Beispiel #1
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     //ролі
     $acl->addRole(new Zend_Acl_Role('guest'));
     //user наслідує усі параметри guest
     $acl->addRole(new Zend_Acl_Role('user'), 'guest');
     $acl->addRole(new Zend_Acl_Role('admin'));
     //ресурси - доступні контролери
     $acl->add(new Zend_Acl_Resource('users'));
     $acl->add(new Zend_Acl_Resource('index'));
     //дозвіл
     $acl->deny();
     //заборонити доступ всім
     $acl->allow('admin', null);
     //дозволити доступ admin-у до всього
     //users це resource - контролер
     // далі $privilege - екшн
     $acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
     $acl->allow('guest', 'index');
     $acl->allow('user', 'users', array('logout'));
     $acl->deny('user', 'users', array('login', 'registration'));
     //глобальний доступ до змінної
     //щоб використати у видах
     Zend_Registry::set('acl', $acl);
     /*
             //isAllowed() - чи має доступ $role до $resourse і $privilege
             //$resource - контролер
             //$privilege - екшн
             if($acl->isAllowed($role, $resource, $privilege)){
                 
             } */
 }
Beispiel #2
0
 public function getAcl()
 {
     $acl = new Zend_Acl();
     // Add roles.
     $acl->addRole('super');
     // Admins inherit privileges from super users.
     $acl->addRole('admin', 'super');
     $acl->addRole('researcher');
     // Contributors inherit privileges from researchers.
     $acl->addRole('contributor', 'researcher');
     // Add resources, corresponding to Omeka controllers.
     $resources = array('Items', 'Collections', 'ElementSets', 'Files', 'Plugins', 'Settings', 'Security', 'Upgrade', 'Tags', 'Themes', 'SystemInfo', 'ItemTypes', 'Users', 'Search', 'Appearance', 'Elements');
     foreach ($resources as $resource) {
         $acl->addResource($resource);
     }
     // Define allow rules for everyone.
     // Everyone can view and browse these resources.
     $acl->allow(null, array('Items', 'ItemTypes', 'Tags', 'Collections', 'Search', 'ElementSets', 'Elements'), array('index', 'browse', 'show', 'home', 'print-cart'));
     // Everyone can view an item's tags and use the item search.
     $acl->allow(null, array('Items'), array('tags', 'search'));
     // Everyone can view files.
     $acl->allow(null, 'Files', 'show');
     // Non-authenticated users can access the upgrade script, for logistical reasons.
     $acl->allow(null, 'Upgrade');
     // Deny privileges from admin users
     $acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo', 'Appearance'));
     // Assert ownership for certain privileges.
     // Owners can edit and delete items and collections.
     $acl->allow(null, array('Items', 'Collections'), array('edit', 'delete'), new Omeka_Acl_Assert_Ownership());
     // Owners can edit files.
     $acl->allow(null, 'Files', 'edit', new Omeka_Acl_Assert_Ownership());
     // Define allow rules for specific roles.
     // Super users have full privileges.
     $acl->allow('super');
     // Researchers can view and search items and collections that are not public.
     $acl->allow('researcher', array('Items', 'Collections', 'Search'), 'showNotPublic');
     // Contributors can add and tag items, edit or delete their own items, and see
     // their items that are not public.
     $acl->allow('contributor', 'Items', array('add', 'tag', 'batch-edit', 'batch-edit-save', 'change-type', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
     // Contributors can edit their own files.
     $acl->allow('contributor', 'Files', 'editSelf');
     // Contributors have access to tag autocomplete.
     $acl->allow('contributor', 'Tags', array('autocomplete'));
     // Contributors can add collections, edit or delete their own collections, and
     // see their collections that are not public.
     $acl->allow('contributor', 'Collections', array('add', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
     $acl->allow('contributor', 'Elements', 'element-form');
     // Define deny rules.
     // Deny admins from accessing some resources allowed to super users.
     $acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo'));
     // Deny admins from deleting item types and item type elements.
     $acl->deny('admin', 'ItemTypes', array('delete', 'delete-element'));
     // Deny Users to admins since they normally have all the super permissions.
