Beispiel #1
0
 /**
  * (non-PHPdoc)
  * @see Zend_Application_Resource_ResourceAbstract#init()
  */
 public function init()
 {
     $this->_acl = new Zend_Acl();
     // static roles
     $this->_acl->addRole(new Zend_Acl_Role('all'));
     $this->_acl->addRole(new Zend_Acl_Role('anonymous'), 'all');
     $this->_acl->addRole(new Zend_Acl_Role('identified'), 'all');
     // dinamic roles
     foreach ($this->_roles as $roleName) {
         if (!$this->_acl->hasRole($roleName)) {
             $this->_acl->addRole(new Zend_Acl_Role($roleName), 'identified');
         }
     }
     //        var_dump($this->_resources);exit;
     // rules
     foreach ($this->_resources as $module => $grants) {
         $module = strtolower($module);
         $this->_acl->add(new Zend_Acl_Resource($module));
         foreach ($grants as $controller => $grant) {
             $controller = strtolower($controller);
             foreach ($grant as $action => $roles) {
                 $resource = $controller . self::RESOURCE_SEPARATOR . $action;
                 foreach (explode(',', $roles) as $role) {
                     if (!empty($role)) {
                         $this->_acl->allow(trim($role), $module, $resource);
                     }
                 }
             }
         }
     }
     Zend_Registry::set('acl', $this->_acl);
     return $this->_acl;
 }
 protected function _initAlc()
 {
     // Создаём объект Zend_Acl
     $acl = new Zend_Acl();
     //$acl->removeAll();
     // указываем, что у нас есть ресурсы
     //$acl->addResource(new Zend_Acl_Resource('error'));
     $acl->addResource(new Zend_Acl_Resource('auth'));
     $acl->addResource(new Zend_Acl_Resource('index'));
     $acl->addResource(new Zend_Acl_Resource('models-generator'));
     $acl->addResource(new Zend_Acl_Resource('slugify'));
     $acl->addResource(new Zend_Acl_Resource('sefurl'));
     $acl->addResource(new Zend_Acl_Resource('search-index'));
     $acl->addResource(new Zend_Acl_Resource('test'));
     $acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
     $acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
     $acl->addResource(new Zend_Acl_Resource('cache-manager'));
     $acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
     $acl->addResource(new Zend_Acl_Resource('products-draft'));
     // далее переходим к созданию ролей, которых у нас 2:
     // гость (неавторизированный пользователь)
     $acl->addRole('guest');
     // администратор, который наследует доступ от гостя
     $acl->addRole('admin', 'guest');
     $acl->deny();
     //$acl->allow('guest', array('default', 'catalog', 'error'));
     $acl->allow('guest', 'auth');
     $acl->allow('admin');
     // получаем экземпляр главного контроллера
     $fc = Zend_Controller_Front::getInstance();
     // регистрируем плагин с названием AclUtils, в который передаём
     // на ACL и экземпляр Zend_Auth
     $fc->registerPlugin(new Plugin_AclUtils($acl, Zend_Auth::getInstance()));
 }
Beispiel #3
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role(Model_Role::GUEST));
     $acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST);
     $acl->addResource(new Zend_Acl_Resource('admin'));
     $acl->addResource(new Zend_Acl_Resource('blog'));
     $acl->addResource(new Zend_Acl_Resource('error'));
     $acl->addResource(new Zend_Acl_Resource('index'));
     $acl->allow(Model_Role::GUEST, 'blog');
     $acl->allow(Model_Role::GUEST, 'error');
     $acl->allow(Model_Role::GUEST, 'index');
     $acl->allow(Model_Role::GUEST, 'admin', array('login'));
     $acl->allow(Model_Role::ADMIN, 'admin');
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity()) {
         $user = new Model_User($auth->getIdentity());
         $role = $user->role_id;
     } else {
         $role = Model_Role::GUEST;
     }
     $resource = $request->getControllerName();
     $privilege = $request->getActionName();
     if (!$acl->isAllowed($role, $resource, $privilege)) {
         $this->_request->setControllerName('admin')->setActionName('login');
         $this->_response->setRedirect('/admin/login/');
     }
 }
Beispiel #4
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     // добавляем роли
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('admin'));
     // добавляем ресурсы
