protected function _getAcl() { $acl = false; if (Zend_Registry::isRegistered('cache')) { $cache = Zend_Registry::get('cache'); $acl = $cache->load('acl'); } if (!$acl) { $acl = new Zend_Acl(); $role = new Auth_Model_DbTable_Role(); $resource = new Auth_Model_DbTable_Resource(); $roleResource = new Auth_Model_DbTable_RoleResource(); $roles = $role->fetchAll("name <> 'Todos'"); $resources = $resource->getDistinctModules(); $relations = $roleResource->fetchAllRelations(); $acl->addRole('Todos'); foreach ($roles as $role) { $acl->addRole($role['name'], 'Todos'); } foreach ($resources as $resource) { $acl->addResource($resource['module']); } foreach ($relations as $relation) { $acl->allow($relation['name'], $relation['module'], $relation['privilege']); } if (Zend_Registry::isRegistered('cache')) { $cache->save($acl, 'acl'); } } Zend_Registry::set('acl', $acl); return $acl; }
public function __construct() { $acl = new Zend_Acl(); //ролі $acl->addRole(new Zend_Acl_Role('guest')); //user наслідує усі параметри guest $acl->addRole(new Zend_Acl_Role('user'), 'guest'); $acl->addRole(new Zend_Acl_Role('admin')); //ресурси - доступні контролери $acl->add(new Zend_Acl_Resource('users')); $acl->add(new Zend_Acl_Resource('index')); //дозвіл $acl->deny(); //заборонити доступ всім $acl->allow('admin', null); //дозволити доступ admin-у до всього //users це resource - контролер // далі $privilege - екшн $acl->allow('guest', 'users', array('login', 'registration', 'confirm')); $acl->allow('guest', 'index'); $acl->allow('user', 'users', array('logout')); $acl->deny('user', 'users', array('login', 'registration')); //глобальний доступ до змінної //щоб використати у видах Zend_Registry::set('acl', $acl); /* //isAllowed() - чи має доступ $role до $resourse і $privilege //$resource - контролер //$privilege - екшн if($acl->isAllowed($role, $resource, $privilege)){ } */ }
/** * Hlavni logika ACL * * @param $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $acl = new Zend_Acl(); $identity = $auth->getIdentity(); $acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner'); if ($identity->owner == true) { $inherit = 'owner'; } elseif ($identity->administrator == true) { $inherit = 'admin'; } else { $inherit = 'user'; } $acl->addRole(new Zend_Acl_Role($identity->email), $inherit); $projekt = $request->getParam('projekt'); // Zakladni resource foreach ($this->_resources as $val => $key) { $acl->add(new Zend_Acl_Resource($key)); } // Prava pro zakladni resource $acl->allow('owner'); $acl->deny('admin', 'account'); $acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir')); $acl->deny('user', 'account'); $acl->deny('user', 'project', $this->_create); $acl->deny('user', 'people', $this->_create); $acl->deny('user', 'project', $this->_manage); $acl->deny('user', 'people', $this->_manage); if ($request->id == $identity->iduser) { $acl->allow('user', 'people', $this->_manage); } // Resource pro projektovou podsekci $this->_projectAcl($acl, $identity); Zend_Registry::set('acl', $acl); if ($identity->administrator == 1) { $isAllowed = true; } elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) { $isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName()); } elseif (in_array($request->getControllerName(), $this->_resources)) { $isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName()); } else { $isAllowed = false; } $error = $request->getParam('error_handler'); if (is_null($error)) { if (!$isAllowed) { $module = $this->_noacl['module']; $controller = $this->_noacl['controller']; $action = $this->_noacl['action']; } } $request->setModuleName($module); $request->setControllerName($controller); $request->setActionName($action); } }
protected function _setupRoles() { $this->_acl->addRole(new Zend_Acl_Role('guest')); $this->_acl->addRole(new Zend_Acl_Role('usuario'), 'guest'); $this->_acl->addRole(new Zend_Acl_Role('admin'), 'usuario'); $this->_acl->addRole(new Zend_Acl_Role('gestao'), 'admin'); }
