protected function _getAcl()
{
$acl = false;
if (Zend_Registry::isRegistered('cache')) {
$cache = Zend_Registry::get('cache');
$acl = $cache->load('acl');
}
if (!$acl) {
$acl = new Zend_Acl();
$role = new Auth_Model_DbTable_Role();
$resource = new Auth_Model_DbTable_Resource();
$roleResource = new Auth_Model_DbTable_RoleResource();
$roles = $role->fetchAll("name <> 'Todos'");
$resources = $resource->getDistinctModules();
$relations = $roleResource->fetchAllRelations();
$acl->addRole('Todos');
foreach ($roles as $role) {
$acl->addRole($role['name'], 'Todos');
}
foreach ($resources as $resource) {
$acl->addResource($resource['module']);
}
foreach ($relations as $relation) {
$acl->allow($relation['name'], $relation['module'], $relation['privilege']);
}
if (Zend_Registry::isRegistered('cache')) {
$cache->save($acl, 'acl');
}
}
Zend_Registry::set('acl', $acl);
return $acl;
}
public function __construct()
{
$acl = new Zend_Acl();
//ролі
$acl->addRole(new Zend_Acl_Role('guest'));
//user наслідує усі параметри guest
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'));
//ресурси - доступні контролери
$acl->add(new Zend_Acl_Resource('users'));
$acl->add(new Zend_Acl_Resource('index'));
//дозвіл
$acl->deny();
//заборонити доступ всім
$acl->allow('admin', null);
//дозволити доступ admin-у до всього
//users це resource - контролер
// далі $privilege - екшн
$acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
$acl->allow('guest', 'index');
$acl->allow('user', 'users', array('logout'));
$acl->deny('user', 'users', array('login', 'registration'));
//глобальний доступ до змінної
//щоб використати у видах
Zend_Registry::set('acl', $acl);
/*
//isAllowed() - чи має доступ $role до $resourse і $privilege
//$resource - контролер
//$privilege - екшн
if($acl->isAllowed($role, $resource, $privilege)){
} */
}
/**
* Hlavni logika ACL
*
* @param $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$acl = new Zend_Acl();
$identity = $auth->getIdentity();
$acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner');
if ($identity->owner == true) {
$inherit = 'owner';
} elseif ($identity->administrator == true) {
$inherit = 'admin';
} else {
$inherit = 'user';
}
$acl->addRole(new Zend_Acl_Role($identity->email), $inherit);
$projekt = $request->getParam('projekt');
// Zakladni resource
foreach ($this->_resources as $val => $key) {
$acl->add(new Zend_Acl_Resource($key));
}
// Prava pro zakladni resource
$acl->allow('owner');
$acl->deny('admin', 'account');
$acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir'));
$acl->deny('user', 'account');
$acl->deny('user', 'project', $this->_create);
$acl->deny('user', 'people', $this->_create);
$acl->deny('user', 'project', $this->_manage);
$acl->deny('user', 'people', $this->_manage);
if ($request->id == $identity->iduser) {
$acl->allow('user', 'people', $this->_manage);
}
// Resource pro projektovou podsekci
$this->_projectAcl($acl, $identity);
Zend_Registry::set('acl', $acl);
if ($identity->administrator == 1) {
$isAllowed = true;
} elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName());
} elseif (in_array($request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName());
} else {
$isAllowed = false;
}
$error = $request->getParam('error_handler');
if (is_null($error)) {
if (!$isAllowed) {
$module = $this->_noacl['module'];
$controller = $this->_noacl['controller'];
$action = $this->_noacl['action'];
}
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}
protected function _setupRoles()
{
$this->_acl->addRole(new Zend_Acl_Role('guest'));
$this->_acl->addRole(new Zend_Acl_Role('usuario'), 'guest');
$this->_acl->addRole(new Zend_Acl_Role('admin'), 'usuario');
$this->_acl->addRole(new Zend_Acl_Role('gestao'), 'admin');
}
public function init()
{
$acl = new Zend_Acl();
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_USER, OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, OpenSKOS_Db_Table_Users::USER_ROLE_USER);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR);
$acl->addResource('website');
$acl->addResource('editor');
$acl->addResource('editor.concepts', 'editor');
$acl->addResource('editor.concept-schemes', 'editor');
$acl->addResource('editor.institution', 'editor');
$acl->addResource('editor.collections', 'editor');
$acl->addResource('editor.delete-all-concepts-in-collection', 'editor');
$acl->addResource('editor.users', 'editor');
$acl->addResource('editor.jobs', 'editor');
$acl->addResource('editor.manage-search-profiles', 'editor');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST, 'website', 'view');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor', 'view');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor.concepts', 'view');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, 'editor.concepts', array('propose'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concepts', array('full-create', 'edit', 'delete', 'bulk-status-edit'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concept-schemes', array('index', 'create', 'edit', 'delete', 'manage-icons'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.institution', null);