     $acl->add(new Zend_Acl_Resource('sites'));
     $acl->add(new Zend_Acl_Resource('index'));
     $acl->add(new Zend_Acl_Resource('logs'));
     $acl->add(new Zend_Acl_Resource('auth'));
     $acl->add(new Zend_Acl_Resource('maps'));
     $acl->add(new Zend_Acl_Resource('best'));
     $acl->add(new Zend_Acl_Resource('news'));
     // если нет роли то все запрещаем
     $acl->deny();
     // админу по умолчанию разрешено все
     $acl->allow('admin', null);
     // гостю только контроллер с экшеном для входа
     $acl->allow('guest', 'auth', array('index', 'check'));
     $acl->allow('guest', 'maps', array('cronmaps'));
     $acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect'));
     // если надо запретить экшены в разрешенном контроллере
     /*$acl->deny('user', 'users', array(
           'login', 'registration'
       ));
        * 
        */
     Zend_Registry::set('acl', $acl);
 }
Beispiel #5
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     //ролі
     $acl->addRole(new Zend_Acl_Role('guest'));
     //user наслідує усі параметри guest
     $acl->addRole(new Zend_Acl_Role('user'), 'guest');
     $acl->addRole(new Zend_Acl_Role('admin'));
     //ресурси - доступні контролери
     $acl->add(new Zend_Acl_Resource('users'));
     $acl->add(new Zend_Acl_Resource('index'));
     //дозвіл
     $acl->deny();
     //заборонити доступ всім
     $acl->allow('admin', null);
     //дозволити доступ admin-у до всього
     //users це resource - контролер
     // далі $privilege - екшн
     $acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
     $acl->allow('guest', 'index');
     $acl->allow('user', 'users', array('logout'));
     $acl->deny('user', 'users', array('login', 'registration'));
     //глобальний доступ до змінної
     //щоб використати у видах
     Zend_Registry::set('acl', $acl);
     /*
             //isAllowed() - чи має доступ $role до $resourse і $privilege
             //$resource - контролер
             //$privilege - екшн
             if($acl->isAllowed($role, $resource, $privilege)){
                 
             } */
 }
Beispiel #6
0
 protected function _setupPrivileges()
 {
     $menu = new Application_Model_DbTable_MenuPermissaoPerfil();
     $listaPermissao = $menu->listaPermissaoPapel();
     //Zend_Registry::get('logger')->log($listaPermissao, Zend_Log::INFO);
     //$this->_acl->allow( 'guest', 'index', array('logout', 'login','index','edit-alterar-perfil','ajuda','lista-centro-custo','edit-centro-custo','add-centro-custo','delete-centro-custo','lista-compra','add-compra','edit-compra','delete-compra','add-projeto','add-servico','add-plano-acao','add-contato','add-noticia','edit-noticia','delete-noticia','lista-projeto','lista-tipo-projeto','edit-tipo-projeto','delete-tipo-projeto','lista-status-projeto','edit-status-projeto','delete-status-projeto') )
     //  ->allow( 'guest', 'error', array('error', 'forbidden') );
     // $this->_acl->allow( 'user', 'index', array('index','logout','lista-remessa','view-remessa','add-projeto') );
     //$this->_acl->allow( 'negocio', 'index', array('index', 'ranking-executivo-negocio','lista-fotos-evento','logout') );
     //$this->_acl->allow( 'gerente', 'index', array('index', 'ranking-gerente','lista-fotos-evento','logout') );
     // $this->_acl->allow( 'produtor', 'index', array('index','lista-fotos-evento','logout','observacao-evento') );
     //$this->_acl->allow( 'produtor', 'upload', array('media','uploadjqAction','uploadjq','lista-videos','videos') );
     //$this->_acl->allow( 'admin', 'index' );
     //$this->_acl->allow( 'admin', 'upload' );
     //$this->_acl->allow( 'Operador', 'index', array('index', 'add-pcp') );
     //$this->_acl->allow( 'Operador', 'index', array('add-pcp','index') );
     $arrayPermissao = array();
     $arrayPerfil = array();
     foreach ($listaPermissao as $value) {
         //$this->_acl->addRole( new Zend_Acl_Role($value['nome']) );
         $arrayPermissao[] = $value["NM_PAGINA"];
         $arrayPerfil[] = $value["nome"];
         $this->_acl->allow($value["nome"], 'index', array($value["NM_PAGINA"], 'index', 'logout', 'error', 'forbidden'));
     }
     //Zend_Registry::get('logger')->log($arrayPermissao, Zend_Log::INFO);