public function init() { $acl = new Zend_Acl(); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_USER, OpenSKOS_Db_Table_Users::USER_ROLE_GUEST); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, OpenSKOS_Db_Table_Users::USER_ROLE_USER); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR); $acl->addResource('website'); $acl->addResource('editor'); $acl->addResource('editor.concepts', 'editor'); $acl->addResource('editor.concept-schemes', 'editor'); $acl->addResource('editor.institution', 'editor'); $acl->addResource('editor.collections', 'editor'); $acl->addResource('editor.delete-all-concepts-in-collection', 'editor'); $acl->addResource('editor.users', 'editor'); $acl->addResource('editor.jobs', 'editor'); $acl->addResource('editor.manage-search-profiles', 'editor'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST, 'website', 'view'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor', 'view'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor.concepts', 'view'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, 'editor.concepts', array('propose')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concepts', array('full-create', 'edit', 'delete', 'bulk-status-edit')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concept-schemes', array('index', 'create', 'edit', 'delete', 'manage-icons')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.institution', null); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.collections', array('index', 'manage')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.users', array('index', 'manage')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.jobs', array('index', 'manage')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.manage-search-profiles', null); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, 'editor.delete-all-concepts-in-collection', null); Zend_Registry::set(self::REGISTRY_KEY, $acl); //store the ACL for the view: Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); }
public function __construct() { $acl = new Zend_Acl(); // добавляем роли $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('admin')); // добавляем ресурсы $acl->add(new Zend_Acl_Resource('sites')); $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('logs')); $acl->add(new Zend_Acl_Resource('auth')); $acl->add(new Zend_Acl_Resource('maps')); $acl->add(new Zend_Acl_Resource('best')); $acl->add(new Zend_Acl_Resource('news')); // если нет роли то все запрещаем $acl->deny(); // админу по умолчанию разрешено все $acl->allow('admin', null); // гостю только контроллер с экшеном для входа $acl->allow('guest', 'auth', array('index', 'check')); $acl->allow('guest', 'maps', array('cronmaps')); $acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect')); // если надо запретить экшены в разрешенном контроллере /*$acl->deny('user', 'users', array( 'login', 'registration' )); * */ Zend_Registry::set('acl', $acl); }
/** * (non-PHPdoc) * @see Zend_Application_Resource_ResourceAbstract#init() */ public function init() { $this->_acl = new Zend_Acl(); // static roles $this->_acl->addRole(new Zend_Acl_Role('all')); $this->_acl->addRole(new Zend_Acl_Role('anonymous'), 'all'); $this->_acl->addRole(new Zend_Acl_Role('identified'), 'all'); // dinamic roles foreach ($this->_roles as $roleName) { if (!$this->_acl->hasRole($roleName)) { $this->_acl->addRole(new Zend_Acl_Role($roleName), 'identified'); } } // var_dump($this->_resources);exit; // rules foreach ($this->_resources as $module => $grants) { $module = strtolower($module); $this->_acl->add(new Zend_Acl_Resource($module)); foreach ($grants as $controller => $grant) { $controller = strtolower($controller); foreach ($grant as $action => $roles) { $resource = $controller . self::RESOURCE_SEPARATOR . $action; foreach (explode(',', $roles) as $role) { if (!empty($role)) { $this->_acl->allow(trim($role), $module, $resource); } } } } } Zend_Registry::set('acl', $this->_acl); return $this->_acl; }
protected function _initAlc() { // Создаём объект Zend_Acl $acl = new Zend_Acl(); //$acl->removeAll(); // указываем, что у нас есть ресурсы //$acl->addResource(new Zend_Acl_Resource('error')); $acl->addResource(new Zend_Acl_Resource('auth')); $acl->addResource(new Zend_Acl_Resource('index')); $acl->addResource(new Zend_Acl_Resource('models-generator')); $acl->addResource(new Zend_Acl_Resource('slugify')); $acl->addResource(new Zend_Acl_Resource('sefurl')); $acl->addResource(new Zend_Acl_Resource('search-index')); $acl->addResource(new Zend_Acl_Resource('test')); $acl->addResource(new Zend_Acl_Resource('xml-catalog-generator')); $acl->addResource(new Zend_Acl_Resource('csv-catalog-generator')); $acl->addResource(new Zend_Acl_Resource('cache-manager')); $acl->addResource(new Zend_Acl_Resource('update-image-catalog')); $acl->addResource(new Zend_Acl_Resource('products-draft')); // далее переходим к созданию ролей, которых у нас 2: // гость (неавторизированный пользователь) $acl->addRole('guest'); // администратор, который наследует доступ от гостя $acl->addRole('admin', 'guest'); $acl->deny(); //$acl->allow('guest', array('default', 'catalog', 'error')); $acl->allow('guest', 'auth'); $acl->allow('admin'); // получаем экземпляр главного контроллера $fc = Zend_Controller_Front::getInstance(); // регистрируем плагин с названием AclUtils, в который передаём // на ACL и экземпляр Zend_Auth $fc->registerPlugin(new Plugin_AclUtils($acl, Zend_Auth::getInstance())); }
