_role || !$acl->hasRole($aclrole->default_role) || !$acl->isAllowed($aclrole->default_role, $resource->resource_id)) {
             //redirect to login
             return false;
         }
     }
     return true;
 }
Beispiel #19
0
 public function __construct($aclInfo = null, $options = null)
 {
     if (!empty($aclInfo)) {
         $acl = new Zend_Acl();
         $this->_role = $aclInfo['role'];
         $groupPrivileges = $aclInfo['privileges'];
         $acl->addRole(new Zend_Acl_Role($this->_role));
         $acl->allow($this->_role, null, $groupPrivileges);
         $this->_acl = $acl;
     }
 }
Beispiel #20
0
 /**
  * Inicializa a ACL juntamente com as permissões.
  *
  * @author  Alex Oliveira <*****@*****.**>
  * @version 1.0
  *
  * @return  Zend_Acl
  */
 protected static function init()
 {
     # instancia a ACL
     $acl = new Zend_Acl();
     # adiciona recursos disponíveis na ACL # trocar null pelo tipo de permissão {publica, protegida, privada}
     foreach (self::resources() as $controller => $actions) {
         $acl->addResource(new Zend_Acl_Resource($controller))->allow(null, $controller, $actions);
     }
     # retorna uma instância da acl
     return $acl;
 }
Beispiel #21
0
 public function testGetSelectAclIntegration()
 {
     // Test ItemTable::getSelect() when the ACL is not available.
     $this->assertEquals("SELECT items.* FROM omeka_items AS items", (string) $this->table->getSelect());
     // Test ItemTable::getSelect() when the ACL is available.
     $acl = new Zend_Acl();
     $acl->add(new Zend_Acl_Resource('Items'));
     $acl->deny(null, 'Items', 'showNotPublic');
     Zend_Registry::get('bootstrap')->getContainer()->acl = $acl;
     $this->assertContains("WHERE (items.public = 1)", (string) $this->table->getSelect());
 }
Beispiel #22
0
 public function testShouldAllowAccessForCorrectRole()
 {
     $request = $this->request->setModuleName('admin')->setControllerName('index')->setActionName('index');
     $this->acl->addResource('admin_index');
     $this->acl->allow(Acl::ROLE_GUEST, 'admin_index');
     $plugin = new Acl($this->acl);
     $plugin->setRequest($this->request);
     $plugin->preDispatch();
     $this->assertEquals('admin', $this->request->getModuleName());
     $this->assertEquals('index', $this->request->getControllerName());
     $this->assertEquals('index', $this->request->getActionName());
 }
Beispiel #23
0
 protected function _setupPrivileges()
 {
     $userAllowedResources = $this->ca->getupPrivileges($this->id_role);
     foreach ($userAllowedResources as $controller => $Actions) {
         $arrayAllowedActions = array();
         foreach ($Actions as $Action) {
             echo $this->role . ' - ' . $controller . ' - ' . $Action . '<br>';
             $arrayAllowedActions[] = $Action;
         }
         $this->_acl->allow($this->role, $controller, $arrayAllowedActions);
     }
 }
Beispiel #24
0
 /**
  */
 public function testPreDispatch()
 {
     $this->acl->addRole('guest');
     $request = new Zend_Controller_Request_Http();
     $request->setModuleName('1');
     $request->setControllerName('2');
     $request->setActionName('3');
     $this->object->preDispatch($request);
     self::assertEquals('default', $request->getModuleName());
     self::assertEquals('error', $request->getControllerName());
     self::assertEquals('denied', $request->getActionName());
 }
Beispiel #25
0
 public function appendRules(Zend_Acl $acl, $resource = null)
 {
     $acl->allow('everyone', $resource, 'view')->allow('self', $resource, 'edit')->deny('blocked');
     if (Doctrine::getTable('SnsConfig')->get('is_allow_config_public_flag_profile_page')) {
         $config = Doctrine::getTable('SnsConfig')->get('is_allow_config_public_flag_profile_page');
     } elseif ($resource) {
         $config = $resource->getConfig('profile_page_public_flag');
     }
     if ($config && 4 == $config) {
         $acl->allow('anonymous', $resource, 'view');
     }
     return $acl;
 }
Beispiel #26
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('admin'));
     $acl->add(new Zend_Acl_Resource('admin'));
     $acl->add(new Zend_Acl_Resource('index'));
     $acl->deny();
     $acl->allow('admin', null);
     $acl->allow('guest', 'admin', array('login'));
     $acl->allow('guest', 'index');
     Zend_Registry::set('acl', $acl);
 }
 public function __construct($auth = null)
 {
     if (is_null($auth)) {
         $auth = Zend_Auth::getInstance();
     }
     $this->_auth = $auth;
     $acl = new Zend_Acl();
     foreach ($this->_roles as $role => $parent) {
         $acl->addRole(new Zend_Acl_Role($role), $parent);
     }
     // $acl->deny(); // create whitelist. Zend_Acl defaults to this.