     //Zend_Registry::get('logger')->log($arrayPerfil, Zend_Log::INFO);
     //Zend_Registry::get('logger')->log(array('add-pcp','index'), Zend_Log::INFO);
 }
Beispiel #7
0
 /** The constuctor for the class
  * @access public
  * @param Zend_Acl $aclData
  * @param $roleName string
  * @return void
  **/
 public function __construct(Zend_Acl $aclData, $roleName = 'public')
 {
     $this->_roleName = $roleName;
     if (NULL !== $aclData) {
         $this->setAcl($aclData);
     }
     $front = Zend_Controller_Front::getInstance();
     /** If an error handler hasn't been setup in the front controller, setup one */
     if (!$front->getParam('noErrorHandler') && !$front->hasPlugin('Zend_Controller_Plugin_ErrorHandler')) {
         // Register with stack index of 100
         $front->registerPlugin(new Zend_Controller_Plugin_ErrorHandler(), 100);
     }
     /** Allow error handler in the acl */
     $errorHandler = Zend_Controller_Front::getInstance()->getPlugin('Zend_Controller_Plugin_ErrorHandler');
     $defaultErrorModule = $errorHandler->getErrorHandlerModule();
     $defaultErrorController = $errorHandler->getErrorHandlerController();
     $defaultErrorAction = $errorHandler->getErrorHandlerAction();
     if (NULL !== $defaultErrorModule && $defaultErrorModule != 'default') {
         if (!$this->getAcl()->has($defaultErrorModule)) {
             require_once 'Zend/Acl/Resource.php';
             $this->_acl->add(new Zend_Acl_Resource($defaultErrorModule));
             $this->_acl->add(new Zend_Acl_Resource($defaultErrorModule . ':' . $defaultErrorController, $defaultErrorModule));
             $this->_acl->allow($this->_roleName, $defaultErrorModule . ':' . $defaultErrorController, $defaultErrorAction);
         }
     } else {
         if (!$this->getAcl()->has($defaultErrorController)) {
             $this->_acl->add(new Zend_Acl_Resource($defaultErrorController));
         }
         $this->_acl->allow($this->_roleName, $defaultErrorController, $defaultErrorAction);
     }
     $this->setDeniedAction('denied', $defaultErrorController, $defaultErrorModule);
 }
Beispiel #8
0
 /**
  * Get an ACL object for this post. 
  *
  * For now this is generic for all posts, but in the future may be post 
  * specific
  *
  * @return Zend_Acl
  */
 public function getAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole('guest')->addRole('user', 'guest')->addRole('admin');
     // Guests can view and comment
     $acl->allow('guest', null, array('view', 'comment'));
     // Admin can do anything
     $acl->allow('admin');
     return $acl;
 }
Beispiel #9
0
 protected function _setupPrivileges()
 {
     $userAllowedResources = $this->ca->getupPrivileges($this->id_role);
     foreach ($userAllowedResources as $controller => $Actions) {
         $arrayAllowedActions = array();
         foreach ($Actions as $Action) {
             echo $this->role . ' - ' . $controller . ' - ' . $Action . '<br>';
             $arrayAllowedActions[] = $Action;
         }
         $this->_acl->allow($this->role, $controller, $arrayAllowedActions);
     }
 }
 public static function getAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('alien'));
     $acl->addRole(new Zend_Acl_Role('guest'), 'alien');
     $acl->addRole(new Zend_Acl_Role('member'), 'guest');
     $acl->addRole(new Zend_Acl_Role('subadmin'), 'member');
     $acl->addRole(new Zend_Acl_Role('admin'), 'subadmin');
     $acl->allow('subadmin', null, 'edit');
     $acl->allow('subadmin', null, 'delete');
     return $acl;
 }
Beispiel #11
0
 public function testShouldAllowAccessForCorrectRole()
 {
     $request = $this->request->setModuleName('admin')->setControllerName('index')->setActionName('index');
     $this->acl->addResource('admin_index');
     $this->acl->allow(Acl::ROLE_GUEST, 'admin_index');
     $plugin = new Acl($this->acl);
     $plugin->setRequest($this->request);
     $plugin->preDispatch();
     $this->assertEquals('admin', $this->request->getModuleName());
     $this->assertEquals('index', $this->request->getControllerName());
     $this->assertEquals('index', $this->request->getActionName());
 }
Beispiel #12
0
 public function appendRules(Zend_Acl $acl, $resource = null)
 {
     $acl->allow('everyone', $resource, 'view')->allow('self', $resource, 'edit')->deny('blocked');