protected function _setupRoles() { $this->_acl->addRole(new Zend_Acl_Role('guest')); $this->_acl->addRole(new Zend_Acl_Role('editor')); $this->_acl->addRole(new Zend_Acl_Role('desen')); $this->_acl->addRole(new Zend_Acl_Role('admin')); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role(Model_Role::GUEST)); $acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST); $acl->addResource(new Zend_Acl_Resource('admin')); $acl->addResource(new Zend_Acl_Resource('blog')); $acl->addResource(new Zend_Acl_Resource('error')); $acl->addResource(new Zend_Acl_Resource('index')); $acl->allow(Model_Role::GUEST, 'blog'); $acl->allow(Model_Role::GUEST, 'error'); $acl->allow(Model_Role::GUEST, 'index'); $acl->allow(Model_Role::GUEST, 'admin', array('login')); $acl->allow(Model_Role::ADMIN, 'admin'); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $user = new Model_User($auth->getIdentity()); $role = $user->role_id; } else { $role = Model_Role::GUEST; } $resource = $request->getControllerName(); $privilege = $request->getActionName(); if (!$acl->isAllowed($role, $resource, $privilege)) { $this->_request->setControllerName('admin')->setActionName('login'); $this->_response->setRedirect('/admin/login/'); } }
public function getAcl() { $acl = new Zend_Acl(); // Add roles. $acl->addRole('super'); // Admins inherit privileges from super users. $acl->addRole('admin', 'super'); $acl->addRole('researcher'); // Contributors inherit privileges from researchers. $acl->addRole('contributor', 'researcher'); // Add resources, corresponding to Omeka controllers. $resources = array('Items', 'Collections', 'ElementSets', 'Files', 'Plugins', 'Settings', 'Security', 'Upgrade', 'Tags', 'Themes', 'SystemInfo', 'ItemTypes', 'Users', 'Search', 'Appearance', 'Elements'); foreach ($resources as $resource) { $acl->addResource($resource); } // Define allow rules for everyone. // Everyone can view and browse these resources. $acl->allow(null, array('Items', 'ItemTypes', 'Tags', 'Collections', 'Search', 'ElementSets', 'Elements'), array('index', 'browse', 'show', 'home', 'print-cart')); // Everyone can view an item's tags and use the item search. $acl->allow(null, array('Items'), array('tags', 'search')); // Everyone can view files. $acl->allow(null, 'Files', 'show'); // Non-authenticated users can access the upgrade script, for logistical reasons. $acl->allow(null, 'Upgrade'); // Deny privileges from admin users $acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo', 'Appearance')); // Assert ownership for certain privileges. // Owners can edit and delete items and collections. $acl->allow(null, array('Items', 'Collections'), array('edit', 'delete'), new Omeka_Acl_Assert_Ownership()); // Owners can edit files. $acl->allow(null, 'Files', 'edit', new Omeka_Acl_Assert_Ownership()); // Define allow rules for specific roles. // Super users have full privileges. $acl->allow('super'); // Researchers can view and search items and collections that are not public. $acl->allow('researcher', array('Items', 'Collections', 'Search'), 'showNotPublic'); // Contributors can add and tag items, edit or delete their own items, and see // their items that are not public. $acl->allow('contributor', 'Items', array('add', 'tag', 'batch-edit', 'batch-edit-save', 'change-type', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic')); // Contributors can edit their own files. $acl->allow('contributor', 'Files', 'editSelf'); // Contributors have access to tag autocomplete. $acl->allow('contributor', 'Tags', array('autocomplete')); // Contributors can add collections, edit or delete their own collections, and // see their collections that are not public. $acl->allow('contributor', 'Collections', array('add', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic')); $acl->allow('contributor', 'Elements', 'element-form'); // Define deny rules. // Deny admins from accessing some resources allowed to super users. $acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo')); // Deny admins from deleting item types and item type elements. $acl->deny('admin', 'ItemTypes', array('delete', 'delete-element')); // Deny Users to admins since they normally have all the super permissions. $acl->deny(null, 'Users'); $acl->allow(array('super', 'admin', 'contributor', 'researcher'), 'Users', null, new Omeka_Acl_Assert_User()); // Always allow users to login, logout and send forgot-password notifications. $acl->allow(array(null, 'admin'), 'Users', array('login', 'logout', 'forgot-password', 'activate')); return $acl; }