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.collections', array('index', 'manage'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.users', array('index', 'manage'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.jobs', array('index', 'manage'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.manage-search-profiles', null);
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, 'editor.delete-all-concepts-in-collection', null);
Zend_Registry::set(self::REGISTRY_KEY, $acl);
//store the ACL for the view:
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
}
public function __construct()
{
$acl = new Zend_Acl();
// добавляем роли
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
// добавляем ресурсы
$acl->add(new Zend_Acl_Resource('sites'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('logs'));
$acl->add(new Zend_Acl_Resource('auth'));
$acl->add(new Zend_Acl_Resource('maps'));
$acl->add(new Zend_Acl_Resource('best'));
$acl->add(new Zend_Acl_Resource('news'));
// если нет роли то все запрещаем
$acl->deny();
// админу по умолчанию разрешено все
$acl->allow('admin', null);
// гостю только контроллер с экшеном для входа
$acl->allow('guest', 'auth', array('index', 'check'));
$acl->allow('guest', 'maps', array('cronmaps'));
$acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect'));
// если надо запретить экшены в разрешенном контроллере
/*$acl->deny('user', 'users', array(
'login', 'registration'
));
*
*/
Zend_Registry::set('acl', $acl);
}
/**
* (non-PHPdoc)
* @see Zend_Application_Resource_ResourceAbstract#init()
*/
public function init()
{
$this->_acl = new Zend_Acl();
// static roles
$this->_acl->addRole(new Zend_Acl_Role('all'));
$this->_acl->addRole(new Zend_Acl_Role('anonymous'), 'all');
$this->_acl->addRole(new Zend_Acl_Role('identified'), 'all');
// dinamic roles
foreach ($this->_roles as $roleName) {
if (!$this->_acl->hasRole($roleName)) {
$this->_acl->addRole(new Zend_Acl_Role($roleName), 'identified');
}
}
// var_dump($this->_resources);exit;
// rules
foreach ($this->_resources as $module => $grants) {
$module = strtolower($module);
$this->_acl->add(new Zend_Acl_Resource($module));
foreach ($grants as $controller => $grant) {
$controller = strtolower($controller);
foreach ($grant as $action => $roles) {
$resource = $controller . self::RESOURCE_SEPARATOR . $action;
foreach (explode(',', $roles) as $role) {
if (!empty($role)) {
$this->_acl->allow(trim($role), $module, $resource);
}
}
}
}
}
Zend_Registry::set('acl', $this->_acl);
return $this->_acl;
}
protected function _initAlc()
{
// Создаём объект Zend_Acl
$acl = new Zend_Acl();
//$acl->removeAll();
// указываем, что у нас есть ресурсы
//$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('auth'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->addResource(new Zend_Acl_Resource('models-generator'));
$acl->addResource(new Zend_Acl_Resource('slugify'));
$acl->addResource(new Zend_Acl_Resource('sefurl'));
$acl->addResource(new Zend_Acl_Resource('search-index'));
$acl->addResource(new Zend_Acl_Resource('test'));
$acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('cache-manager'));
$acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
$acl->addResource(new Zend_Acl_Resource('products-draft'));
// далее переходим к созданию ролей, которых у нас 2:
// гость (неавторизированный пользователь)
$acl->addRole('guest');
// администратор, который наследует доступ от гостя
$acl->addRole('admin', 'guest');
$acl->deny();
//$acl->allow('guest', array('default', 'catalog', 'error'));
$acl->allow('guest', 'auth');
$acl->allow('admin');
// получаем экземпляр главного контроллера
$fc = Zend_Controller_Front::getInstance();
// регистрируем плагин с названием AclUtils, в который передаём
// на ACL и экземпляр Zend_Auth
$fc->registerPlugin(new Plugin_AclUtils($acl, Zend_Auth::getInstance()));
}
protected function _setupRoles()
{
$this->_acl->addRole(new Zend_Acl_Role('guest'));
$this->_acl->addRole(new Zend_Acl_Role('editor'));
$this->_acl->addRole(new Zend_Acl_Role('desen'));
$this->_acl->addRole(new Zend_Acl_Role('admin'));
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(Model_Role::GUEST));
$acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST);
$acl->addResource(new Zend_Acl_Resource('admin'));
$acl->addResource(new Zend_Acl_Resource('blog'));
$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->allow(Model_Role::GUEST, 'blog');
$acl->allow(Model_Role::GUEST, 'error');
$acl->allow(Model_Role::GUEST, 'index');
$acl->allow(Model_Role::GUEST, 'admin', array('login'));
$acl->allow(Model_Role::ADMIN, 'admin');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$user = new Model_User($auth->getIdentity());
$role = $user->role_id;
} else {
$role = Model_Role::GUEST;
}
$resource = $request->getControllerName();
$privilege = $request->getActionName();
if (!$acl->isAllowed($role, $resource, $privilege)) {
$this->_request->setControllerName('admin')->setActionName('login');
$this->_response->setRedirect('/admin/login/');
}
}
public function getAcl()
{
$acl = new Zend_Acl();
// Add roles.