     if (Doctrine::getTable('SnsConfig')->get('is_allow_config_public_flag_profile_page')) {
         $config = Doctrine::getTable('SnsConfig')->get('is_allow_config_public_flag_profile_page');
     } elseif ($resource) {
         $config = $resource->getConfig('profile_page_public_flag');
     }
     if ($config && 4 == $config) {
         $acl->allow('anonymous', $resource, 'view');
     }
     return $acl;
 }
Beispiel #13
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('admin'));
     $acl->add(new Zend_Acl_Resource('admin'));
     $acl->add(new Zend_Acl_Resource('index'));
     $acl->deny();
     $acl->allow('admin', null);
     $acl->allow('guest', 'admin', array('login'));
     $acl->allow('guest', 'index');
     Zend_Registry::set('acl', $acl);
 }
 /**
  * 
  */
 public function buildAcl()
 {
     if (is_null($this->acl)) {
         $this->acl = new Zend_Acl();
     }
     $this->acl->removeAll();
     $permissions = $this->getPermissionList();
     $resources = $this->getResourceList();
     $resourceParents = $this->getResourceParentList();
     $roles = $this->getRoleList();
     $roleParents = $this->getRoleParentList();
     $rolesTmp = array();
     foreach ($roles as $role) {
         $roleId = $role['role_id'];
         $roleName = $role['role_name'];
         $rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array());
         $rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId));
     }
     foreach ($roleParents as $roleParent) {
         $roleId = $roleParent['role_id'];
         $roleIdParent = $roleParent['role_id_parent'];
         $rolesTmp[$roleId]['parents'][] = $roleIdParent;
     }
     foreach ($rolesTmp as $role) {
         $this->acl->addRole($role['name'], $role['parents']);
     }
     #echo '<pre>';
     $resourcesTmp = array();
     foreach ($resources as $resource) {
         $resourceId = $resource['resource_id'];
         $resourceName = $resource['resource_name'];
         $resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null);
         $resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId);
     }
     foreach ($resourceParents as $resourceParent) {
         $resourceId = $resourceParent['resource_id'];
         $resourceIdParent = $resourceParent['resource_id_parent'];
         $resourcesTmp[$resourceId]['parent'] = $resourceIdParent;
     }
     foreach ($resourcesTmp as $resource) {
         $this->acl->addResource($resource['name'], $resource['parent']);
     }
     foreach ($permissions as $permission) {
         if (empty($permission['allowed'])) {
             $this->acl->deny($permission['role_id'], $permission['resource_id']);
         } else {
             $this->acl->allow($permission['role_id'], $permission['resource_id']);
         }
     }
 }
Beispiel #15
0
 /**
  * _loadAclRecords 
  * 
  * @return void
  */
 protected function _loadAclRecords()
 {
     $records = $this->_mapper->getAllRecords();
     foreach ($records as $i) {
         if ($i->getResource() && !$this->_acl->has($i->getResource())) {
             $this->_acl->addResource($i->getResource());
         }
         if ($i->getType() == 'allow') {
             $this->_acl->allow($i->getRoleId(), $i->getResource() ?: null, $i->getAction() ?: null);
         } else {
             $this->_acl->deny($i->getRoleId(), $i->getResource() ?: null, $i->getAction() ?: null);
         }
     }
 }
Beispiel #16
0
 protected function _initAcl()
 {
     $acl = new Zend_Acl();
     // Add groups to the Role registry using Zend_Acl_Role
     // Guest does not inherit access controls
     $roleGuest = new Zend_Acl_Role('guest');
     $acl->addRole($roleGuest);
     // Staff inherits from guest
     $acl->addRole(new Zend_Acl_Role('staff'), $roleGuest);
     // Editor inherits from staff
     $acl->addRole(new Zend_Acl_Role('editor'), 'staff');
     // Administrator does not inherit access controls
     $acl->addRole(new Zend_Acl_Role('administrator'));
     // Guest may only view content
     $acl->allow($roleGuest, null, 'view');
     $acl->allow('staff', null, array('edit', 'submit', 'revise'));
     $acl->allow('editor', null, array('publish', 'archive', 'delete'));
     $acl->allow('administrator');
     /*echo $acl->isAllowed('guest', null, 'view') ?