public static function getAcl() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('everyone')); $acl->addRole(new Zend_Acl_Role('blocked'), 'everyone'); $acl->addRole(new Zend_Acl_Role('self'), 'everyone'); return $acl; }
/** * Return the acl under test * * @return Zend_Acl */ protected function getAcl() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('user')); $acl->addResource('foo'); $acl->allow('user', 'foo'); return $acl; }
public static function getAcl() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('everyone')); $acl->addRole(new Zend_Acl_Role('creator'), 'everyone'); $acl->addRole(new Zend_Acl_Role('user'), 'everyone'); $acl->addRole(new Zend_Acl_Role('creator_user'), 'creator'); return $acl; }
public static function getAcl() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('member'), 'guest'); $acl->addRole(new Zend_Acl_Role('admin'), 'member'); $acl->addRole(new Zend_Acl_Role('writer'), 'member'); return $acl; }
/** * _setupRoles * * @return void */ protected function _setupRoles() { $this->_roles = $this->_roleService->getAllRoles(); foreach ($this->_roles as $i) { $this->_acl->addRole($i); } $currentRoles = Zend_Registry::get('Default_DiContainer')->getUserService()->getIdentity()->getRoles(); $this->_acl->addRole(new Zend_Acl_Role('user'), $currentRoles); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { try { $module = $request->getModuleName(); if ($module == 'admin') { $moduleList = new Zend_Session_Namespace('moduleList'); $userInfo = new Zend_Session_Namespace('userInfo'); $module = $moduleList->module; $allowed_module = $userInfo->module_list; //generating all resources $acl = new Zend_Acl(); //generating user permission $acl->addRole(new Zend_Acl_Role('admin')); $acl->addRole(new Zend_Acl_Role('anonymous')); $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('ajax')); $acl->allow('admin', 'index'); $acl->allow('admin', 'ajax'); if (!empty($module)) { foreach ($module as $value) { if (!$acl->has($value['controller'])) { $acl->add(new Zend_Acl_Resource($value['controller'])); } if (in_array($value['id'], $allowed_module)) { if ($value['action'] != null) { $acl->allow('admin', $value['controller'], $value['action']); } else { $acl->allow('admin', $value['controller']); } } } } //allowing anonymous user to get into the login page $acl->allow('anonymous', 'index', 'index'); $acl->allow('anonymous', 'index', 'login'); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $role = 'admin'; } else { $role = 'anonymous'; } $controller = $request->controller; $action = $request->action; if (!$acl->isAllowed($role, $controller, $action)) { $request->setModuleName('admin'); $request->setControllerName('error'); $request->setActionName('acl'); $request->setParam('type', 1); } } } catch (Zend_Acl_Exception $e) { $request->setModuleName('admin'); $request->setControllerName('error'); $request->setActionName('acl'); $request->setParam('type', 2); } }
protected function getAcl() { $oAcl = new Zend_Acl(); // Perfis $oAcl->addRole(new Zend_Acl_Role('all')); $oAcl->addRole(new Zend_Acl_Role('participante'), array('all')); $oAcl->addRole(new Zend_Acl_Role('palestrante'), array('participante')); $oAcl->addRole(new Zend_Acl_Role('admin'), array('palestrante')); // Controllers e Actions $oAcl->add(new Zend_Acl_Resource('administrador:index')); $oAcl->add(new Zend_Acl_Resource('administrador:listagem')); $oAcl->add(new Zend_Acl_Resource('administrador:marcar-presenca')); $oAcl->add(new Zend_Acl_Resource('administrador:email')); $oAcl->add(new Zend_Acl_Resource('salas:index')); $oAcl->add(new Zend_Acl_Resource('salas:formulario')); $oAcl->add(new Zend_Acl_Resource('salas:gravar')); $oAcl->add(new Zend_Acl_Resource('index:index')); $oAcl->add(new Zend_Acl_Resource('atividades:index')); $oAcl->add(new