     $acl->deny(null, 'Users');
     $acl->allow(array('super', 'admin', 'contributor', 'researcher'), 'Users', null, new Omeka_Acl_Assert_User());
     // Always allow users to login, logout and send forgot-password notifications.
     $acl->allow(array(null, 'admin'), 'Users', array('login', 'logout', 'forgot-password', 'activate'));
     return $acl;
 }
Beispiel #3
0
 protected function setUp()
 {
     \Zend_Controller_Front::getInstance()->resetInstance();
     $this->request = new \Zend_Controller_Request_Http();
     \Zend_Session::$_unitTestEnabled = true;
     $this->acl = new \Zend_Acl();
     $this->acl->deny();
     $this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST));
     $this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST);
     parent::setUp();
 }
 /**
  * 
  */
 public function buildAcl()
 {
     if (is_null($this->acl)) {
         $this->acl = new Zend_Acl();
     }
     $this->acl->removeAll();
     $permissions = $this->getPermissionList();
     $resources = $this->getResourceList();
     $resourceParents = $this->getResourceParentList();
     $roles = $this->getRoleList();
     $roleParents = $this->getRoleParentList();
     $rolesTmp = array();
     foreach ($roles as $role) {
         $roleId = $role['role_id'];
         $roleName = $role['role_name'];
         $rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array());
         $rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId));
     }
     foreach ($roleParents as $roleParent) {
         $roleId = $roleParent['role_id'];
         $roleIdParent = $roleParent['role_id_parent'];
         $rolesTmp[$roleId]['parents'][] = $roleIdParent;
     }
     foreach ($rolesTmp as $role) {
         $this->acl->addRole($role['name'], $role['parents']);
     }
     #echo '<pre>';
     $resourcesTmp = array();
     foreach ($resources as $resource) {
         $resourceId = $resource['resource_id'];
         $resourceName = $resource['resource_name'];
         $resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null);
         $resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId);
     }
     foreach ($resourceParents as $resourceParent) {
         $resourceId = $resourceParent['resource_id'];
         $resourceIdParent = $resourceParent['resource_id_parent'];
         $resourcesTmp[$resourceId]['parent'] = $resourceIdParent;
     }
     foreach ($resourcesTmp as $resource) {
         $this->acl->addResource($resource['name'], $resource['parent']);
     }
     foreach ($permissions as $permission) {
         if (empty($permission['allowed'])) {
             $this->acl->deny($permission['role_id'], $permission['resource_id']);
         } else {
             $this->acl->allow($permission['role_id'], $permission['resource_id']);
         }
     }
 }
 protected function _initAlc()
 {
     // Создаём объект Zend_Acl
     $acl = new Zend_Acl();
     //$acl->removeAll();
     // указываем, что у нас есть ресурсы
     //$acl->addResource(new Zend_Acl_Resource('error'));
     $acl->addResource(new Zend_Acl_Resource('auth'));
     $acl->addResource(new Zend_Acl_Resource('index'));
     $acl->addResource(new Zend_Acl_Resource('models-generator'));
     $acl->addResource(new Zend_Acl_Resource('slugify'));
     $acl->addResource(new Zend_Acl_Resource('sefurl'));
     $acl->addResource(new Zend_Acl_Resource('search-index'));
     $acl->addResource(new Zend_Acl_Resource('test'));
     $acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
     $acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
     $acl->addResource(new Zend_Acl_Resource('cache-manager'));
     $acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
     $acl->addResource(new Zend_Acl_Resource('products-draft'));
     // далее переходим к созданию ролей, которых у нас 2:
     // гость (неавторизированный пользователь)
     $acl->addRole('guest');
     // администратор, который наследует доступ от гостя
     $acl->addRole('admin', 'guest');
     $acl->deny();
     //$acl->allow('guest', array('default', 'catalog', 'error'));
     $acl->allow('guest', 'auth');
     $acl->allow('admin');
     // получаем экземпляр главного контроллера
     $fc = Zend_Controller_Front::getInstance();
     // регистрируем плагин с названием AclUtils, в который передаём
     // на ACL и экземпляр Zend_Auth
     $fc->registerPlugin(new Plugin_AclUtils($acl, Zend_Auth::getInstance()));