$acl->addRole('super');
// Admins inherit privileges from super users.
$acl->addRole('admin', 'super');
$acl->addRole('researcher');
// Contributors inherit privileges from researchers.
$acl->addRole('contributor', 'researcher');
// Add resources, corresponding to Omeka controllers.
$resources = array('Items', 'Collections', 'ElementSets', 'Files', 'Plugins', 'Settings', 'Security', 'Upgrade', 'Tags', 'Themes', 'SystemInfo', 'ItemTypes', 'Users', 'Search', 'Appearance', 'Elements');
foreach ($resources as $resource) {
$acl->addResource($resource);
}
// Define allow rules for everyone.
// Everyone can view and browse these resources.
$acl->allow(null, array('Items', 'ItemTypes', 'Tags', 'Collections', 'Search', 'ElementSets', 'Elements'), array('index', 'browse', 'show', 'home', 'print-cart'));
// Everyone can view an item's tags and use the item search.
$acl->allow(null, array('Items'), array('tags', 'search'));
// Everyone can view files.
$acl->allow(null, 'Files', 'show');
// Non-authenticated users can access the upgrade script, for logistical reasons.
$acl->allow(null, 'Upgrade');
// Deny privileges from admin users
$acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo', 'Appearance'));
// Assert ownership for certain privileges.
// Owners can edit and delete items and collections.
$acl->allow(null, array('Items', 'Collections'), array('edit', 'delete'), new Omeka_Acl_Assert_Ownership());
// Owners can edit files.
$acl->allow(null, 'Files', 'edit', new Omeka_Acl_Assert_Ownership());
// Define allow rules for specific roles.
// Super users have full privileges.
$acl->allow('super');
// Researchers can view and search items and collections that are not public.
$acl->allow('researcher', array('Items', 'Collections', 'Search'), 'showNotPublic');
// Contributors can add and tag items, edit or delete their own items, and see
// their items that are not public.
$acl->allow('contributor', 'Items', array('add', 'tag', 'batch-edit', 'batch-edit-save', 'change-type', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
// Contributors can edit their own files.
$acl->allow('contributor', 'Files', 'editSelf');
// Contributors have access to tag autocomplete.
$acl->allow('contributor', 'Tags', array('autocomplete'));
// Contributors can add collections, edit or delete their own collections, and
// see their collections that are not public.
$acl->allow('contributor', 'Collections', array('add', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
$acl->allow('contributor', 'Elements', 'element-form');
// Define deny rules.
// Deny admins from accessing some resources allowed to super users.
$acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo'));
// Deny admins from deleting item types and item type elements.
$acl->deny('admin', 'ItemTypes', array('delete', 'delete-element'));
// Deny Users to admins since they normally have all the super permissions.
$acl->deny(null, 'Users');
$acl->allow(array('super', 'admin', 'contributor', 'researcher'), 'Users', null, new Omeka_Acl_Assert_User());
// Always allow users to login, logout and send forgot-password notifications.