Zend_Acl_Resource('atividades:formulario')); $oAcl->add(new Zend_Acl_Resource('atividades:gravar')); $oAcl->add(new Zend_Acl_Resource('atividades:visualizar')); $oAcl->add(new Zend_Acl_Resource('atividades:imprimir')); $oAcl->add(new Zend_Acl_Resource('participantes:index')); $oAcl->add(new Zend_Acl_Resource('participantes:cadastrar')); $oAcl->add(new Zend_Acl_Resource('participantes:login')); $oAcl->add(new Zend_Acl_Resource('participantes:logout')); $oAcl->add(new Zend_Acl_Resource('participantes:recuperar-senha')); $oAcl->add(new Zend_Acl_Resource('inscricoes:index')); $oAcl->add(new Zend_Acl_Resource('inscricoes:inscrever')); $oAcl->add(new Zend_Acl_Resource('inscricoes:cadastra')); $oAcl->add(new Zend_Acl_Resource('inscricoes:cancelar')); // Permissões $oAcl->allow('all', 'index:index'); $oAcl->allow('all', 'atividades:index'); $oAcl->allow('all', 'atividades:visualizar'); $oAcl->allow('all', 'participantes:cadastrar'); $oAcl->allow('all', 'participantes:login'); $oAcl->allow('all', 'participantes:logout'); $oAcl->allow('all', 'participantes:recuperar-senha'); $oAcl->allow('all', 'inscricoes:index'); $oAcl->allow('all', 'inscricoes:cadastra'); $oAcl->allow('all', 'inscricoes:cancelar'); // Permissões participante $oAcl->allow('participante', 'participantes:index'); $oAcl->allow('participante', 'atividades:formulario'); $oAcl->allow('participante', 'atividades:gravar'); // Permissões admin $oAcl->allow('admin', 'administrador:index'); $oAcl->allow('admin', 'administrador:listagem'); $oAcl->allow('admin', 'salas:index'); $oAcl->allow('admin', 'salas:formulario'); $oAcl->allow('admin', 'salas:gravar'); $oAcl->allow('admin', 'atividades:imprimir'); $oAcl->allow('admin', 'administrador:marcar-presenca'); $oAcl->allow('admin', 'administrador:email'); return $oAcl; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if (PHP_SAPI == 'cli') { return; } $acl = new Zend_Acl(); // add the roles $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('user'), 'guest'); $acl->addRole(new Zend_Acl_Role('admin'), 'user'); // add the resources $acl->addResource(new Zend_Acl_Resource('index')); $acl->addResource(new Zend_Acl_Resource('error')); $acl->addResource(new Zend_Acl_Resource('user')); $acl->addResource(new Zend_Acl_Resource('profile')); $acl->addResource(new Zend_Acl_Resource('post')); $acl->addResource(new Zend_Acl_Resource('*')); // set up the access rules $acl->allow(null, array('index', 'error')); // a guest can only sign up content and login $acl->allow('guest', 'user', array('login', 'register', 'unique', 'search')); // user $acl->allow('user', 'user', array('edit', 'logout')); $acl->allow('user', 'profile', array('edit', 'profile', 'getxml', 'viewxml', 'more')); $acl->allow('user', 'post', array('new', 'postxml', 'getposts', 'like', 'share', 'comment', 'home', 'edit', 'allcomment', 'notification', 'report')); $acl->allow('admin', null); // Fetch the current user $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $id = get_user_id(); $role = "user"; if ($id == 2) { $role = "admin"; } } else { $role = 'guest'; } // Authorization $controller = $request->controller; $action = $request->action; try { if (!$acl->isAllowed($role, $controller, $action)) { if ($role == 'guest') { $redirector = new Zend_Controller_Action_Helper_Redirector(); $redirector->gotoSimple('login', 'user'); } else { // User with role $role is not authorized for $controller/$action" $request->setControllerName('error'); $request->setActionName('notauthorized'); } } } catch (Exception $e) { $request->setControllerName('error'); $request->setActionName('notfound'); } }
protected function _initAcl() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_GUEST)); $acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_USER), Core_Role::ROLE_GUEST); $acl->addResource('default:index'); $acl->allow(Core_Role::ROLE_GUEST, 'default:index', 'index'); $registry = Zend_Registry::getInstance(); $registry->set('acl', $acl); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { // set up acl $acl = new Zend_Acl(); // add the roles $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('consumer'), 'guest'); $acl->addRole(new Zend_Acl_Role('administrator'), 'consumer'); $acl->addRole(new Zend_Acl_Role('client')); // add the resources $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('error')); $acl->add(new Zend_Acl_Resource('admin')); $acl->add(new Zend_Acl_Resource('campaign')); $acl->add(new