     			 "allowed" : "denied";
     		// allowed
     		 
     		echo $acl->isAllowed('staff', null, 'publish') ?
     			 "allowed" : "denied";
     		// denied
     		 
     		echo $acl->isAllowed('staff', null, 'revise') ?
     			 "allowed" : "denied";
     		// allowed
     		 
     		echo $acl->isAllowed('editor', null, 'view') ?
     			 "allowed" : "denied";
     		// allowed because of inheritance from guest
     		 
     		echo $acl->isAllowed('editor', null, 'update') ?
     			 "allowed" : "denied";
     		// denied because no allow rule for 'update'
     		 
     		echo $acl->isAllowed('administrator', null, 'view') ?
     			 "allowed" : "denied";
     		// allowed because administrator is allowed all privileges
     		 
     		echo $acl->isAllowed('administrator') ?
     			 "allowed" : "denied";
     		// allowed because administrator is allowed all privileges
     		 
     		echo $acl->isAllowed('administrator', null, 'update') ?
     			 "allowed" : "denied";
     		// allowed because administrator is allowed all privileges*/
 }
Beispiel #17
0
 public function setUp()
 {
     $acl = new Zend_Acl();
     // Add resources and roles
     $acl->addResource('profile');
     $acl->addRole('admin');
     $acl->addRole('user');
     // Deny everything by default
     $acl->deny();
     // Admins can create and edit users but normal users are only
     // allowed to edit their own profile
     $acl->allow('admin', 'profile', array('create', 'read', 'update'));
     $acl->allow('user', 'profile', array('read', 'update'), new App_Acl_Assert_SameUser());
     $this->_acl = $acl;
 }
Beispiel #18
0
 public function checkAccess(Zend_Controller_Request_Abstract $request)
 {
     $resource = new User_Model_Acl_Resource();
     $resource->getPrivileges($request);
     if (!$resource->privileges || !$resource->resource_id) {
         //error in getting resource privileges or nobody is allowed access, deny access and redirect to forbidden
         return false;
     }
     $acl = new Zend_Acl();
     $acl->add(new Zend_Acl_Resource($resource->resource_id));
     foreach ($resource->privileges as $key => $privilege) {
         if (!$acl->hasRole($privilege["role_id"])) {
             $acl->addRole(new Zend_Acl_Role($privilege["role_id"]));
             $acl->allow($privilege["role_id"], $resource->resource_id);
         }
     }
     $authorization = Zend_Auth::getInstance();
     if ($authorization->hasIdentity()) {
         $user = $authorization->getIdentity();
         if ($acl->hasRole($user['role_id']) && $acl->isAllowed($user['role_id'], $resource->resource_id)) {
             //role has access
             return true;
         }
         //user role does not have access to this resource
         return false;
     } else {
         $aclrole = new User_Model_Acl_Role();
         $aclrole->getDefaultRole();
         if (!$aclrole->default_role || !$acl->hasRole($aclrole->default_role) || !$acl->isAllowed($aclrole->default_role, $resource->resource_id)) {
             //redirect to login
             return false;
         }
     }
     return true;
 }
Beispiel #19
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $acl = new Zend_Acl();
     $acl->addResource("page");
     $acl->addResource("forum");
     $acl->addResource("catalog");
     $acl->addRole("administrator");
     $acl->addRole("moderator");
     $acl->allow("administrator");
     $acl->deny("moderator");
     $acl->allow("moderator", "forum", array("answer", "edit-own"));
     Zend_Registry::set('acl', $acl);
     if (!Zend_Auth::getInstance()->hasIdentity()) {
         $request->setControllerName('index')->setActionName('login');
     }
 }
Beispiel #20
0
 /**
  * Метод загружающий правила ACL
  * из хранилища правил в объект Zend_Acl
  * 
  * @throws Excore_Acl_Rules_Exception
  * @return void
  */
 protected function _loadRules()
 {
     $rules = $this->_rules->getAll();
     foreach ($rules as $rule) {
         if (!in_array($rule['type'], $this->_ruleTypes)) {
             throw new Excore_Acl_Rules_Exception("Rule type `{$rule['type']}` is invalid rule type for current settings");
         }
         if (!$this->_acl->hasRole(new Zend_Acl_Role($rule['roleId']))) {