$acl->allow(array(null, 'admin'), 'Users', array('login', 'logout', 'forgot-password', 'activate'));
return $acl;
}
public static function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('everyone'));
$acl->addRole(new Zend_Acl_Role('blocked'), 'everyone');
$acl->addRole(new Zend_Acl_Role('self'), 'everyone');
return $acl;
}
/**
* Return the acl under test
*
* @return Zend_Acl
*/
protected function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'));
$acl->addResource('foo');
$acl->allow('user', 'foo');
return $acl;
}
public static function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('everyone'));
$acl->addRole(new Zend_Acl_Role('creator'), 'everyone');
$acl->addRole(new Zend_Acl_Role('user'), 'everyone');
$acl->addRole(new Zend_Acl_Role('creator_user'), 'creator');
return $acl;
}
public static function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('member'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'), 'member');
$acl->addRole(new Zend_Acl_Role('writer'), 'member');
return $acl;
}
/**
* _setupRoles
*
* @return void
*/
protected function _setupRoles()
{
$this->_roles = $this->_roleService->getAllRoles();
foreach ($this->_roles as $i) {
$this->_acl->addRole($i);
}
$currentRoles = Zend_Registry::get('Default_DiContainer')->getUserService()->getIdentity()->getRoles();
$this->_acl->addRole(new Zend_Acl_Role('user'), $currentRoles);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
$module = $request->getModuleName();
if ($module == 'admin') {
$moduleList = new Zend_Session_Namespace('moduleList');
$userInfo = new Zend_Session_Namespace('userInfo');
$module = $moduleList->module;
$allowed_module = $userInfo->module_list;
//generating all resources
$acl = new Zend_Acl();
//generating user permission
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->addRole(new Zend_Acl_Role('anonymous'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('ajax'));
$acl->allow('admin', 'index');
$acl->allow('admin', 'ajax');
if (!empty($module)) {
foreach ($module as $value) {
if (!$acl->has($value['controller'])) {
$acl->add(new Zend_Acl_Resource($value['controller']));
}
if (in_array($value['id'], $allowed_module)) {
if ($value['action'] != null) {
$acl->allow('admin', $value['controller'], $value['action']);
} else {
$acl->allow('admin', $value['controller']);
}
}
}
}
//allowing anonymous user to get into the login page
$acl->allow('anonymous', 'index', 'index');
$acl->allow('anonymous', 'index', 'login');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$role = 'admin';
} else {
$role = 'anonymous';
}
$controller = $request->controller;
$action = $request->action;
if (!$acl->isAllowed($role, $controller, $action)) {
$request->setModuleName('admin');
$request->setControllerName('error');
$request->setActionName('acl');
$request->setParam('type', 1);
}
}
} catch (Zend_Acl_Exception $e) {
$request->setModuleName('admin');
$request->setControllerName('error');
$request->setActionName('acl');
$request->setParam('type', 2);
}
}
protected function getAcl()
{
$oAcl = new Zend_Acl();
// Perfis
$oAcl->addRole(new Zend_Acl_Role('all'));
$oAcl->addRole(new Zend_Acl_Role('participante'), array('all'));
$oAcl->addRole(new Zend_Acl_Role('palestrante'), array('participante'));
$oAcl->addRole(new Zend_Acl_Role('admin'), array('palestrante'));
// Controllers e Actions
$oAcl->add(new Zend_Acl_Resource('administrador:index'));
$oAcl->add(new Zend_Acl_Resource('administrador:listagem'));
$oAcl->add(new Zend_Acl_Resource('administrador:marcar-presenca'));
$oAcl->add(new Zend_Acl_Resource('administrador:email'));
$oAcl->add(new Zend_Acl_Resource('salas:index'));
$oAcl->add(new Zend_Acl_Resource('salas:formulario'));
$oAcl->add(new Zend_Acl_Resource('salas:gravar'));
$oAcl->add(new Zend_Acl_Resource('index:index'));
$oAcl->add(new Zend_Acl_Resource('atividades:index'));
$oAcl->add(new Zend_Acl_Resource('atividades:formulario'));
$oAcl->add(new Zend_Acl_Resource('atividades:gravar'));
$oAcl->add(new Zend_Acl_Resource('atividades:visualizar'));
$oAcl->add(new Zend_Acl_Resource('atividades:imprimir'));
$oAcl->add(new Zend_Acl_Resource('participantes:index'));