     $this->_acl = $acl;
 }
 /**
  * Grant access if the user owns the record or the parent exhibit.
  */
 public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
 {
     $allPriv = $privilege . 'All';
     $selfPriv = $privilege . 'Self';
     if (!$role instanceof User) {
         return false;
     } else {
         $allowedAll = $acl->isAllowed($role, $resource, $allPriv);
         $allowedSelf = $acl->isAllowed($role, $resource, $selfPriv);
         $ownsRecord = $this->_userOwnsRecord($role, $resource);
         return $allowedAll || $allowedSelf && $ownsRecord;
     }
 }
 /**
  *(non-PHPdoc)
  *
  * @see Zend_Controller_Plugin_Abstract::preDispatch()
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     /**
      * Recupera a identidade do usuario logado
      *
      * @var Array
      */
     $role = $this->auth->getIdentity();
     /**
      * Recursos que se deseja acesso
      *
      * @var String
      */
     $resource = $this->getRequest()->getModuleName();
     /**
      * Ação permitida dentro de um resource
      *
      * @var String
      */
     $action = $this->getRequest()->getModuleName() != 'admin' && $this->getRequest()->getModuleName() != 'sac' ? null : $this->getRequest()->getControllerName();
     // Verificação condicional para os controllers e actions de upload
     if (!($request->getActionName() == 'upload' || $request->getControllerName() == 'upload')) {
         // Verifica se ha lixo na autenticacao
         if (!is_array($role)) {
             // Parametros
             $params = array();
             // Destroi qualquer instancia de autenticacao
             $this->auth->clearIdentity();
             // Altera a rota de destino
             $request->setModuleName('admin')->setControllerName('login')->setActionName('index');
             return;
         }
         // Verifica se o recurso existe e se o usuario logado tem acesso
         if (!$this->acl->has($resource) || !$this->acl->isAllowed($role['usuario'], $resource, $action)) {
             // Parametros
             $params = array();
             // Redireciona para o controller de login
             if ($role['usuario'] != 'visitante') {
                 $params['erro'] = 'Você não possui permissão de acesso a este recurso.';
                 $request->setModuleName('admin')->setControllerName('index')->setActionName('index')->setParams($params);
             } else {
                 if ($this->getRequest()->getModuleName() == "sac") {
                     $request->setModuleName('sac')->setControllerName('login')->setActionName('index')->setParams($params);
                 } else {
                     $request->setModuleName('admin')->setControllerName('login')->setActionName('index')->setParams($params);
                 }
             }
             return;
         }
     }
 }
Beispiel #30
0
 /**
  * check if specific roles are allowed to perform specific action on resource
  * @param $roles (array)roles array
  * @param $permissionName (integer)permission identifier 
  * @param $object (integer)object identifier
  * @param $defaultDeniedMessage (boolean)should add a default access denied message to flash messanger
  * @return boolean
  */
 static function isAllowed($roles, $permissionName, $object = null, $defaultDeniedMessage = true)
 {
     $cache = Zend_Registry::get('cache_files');
     $acl = new Zend_Acl();
     #adding all the roles that user has
     $tmpRoles = array();
     foreach ($roles as $role) {
         $acl->addRole(new Zend_Acl_Role($role->id));
         array_push($tmpRoles, $role->id);
     }
     $select = self::getAclTable()->select()->where('role IN (?)', $tmpRoles);
     #fetching permissions for specific object from database
     #if no object is passed then we test for object 1 - faking site "section" permission
     if (!$object) {
         $object = 1;
     }
     $select->where('object = ?', (int) $object);
     #resource for test
     $acl->add(new Zend_Acl_Resource($object));
     #caching
     $permsAvailable = $cache->load(md5(UNIQUE_HASH . $select->__toString()));
     if ($permsAvailable === false) {
         $permsAvailable = array();
         #TODO is there a more efficient way to do it instead of casting to array and then casting to object ?
         $aclResources = self::getAclTable()->fetchAll($select)->toArray();
         foreach ($aclResources as $aclResource) {
             array_push($permsAvailable, (object) $aclResource);
         }
         $cache->save($permsAvailable, md5(UNIQUE_HASH . $select->__toString()), array('acl', 'user_data'));
     }
     #setting up permissions for roles
     if ($permsAvailable) {
         foreach ($permsAvailable as $perm) {
             $acl->allow($perm->role, $perm->object, $perm->permission);
         }
     }
     #admin has access to everything
     #admin group has id of 2 in db
     if (in_array(2, $tmpRoles)) {
         $acl->allow(2);
     }
     #setting a role that will be used for testing and will inherit all the priviledges from parent roles
     $acl->addRole(new Zend_Acl_Role('testedRole'), $tmpRoles);
     #query acl
     $result = $acl->isAllowed('testedRole', $object, $permissionName);
     if (!$result && $defaultDeniedMessage) {
         $messages = Zend_Controller_Action_HelperBroker::getStaticHelper('Messages');
         $messages->errors = 'e_permission_too_low';
     }
     return $result;
 }