             throw new Excore_Acl_Rules_Exception("Role `{$rule['roleId']}` found in rules storage, but was not in roles storage");
         }
         if (!$this->_acl->has(new Zend_Acl_Resource($rule['resourceId']))) {
             throw new Excore_Acl_Rules_Exception("Resource `{$rule['resourceId']}` found in rules storage, but was not in resources storage");
         }
         $assert = $rule['assert'];
         if ($assert !== null) {
             $assert = new $assert();
         }
         switch ($rule['type']) {
             case $this->_ruleTypes['TYPE_ALLOW']:
                 $this->_acl->allow(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
                 break;
             case $this->_ruleTypes['TYPE_DENY']:
                 $this->_acl->deny(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
                 break;
         }
     }
 }
Beispiel #21
0
    /**
     * @group ZF-9643
     */
    public function testRemoveDenyWithNullResourceAppliesToAllResources()
    {
        $this->_acl->addRole('guest');
        $this->_acl->addResource('blogpost');
        $this->_acl->addResource('newsletter');
        
        $this->_acl->allow();
        $this->_acl->deny('guest', 'blogpost', 'read');
        $this->_acl->deny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));

        $this->_acl->removeDeny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        $this->_acl->removeDeny('guest', null, 'read');
        $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        // ensure deny null/all resources works
        $this->_acl->deny('guest', null, 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
    }
Beispiel #22
0
 /**
  * @group 4226
  */
 public function testAllowNullPermissionAfterResourcesExistShouldAllowAllPermissionsForRole()
 {
     $this->_acl->addRole('admin');
     $this->_acl->addResource('newsletter');
     $this->_acl->allow('admin');
     $this->assertTrue($this->_acl->isAllowed('admin'));
 }
Beispiel #23
0
Datei: Acl.php Projekt: abdala/la
 protected function _getAcl()
 {
     $acl = false;
     if (Zend_Registry::isRegistered('cache')) {
         $cache = Zend_Registry::get('cache');
         $acl = $cache->load('acl');
     }
     if (!$acl) {
         $acl = new Zend_Acl();
         $role = new Auth_Model_DbTable_Role();
         $resource = new Auth_Model_DbTable_Resource();
         $roleResource = new Auth_Model_DbTable_RoleResource();
         $roles = $role->fetchAll("name <> 'Todos'");
         $resources = $resource->getDistinctModules();
         $relations = $roleResource->fetchAllRelations();
         $acl->addRole('Todos');
         foreach ($roles as $role) {
             $acl->addRole($role['name'], 'Todos');
         }
         foreach ($resources as $resource) {
             $acl->addResource($resource['module']);
         }
         foreach ($relations as $relation) {
             $acl->allow($relation['name'], $relation['module'], $relation['privilege']);
         }
         if (Zend_Registry::isRegistered('cache')) {
             $cache->save($acl, 'acl');
         }
     }
     Zend_Registry::set('acl', $acl);
     return $acl;
 }
Beispiel #24
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     // получаем имя текущего ресурса
     $resource = $request->getControllerName();
     // получаем имя action
     $action = $request->getActionName();
     $auth = Zend_Auth::getInstance();
     $username = Zend_Auth::getInstance()->getIdentity()->username;
     // Создаём объект Zend_Acl
     $acl = new Zend_Acl();
     // Добавляем ресурсы сайта
     $acl->addResource('index')->addResource('access')->addResource('catalog')->addResource('history')->addResource('outlets')->addResource('warehouse')->addResource('repairs')->addResource('sales')->addResource('service')->addResource('statistic')->addResource('documentation')->addResource('reports')->addResource('setup')->addResource('error');
     // далее переходим к созданию ролей, которых у нас 3:
     $acl->addRole('guest');
     // гость (неавторизированный пользователь)
     $acl->addRole('client');
     // гость (авторизированный пользователь)
     $acl->addRole('admin');
     // гость (авторизированный пользователь)
     // разрешаем гостю просматривать ресурс index