$oAcl->add(new Zend_Acl_Resource('participantes:cadastrar'));
$oAcl->add(new Zend_Acl_Resource('participantes:login'));
$oAcl->add(new Zend_Acl_Resource('participantes:logout'));
$oAcl->add(new Zend_Acl_Resource('participantes:recuperar-senha'));
$oAcl->add(new Zend_Acl_Resource('inscricoes:index'));
$oAcl->add(new Zend_Acl_Resource('inscricoes:inscrever'));
$oAcl->add(new Zend_Acl_Resource('inscricoes:cadastra'));
$oAcl->add(new Zend_Acl_Resource('inscricoes:cancelar'));
// Permissões
$oAcl->allow('all', 'index:index');
$oAcl->allow('all', 'atividades:index');
$oAcl->allow('all', 'atividades:visualizar');
$oAcl->allow('all', 'participantes:cadastrar');
$oAcl->allow('all', 'participantes:login');
$oAcl->allow('all', 'participantes:logout');
$oAcl->allow('all', 'participantes:recuperar-senha');
$oAcl->allow('all', 'inscricoes:index');
$oAcl->allow('all', 'inscricoes:cadastra');
$oAcl->allow('all', 'inscricoes:cancelar');
// Permissões participante
$oAcl->allow('participante', 'participantes:index');
$oAcl->allow('participante', 'atividades:formulario');
$oAcl->allow('participante', 'atividades:gravar');
// Permissões admin
$oAcl->allow('admin', 'administrador:index');
$oAcl->allow('admin', 'administrador:listagem');
$oAcl->allow('admin', 'salas:index');
$oAcl->allow('admin', 'salas:formulario');
$oAcl->allow('admin', 'salas:gravar');
$oAcl->allow('admin', 'atividades:imprimir');
$oAcl->allow('admin', 'administrador:marcar-presenca');
$oAcl->allow('admin', 'administrador:email');
return $oAcl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if (PHP_SAPI == 'cli') {
return;
}
$acl = new Zend_Acl();
// add the roles
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'), 'user');
// add the resources
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('user'));
$acl->addResource(new Zend_Acl_Resource('profile'));
$acl->addResource(new Zend_Acl_Resource('post'));
$acl->addResource(new Zend_Acl_Resource('*'));
// set up the access rules
$acl->allow(null, array('index', 'error'));
// a guest can only sign up content and login
$acl->allow('guest', 'user', array('login', 'register', 'unique', 'search'));
// user
$acl->allow('user', 'user', array('edit', 'logout'));
$acl->allow('user', 'profile', array('edit', 'profile', 'getxml', 'viewxml', 'more'));
$acl->allow('user', 'post', array('new', 'postxml', 'getposts', 'like', 'share', 'comment', 'home', 'edit', 'allcomment', 'notification', 'report'));
$acl->allow('admin', null);
// Fetch the current user
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$id = get_user_id();
$role = "user";
if ($id == 2) {
$role = "admin";
}
} else {
$role = 'guest';
}
// Authorization
$controller = $request->controller;
$action = $request->action;
try {
if (!$acl->isAllowed($role, $controller, $action)) {
if ($role == 'guest') {
$redirector = new Zend_Controller_Action_Helper_Redirector();
$redirector->gotoSimple('login', 'user');
} else {
// User with role $role is not authorized for $controller/$action"
$request->setControllerName('error');
$request->setActionName('notauthorized');
}
}
} catch (Exception $e) {
$request->setControllerName('error');
$request->setActionName('notfound');
}
}
protected function _initAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_GUEST));
$acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_USER), Core_Role::ROLE_GUEST);
$acl->addResource('default:index');
$acl->allow(Core_Role::ROLE_GUEST, 'default:index', 'index');
$registry = Zend_Registry::getInstance();
$registry->set('acl', $acl);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// set up acl
$acl = new Zend_Acl();
// add the roles
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('consumer'), 'guest');
$acl->addRole(new Zend_Acl_Role('administrator'), 'consumer');
$acl->addRole(new Zend_Acl_Role('client'));
// add the resources
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('error'));
$acl->add(new Zend_Acl_Resource('admin'));
$acl->add(new Zend_Acl_Resource('campaign'));
$acl->add(new Zend_Acl_Resource('campaigninvitation'));
$acl->add(new Zend_Acl_Resource('campaignparticipation'));
$acl->add(new Zend_Acl_Resource('client'));
$acl->add(new Zend_Acl_Resource('consumer'));