Zend_Acl_Resource('campaigninvitation')); $acl->add(new Zend_Acl_Resource('campaignparticipation')); $acl->add(new Zend_Acl_Resource('client')); $acl->add(new Zend_Acl_Resource('consumer')); $acl->add(new Zend_Acl_Resource('conversation')); $acl->add(new Zend_Acl_Resource('dashboard')); $acl->add(new Zend_Acl_Resource('forgetpassword')); $acl->add(new Zend_Acl_Resource('gift')); $acl->add(new Zend_Acl_Resource('history')); $acl->add(new Zend_Acl_Resource('home')); $acl->add(new Zend_Acl_Resource('login')); // set up the access rules $acl->allow(null, array('index', 'error')); // a guest can only login $acl->allow('guest', 'index', array('index', 'loginfailed')); $acl->allow('guest', 'login', array('login')); $acl->allow('guest', 'forgetpassword', array('index', 'sendsms', 'sendemail')); // consumer $acl->allow('consumer', 'gift', array('list', 'addtocart', 'cart', 'listorder')); // administrators can do anything $acl->allow('administrator', null); // fetch the current user $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $authNamespace = new Zend_Session_Namespace('Zend_Auth'); $role = $authNamespace->role; } else { $role = 'guest'; } $controller = $request->controller; $action = $request->action; if (!$acl->isAllowed($role, $controller, $action)) { if ($role == 'guest') { $request->setControllerName('index'); $request->setActionName('index'); } else { $request->setControllerName('error'); $request->setActionName('noauth'); } } }
protected function setUp() { \Zend_Controller_Front::getInstance()->resetInstance(); $this->request = new \Zend_Controller_Request_Http(); \Zend_Session::$_unitTestEnabled = true; $this->acl = new \Zend_Acl(); $this->acl->deny(); $this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST)); $this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST); parent::setUp(); }
public static function getAcl() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('alien')); $acl->addRole(new Zend_Acl_Role('guest'), 'alien'); $acl->addRole(new Zend_Acl_Role('member'), 'guest'); $acl->addRole(new Zend_Acl_Role('subadmin'), 'member'); $acl->addRole(new Zend_Acl_Role('admin'), 'subadmin'); $acl->allow('subadmin', null, 'edit'); $acl->allow('subadmin', null, 'delete'); return $acl; }
/** */ public function testPreDispatch() { $this->acl->addRole('guest'); $request = new Zend_Controller_Request_Http(); $request->setModuleName('1'); $request->setControllerName('2'); $request->setActionName('3'); $this->object->preDispatch($request); self::assertEquals('default', $request->getModuleName()); self::assertEquals('error', $request->getControllerName()); self::assertEquals('denied', $request->getActionName()); }
public function __construct() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('admin')); $acl->add(new Zend_Acl_Resource('admin')); $acl->add(new Zend_Acl_Resource('index')); $acl->deny(); $acl->allow('admin', null); $acl->allow('guest', 'admin', array('login')); $acl->allow('guest', 'index'); Zend_Registry::set('acl', $acl); }
protected function _initAcl() { $acl = new Zend_Acl(); // Add groups to the Role registry using Zend_Acl_Role // Guest does not inherit access controls $roleGuest = new Zend_Acl_Role('guest'); $acl->addRole($roleGuest); // Staff inherits from guest $acl->addRole(new Zend_Acl_Role('staff'), $roleGuest); // Editor inherits from staff $acl->addRole(new Zend_Acl_Role('editor'), 'staff'); // Administrator does not inherit access controls $acl->addRole(new Zend_Acl_Role('administrator')); // Guest may only view content $acl->allow($roleGuest, null, 'view'); $acl->allow('staff', null, array('edit', 'submit', 'revise')); $acl->allow('editor', null, array('publish', 'archive', 'delete')); $acl->allow('administrator'); /*echo $acl->isAllowed('guest', null, 'view') ? "allowed" : "denied"; // allowed echo $acl->isAllowed('staff', null, 'publish') ? "allowed" : "denied"; // denied echo $acl->isAllowed('staff', null, 'revise') ? "allowed" : "denied"; // allowed echo $acl->isAllowed('editor', null, 'view') ? "allowed" : "denied"; // allowed because of inheritance from guest echo $acl->isAllowed('editor', null, 'update') ? "allowed" : "denied"; // denied because no allow rule for 'update' echo $acl->isAllowed('administrator', null, 'view') ? "allowed" : "denied"; // allowed because administrator is allowed all privileges echo $acl->isAllowed('administrator') ? "allowed" : "denied"; // allowed because administrator is allowed all privileges echo $acl->isAllowed('administrator', null, 'update') ? "allowed" : "denied"; // allowed because administrator is allowed all privileges*/ }