     $acl->allow('guest', 'access', array('login'))->allow('guest', 'error');
     $allow = new Application_Model_DbTable_Allow();
     $allow_data = $allow->fetchAll($allow->select()->where("username = '******'"))->toArray();
     $allow_array = array('documentation' => array($allow_data[0]['doc_index'], $allow_data[0]['doc_file'], $allow_data[0]['doc_delete']), 'catalog' => array($allow_data[0]['cat_index'], $allow_data[0]['cat_add'], $allow_data[0]['cat_edit'], $allow_data[0]['cat_delete'], $allow_data[0]['cat_exl']), 'history' => array($allow_data[0]['his_index']), 'reports' => array($allow_data[0]['rep_index']), 'statistic' => array($allow_data[0]['stat_index']), 'sales' => array($allow_data[0]['sal_index'], $allow_data[0]['sal_add'], $allow_data[0]['sal_edit'], $allow_data[0]['sal_delete'], $allow_data[0]['sal_toexcel']), 'repairs' => array($allow_data[0]['rps_index'], $allow_data[0]['rps_add'], $allow_data[0]['rps_edit'], $allow_data[0]['rps_delete'], $allow_data[0]['rps_toexcel'], $allow_data[0]['rps_toexcelmounth'], $allow_data[0]['rps_statistic']), 'warehouse' => array($allow_data[0]['war_index'], $allow_data[0]['war_add'], $allow_data[0]['war_edit'], $allow_data[0]['war_delete'], $allow_data[0]['war_toexcel'], $allow_data[0]['war_history'], $allow_data[0]['war_load'], $allow_data[0]['war_unload']), 'service' => array($allow_data[0]['ser_index'], $allow_data[0]['ser_add'], $allow_data[0]['ser_edit'], $allow_data[0]['ser_delete'], $allow_data[0]['ser_toexcel'], $allow_data[0]['ser_invoice']), 'setup' => array($allow_data[0]['set_index'], $allow_data[0]['set_names'], $allow_data[0]['set_addname'], $allow_data[0]['set_editname'], $allow_data[0]['set_deletename'], $allow_data[0]['set_types'], $allow_data[0]['set_addtype'], $allow_data[0]['set_edittype'], $allow_data[0]['set_deletetype'], $allow_data[0]['set_owners'], $allow_data[0]['set_addowner'], $allow_data[0]['set_editowner'], $allow_data[0]['set_deleteowner'], $allow_data[0]['set_users'], $allow_data[0]['set_adduser'], $allow_data[0]['set_edituser'], $allow_data[0]['set_deleteuser'], $allow_data[0]['set_status'], $allow_data[0]['set_addstatus'], $allow_data[0]['set_editstatus'], $allow_data[0]['set_deletestatus'], $allow_data[0]['set_prices'], $allow_data[0]['set_addprices'], $allow_data[0]['set_editprices'], $allow_data[0]['set_deleteprices'], $allow_data[0]['set_access'], $allow_data[0]['set_addaccess'], $allow_data[0]['set_editaccess'], $allow_data[0]['set_deleteaccess']));
     $acl->allow('client', 'error')->allow('client', 'access', array('logout'))->allow('client', 'index', array('index'))->allow('client', 'history', $allow_array['history'])->allow('client', 'documentation', $allow_array['documentation'])->allow('client', 'reports', $allow_array['reports'])->allow('client', 'statistic', $allow_array['statistic'])->allow('client', 'catalog', $allow_array['catalog'])->allow('client', 'sales', $allow_array['sales'])->allow('client', 'repairs', $allow_array['repairs'])->allow('client', 'warehouse', $allow_array['warehouse'])->allow('client', 'service', $allow_array['service'])->allow('client', 'setup', $allow_array['setup']);
     $acl->allow('admin', 'error')->allow('admin', 'access', array('logout'))->allow('admin', 'index', array('index'))->allow('admin', 'history', array('index'))->allow('admin', 'outlets', array('index', 'autofind', 'save'))->allow('admin', 'documentation', array('index', 'file', 'delete'))->allow('admin', 'reports', array('index'))->allow('admin', 'statistic', array('index'))->allow('admin', 'catalog', array('index', 'toexcel', 'add', 'edit', 'delete'))->allow('admin', 'sales', array('index', 'toexcel', 'add', 'edit', 'delete'))->allow('admin', 'service', array('index', 'toexcel', 'invoice', 'add', 'edit', 'delete'))->allow('admin', 'repairs', array('index', 'statistic', 'toexcel', 'toexcelmonth', 'add', 'edit', 'delete'))->allow('admin', 'warehouse', array('index', 'add', 'edit', 'delete', 'unload', 'load', 'history', 'toexcel'))->allow('admin', 'setup', array('index', 'names', 'addname', 'editname', 'deletename', 'types', 'addtype', 'edittype', 'deletetype', 'owners', 'addowner', 'editowner', 'deleteowner', 'users', 'adduser', 'edituser', 'deleteuser', 'status', 'addstatus', 'editstatus', 'deletestatus', 'access', 'addaccess', 'editaccess', 'deleteaccess', 'prices', 'addprices', 'editprices', 'deleteprices'));