$acl->add(new Zend_Acl_Resource('conversation'));
$acl->add(new Zend_Acl_Resource('dashboard'));
$acl->add(new Zend_Acl_Resource('forgetpassword'));
$acl->add(new Zend_Acl_Resource('gift'));
$acl->add(new Zend_Acl_Resource('history'));
$acl->add(new Zend_Acl_Resource('home'));
$acl->add(new Zend_Acl_Resource('login'));
// set up the access rules
$acl->allow(null, array('index', 'error'));
// a guest can only login
$acl->allow('guest', 'index', array('index', 'loginfailed'));
$acl->allow('guest', 'login', array('login'));
$acl->allow('guest', 'forgetpassword', array('index', 'sendsms', 'sendemail'));
// consumer
$acl->allow('consumer', 'gift', array('list', 'addtocart', 'cart', 'listorder'));
// administrators can do anything
$acl->allow('administrator', null);
// fetch the current user
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$authNamespace = new Zend_Session_Namespace('Zend_Auth');
$role = $authNamespace->role;
} else {
$role = 'guest';
}
$controller = $request->controller;
$action = $request->action;
if (!$acl->isAllowed($role, $controller, $action)) {
if ($role == 'guest') {
$request->setControllerName('index');
$request->setActionName('index');
} else {
$request->setControllerName('error');
$request->setActionName('noauth');
}
}
}
protected function setUp()
{
\Zend_Controller_Front::getInstance()->resetInstance();
$this->request = new \Zend_Controller_Request_Http();
\Zend_Session::$_unitTestEnabled = true;
$this->acl = new \Zend_Acl();
$this->acl->deny();
$this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST));
$this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST);
parent::setUp();
}
public static function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('alien'));
$acl->addRole(new Zend_Acl_Role('guest'), 'alien');
$acl->addRole(new Zend_Acl_Role('member'), 'guest');
$acl->addRole(new Zend_Acl_Role('subadmin'), 'member');
$acl->addRole(new Zend_Acl_Role('admin'), 'subadmin');
$acl->allow('subadmin', null, 'edit');
$acl->allow('subadmin', null, 'delete');
return $acl;
}
/**
*/
public function testPreDispatch()
{
$this->acl->addRole('guest');
$request = new Zend_Controller_Request_Http();
$request->setModuleName('1');
$request->setControllerName('2');
$request->setActionName('3');
$this->object->preDispatch($request);
self::assertEquals('default', $request->getModuleName());
self::assertEquals('error', $request->getControllerName());
self::assertEquals('denied', $request->getActionName());
}
public function __construct()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->add(new Zend_Acl_Resource('admin'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->deny();
$acl->allow('admin', null);
$acl->allow('guest', 'admin', array('login'));
$acl->allow('guest', 'index');
Zend_Registry::set('acl', $acl);
}
protected function _initAcl()
{
$acl = new Zend_Acl();
// Add groups to the Role registry using Zend_Acl_Role
// Guest does not inherit access controls
$roleGuest = new Zend_Acl_Role('guest');
$acl->addRole($roleGuest);
// Staff inherits from guest
$acl->addRole(new Zend_Acl_Role('staff'), $roleGuest);
// Editor inherits from staff
$acl->addRole(new Zend_Acl_Role('editor'), 'staff');
// Administrator does not inherit access controls
$acl->addRole(new Zend_Acl_Role('administrator'));
// Guest may only view content
$acl->allow($roleGuest, null, 'view');
$acl->allow('staff', null, array('edit', 'submit', 'revise'));
$acl->allow('editor', null, array('publish', 'archive', 'delete'));
$acl->allow('administrator');
/*echo $acl->isAllowed('guest', null, 'view') ?
"allowed" : "denied";
// allowed
echo $acl->isAllowed('staff', null, 'publish') ?
"allowed" : "denied";
// denied
echo $acl->isAllowed('staff', null, 'revise') ?
"allowed" : "denied";
// allowed
echo $acl->isAllowed('editor', null, 'view') ?
"allowed" : "denied";
// allowed because of inheritance from guest
echo $acl->isAllowed('editor', null, 'update') ?
"allowed" : "denied";
// denied because no allow rule for 'update'
echo $acl->isAllowed('administrator', null, 'view') ?
"allowed" : "denied";
// allowed because administrator is allowed all privileges
echo $acl->isAllowed('administrator') ?