/** * */ public function buildAcl() { if (is_null($this->acl)) { $this->acl = new Zend_Acl(); } $this->acl->removeAll(); $permissions = $this->getPermissionList(); $resources = $this->getResourceList(); $resourceParents = $this->getResourceParentList(); $roles = $this->getRoleList(); $roleParents = $this->getRoleParentList(); $rolesTmp = array(); foreach ($roles as $role) { $roleId = $role['role_id']; $roleName = $role['role_name']; $rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array()); $rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId)); } foreach ($roleParents as $roleParent) { $roleId = $roleParent['role_id']; $roleIdParent = $roleParent['role_id_parent']; $rolesTmp[$roleId]['parents'][] = $roleIdParent; } foreach ($rolesTmp as $role) { $this->acl->addRole($role['name'], $role['parents']); } #echo '<pre>'; $resourcesTmp = array(); foreach ($resources as $resource) { $resourceId = $resource['resource_id']; $resourceName = $resource['resource_name']; $resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null); $resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId); } foreach ($resourceParents as $resourceParent) { $resourceId = $resourceParent['resource_id']; $resourceIdParent = $resourceParent['resource_id_parent']; $resourcesTmp[$resourceId]['parent'] = $resourceIdParent; } foreach ($resourcesTmp as $resource) { $this->acl->addResource($resource['name'], $resource['parent']); } foreach ($permissions as $permission) { if (empty($permission['allowed'])) { $this->acl->deny($permission['role_id'], $permission['resource_id']); } else { $this->acl->allow($permission['role_id'], $permission['resource_id']); } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { // set up acl $acl = new Zend_Acl(); // add the roles $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('user'), 'guest'); $acl->addRole(new Zend_Acl_Role('administrator'), 'user'); // add the resources $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('error')); $acl->add(new Zend_Acl_Resource('page')); $acl->add(new Zend_Acl_Resource('menu')); $acl->add(new Zend_Acl_Resource('menuitem')); $acl->add(new Zend_Acl_Resource('user')); $acl->add(new Zend_Acl_Resource('search')); $acl->add(new Zend_Acl_Resource('feed')); // set up the access rules $acl->allow(null, array('index', 'error')); // a guest can only read content and login $acl->allow('guest', 'page', array('index', 'open')); $acl->allow('guest', 'menu', array('render')); $acl->allow('guest', 'user', array('login')); $acl->allow('guest', 'search', array('index', 'search')); $acl->allow('guest', 'feed'); // cms users can also work with content $acl->allow('user', 'page', array('list', 'create', 'edit', 'delete')); // administrators can do anything $acl->allow('administrator', null); // fetch the current user $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $identity = $auth->getIdentity(); $role = strtolower($identity->role); } else { $role = 'guest'; } $controller = $request->controller; $action = $request->action; if (!$acl->isAllowed($role, $controller, $action)) { if ($role == 'guest') { $request->setControllerName('user'); $request->setActionName('login'); } else { $request->setControllerName('error'); $request->setActionName('noauth'); } } }
public function setUp() { $acl = new Zend_Acl(); // Add resources and roles $acl->addResource('profile'); $acl->addRole('admin'); $acl->addRole('user'); // Deny everything by default $acl->deny(); // Admins can create and edit users but normal users are only // allowed to edit their own profile $acl->allow('admin', 'profile', array('create', 'read', 'update')); $acl->allow('user', 'profile', array('read', 'update'), new App_Acl_Assert_SameUser()); $this->_acl = $acl; }
protected function _initAcl() { $this->bootstrap('frontController'); $front = $this->getResource('frontController'); $acl = new \Zend_Acl(); $acl->deny(); $acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST)); $acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST); $aclConfig = new \Zend_Config_Ini(APPLICATION_PATH . '/configs/acl.ini'); foreach ($aclConfig as $resourceName => $role) { $acl->addResource($resourceName); $acl->allow($role, $resourceName); } $front->registerPlugin(new Acl($acl)); }