     // получаем доступ к хранилищу данных Zend,
     // и достаём роль пользователя
     $identity = $auth->getStorage()->read();
     //var_dump($auth->getStorage()->read());
     //die;
     // если в хранилище ничего нет, то значит мы имеем дело с гостем
     if (empty($identity->role)) {
         $identity = new stdClass();
         // for php 5.4
         $identity->role = 'guest';
     }
     // если пользователь не допущен до данного ресурса или не зарегистрирован
     // то отсылаем его на страницу авторизации
     if (Zend_Auth::getInstance()->hasIdentity()) {
         if (!$acl->isAllowed($identity->role, $resource, $action)) {
             $request->setControllerName('error')->setActionName('noaccess');
         }
     } else {
         $request->setControllerName('access')->setActionName('login');
     }
 }
Beispiel #25
0
 public function getAcl()
 {
     Zend_Registry::get('log')->info(__METHOD__);
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role(1));
     $acl->add(new Zend_Acl_Resource('As'));
     $acl->add(new Zend_Acl_Resource('Bs'));
     $acl->add(new Zend_Acl_Resource('A'));
     $acl->add(new Zend_Acl_Resource('B'));
     $acl->allow(1, 'As');
     //$acl->allow(1, 'Bs');
     $acl->allow(1, 'A', 'edit', new App_Acl_Assert_ResourceAccess());
     $acl->allow(1, 'A', 'edit:all');
     $acl->allow(1, 'A', 'delete', new App_Acl_Assert_ResourceAccess());
     $acl->allow(1, 'A', 'delete:mine');
     return $acl;
 }
Beispiel #26
0
 function __construct($class = NULL)
 {
     $CI =& get_instance();
     $CI->load->library('zend');
     $CI->zend->load('Zend/Acl');
     $CI->zend->load('Zend/Acl/Role');
     $CI->zend->load('Zend/Acl/Resource');
     $acl = new Zend_Acl();
     //Add the Role
     $acl->addRole(new Zend_Acl_Role('NU'));
     $acl->addRole(new Zend_Acl_Role('memUser'), 'member');
     //Add Resource
     $acl->add(new Zend_Acl_Resource('users_login'));
     $acl->add(new Zend_Acl_Resource('users_profile'), 'users_login');
     $acl->allow('member', 'users_login');
     $acl->allow('memUser', 'users_profile');
 }
Beispiel #27
0
 /**
  * Return the acl under test
  *
  * @return Zend_Acl
  */
 protected function getAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('user'));
     $acl->addResource('foo');
     $acl->allow('user', 'foo');
     return $acl;
 }
 protected function _initAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_GUEST));
     $acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_USER), Core_Role::ROLE_GUEST);
     $acl->addResource('default:index');
     $acl->allow(Core_Role::ROLE_GUEST, 'default:index', 'index');
     $registry = Zend_Registry::getInstance();
     $registry->set('acl', $acl);
 }
Beispiel #29
0
 /**
  * Obtiene la relacion entre access role y security actions
  * @return array
  */
 protected function grantPermissions()
 {
     $allPermissions = $this->accessRoleCatalog->getAllPermissions();
     $actions = $this->getSecurityActionsFromDatabase();
     foreach ($allPermissions as $idAction => $accessRoles) {
         foreach (array_keys($accessRoles) as $idAccessRole) {
             $this->acl->allow($idAccessRole, $actions[$idAction]);
         }
     }
 }
Beispiel #30
0
 protected function _generateAcl()
 {
     //This would probably be pulled from a registry or something in an application
     //hard coded here to an example ACL
     //create the acl
     $acl = new Zend_Acl();
     //create playlist resource
     $acl->add(new Zend_Acl_Resource('playlist'));
     //Listen can view playlists
     $acl->addRole(new Zend_Acl_Role('listener'));
     $acl->allow('listener', 'playlist', 'view');
     //DJ inherits from listener to view playlists, but can also play playlists
     $acl->addRole(new Zend_Acl_Role('dj'), 'listener');
     $acl->allow('dj', 'playlist', 'play');
     //program manager inherits from DJ to view and play playlists but can also manage playlists
     $acl->addRole(new Zend_Acl_Role('program manager'), 'dj');
     $acl->allow('program manager', 'playlist', 'manage');
     return $acl;
 }