"allowed" : "denied";
// allowed because administrator is allowed all privileges
echo $acl->isAllowed('administrator', null, 'update') ?
"allowed" : "denied";
// allowed because administrator is allowed all privileges*/
}
/**
*
*/
public function buildAcl()
{
if (is_null($this->acl)) {
$this->acl = new Zend_Acl();
}
$this->acl->removeAll();
$permissions = $this->getPermissionList();
$resources = $this->getResourceList();
$resourceParents = $this->getResourceParentList();
$roles = $this->getRoleList();
$roleParents = $this->getRoleParentList();
$rolesTmp = array();
foreach ($roles as $role) {
$roleId = $role['role_id'];
$roleName = $role['role_name'];
$rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array());
$rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId));
}
foreach ($roleParents as $roleParent) {
$roleId = $roleParent['role_id'];
$roleIdParent = $roleParent['role_id_parent'];
$rolesTmp[$roleId]['parents'][] = $roleIdParent;
}
foreach ($rolesTmp as $role) {
$this->acl->addRole($role['name'], $role['parents']);
}
#echo '<pre>';
$resourcesTmp = array();
foreach ($resources as $resource) {
$resourceId = $resource['resource_id'];
$resourceName = $resource['resource_name'];
$resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null);
$resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId);
}
foreach ($resourceParents as $resourceParent) {
$resourceId = $resourceParent['resource_id'];
$resourceIdParent = $resourceParent['resource_id_parent'];
$resourcesTmp[$resourceId]['parent'] = $resourceIdParent;
}
foreach ($resourcesTmp as $resource) {
$this->acl->addResource($resource['name'], $resource['parent']);
}
foreach ($permissions as $permission) {
if (empty($permission['allowed'])) {
$this->acl->deny($permission['role_id'], $permission['resource_id']);
} else {
$this->acl->allow($permission['role_id'], $permission['resource_id']);
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// set up acl
$acl = new Zend_Acl();
// add the roles
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('administrator'), 'user');
// add the resources
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('error'));
$acl->add(new Zend_Acl_Resource('page'));
$acl->add(new Zend_Acl_Resource('menu'));
$acl->add(new Zend_Acl_Resource('menuitem'));
$acl->add(new Zend_Acl_Resource('user'));
$acl->add(new Zend_Acl_Resource('search'));
$acl->add(new Zend_Acl_Resource('feed'));
// set up the access rules
$acl->allow(null, array('index', 'error'));
// a guest can only read content and login
$acl->allow('guest', 'page', array('index', 'open'));
$acl->allow('guest', 'menu', array('render'));
$acl->allow('guest', 'user', array('login'));
$acl->allow('guest', 'search', array('index', 'search'));
$acl->allow('guest', 'feed');
// cms users can also work with content
$acl->allow('user', 'page', array('list', 'create', 'edit', 'delete'));
// administrators can do anything
$acl->allow('administrator', null);
// fetch the current user
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$identity = $auth->getIdentity();
$role = strtolower($identity->role);
} else {
$role = 'guest';
}
$controller = $request->controller;
$action = $request->action;
if (!$acl->isAllowed($role, $controller, $action)) {
if ($role == 'guest') {
$request->setControllerName('user');
$request->setActionName('login');
} else {
$request->setControllerName('error');
$request->setActionName('noauth');
}
}
}
public function setUp()
{
$acl = new Zend_Acl();
// Add resources and roles
$acl->addResource('profile');
$acl->addRole('admin');
$acl->addRole('user');
// Deny everything by default
$acl->deny();
// Admins can create and edit users but normal users are only
// allowed to edit their own profile
$acl->allow('admin', 'profile', array('create', 'read', 'update'));
$acl->allow('user', 'profile', array('read', 'update'), new App_Acl_Assert_SameUser());
$this->_acl = $acl;
}
protected function _initAcl()
{
$this->bootstrap('frontController');
$front = $this->getResource('frontController');
$acl = new \Zend_Acl();
$acl->deny();
$acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST));
$acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST);
$aclConfig = new \Zend_Config_Ini(APPLICATION_PATH . '/configs/acl.ini');
foreach ($aclConfig as $resourceName => $role) {
$acl->addResource($resourceName);
$acl->allow($role, $resourceName);
}
$front->registerPlugin(new Acl($acl));
}