 }
Beispiel #6
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     // добавляем роли
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('admin'));
     // добавляем ресурсы
     $acl->add(new Zend_Acl_Resource('sites'));
     $acl->add(new Zend_Acl_Resource('index'));
     $acl->add(new Zend_Acl_Resource('logs'));
     $acl->add(new Zend_Acl_Resource('auth'));
     $acl->add(new Zend_Acl_Resource('maps'));
     $acl->add(new Zend_Acl_Resource('best'));
     $acl->add(new Zend_Acl_Resource('news'));
     // если нет роли то все запрещаем
     $acl->deny();
     // админу по умолчанию разрешено все
     $acl->allow('admin', null);
     // гостю только контроллер с экшеном для входа
     $acl->allow('guest', 'auth', array('index', 'check'));
     $acl->allow('guest', 'maps', array('cronmaps'));
     $acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect'));
     // если надо запретить экшены в разрешенном контроллере
     /*$acl->deny('user', 'users', array(
           'login', 'registration'
       ));
        * 
        */
     Zend_Registry::set('acl', $acl);
 }
Beispiel #7
0
    /**
     * @group ZF-9643
     */
    public function testRemoveDenyWithNullResourceAppliesToAllResources()
    {
        $this->_acl->addRole('guest');
        $this->_acl->addResource('blogpost');
        $this->_acl->addResource('newsletter');
        
        $this->_acl->allow();
        $this->_acl->deny('guest', 'blogpost', 'read');
        $this->_acl->deny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));

        $this->_acl->removeDeny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        $this->_acl->removeDeny('guest', null, 'read');
        $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        // ensure deny null/all resources works
        $this->_acl->deny('guest', null, 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
    }
Beispiel #8
0
 /**
  * @return void
  */
 public function addResource($obj)
 {
     if (!is_object($obj) || $this->_acl->has($obj)) {
         return false;
     }
     $nameParts = explode('_', strtolower(get_class($obj)));
     $simpleName = array_pop($nameParts);
     if (!$this->_acl->has($simpleName)) {
         $this->_acl->addResource(new Zend_Acl_Resource($simpleName));
     }
     $this->_acl->addResource($obj->getResourceId(), $simpleName);
     if ($obj->isPrivate()) {
         $this->_acl->deny(null, $obj->getResourceId(), null, new Default_Model_Acl_HasPermissionAssertion());
     }
     return true;
 }
Beispiel #9
0
 /**
  * Метод загружающий правила ACL
  * из хранилища правил в объект Zend_Acl
  * 
  * @throws Excore_Acl_Rules_Exception
  * @return void
  */
 protected function _loadRules()
 {
     $rules = $this->_rules->getAll();
     foreach ($rules as $rule) {
         if (!in_array($rule['type'], $this->_ruleTypes)) {
             throw new Excore_Acl_Rules_Exception("Rule type `{$rule['type']}` is invalid rule type for current settings");
         }
         if (!$this->_acl->hasRole(new Zend_Acl_Role($rule['roleId']))) {
             throw new Excore_Acl_Rules_Exception("Role `{$rule['roleId']}` found in rules storage, but was not in roles storage");
         }
         if (!$this->_acl->has(new Zend_Acl_Resource($rule['resourceId']))) {
             throw new Excore_Acl_Rules_Exception("Resource `{$rule['resourceId']}` found in rules storage, but was not in resources storage");
         }
         $assert = $rule['assert'];
         if ($assert !== null) {
             $assert = new $assert();
         }
         switch ($rule['type']) {
             case $this->_ruleTypes['TYPE_ALLOW']:
                 $this->_acl->allow(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
                 break;
             case $this->_ruleTypes['TYPE_DENY']:
                 $this->_acl->deny(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
                 break;
         }
     }
 }
Beispiel #10
0
 public function testGetSelectAclIntegration()
 {
     // Test ItemTable::getSelect() when the ACL is not available.
     $this->assertEquals("SELECT items.* FROM omeka_items AS items", (string) $this->table->getSelect());
     // Test ItemTable::getSelect() when the ACL is available.
     $acl = new Zend_Acl();
     $acl->add(new Zend_Acl_Resource('Items'));
     $acl->deny(null, 'Items', 'showNotPublic');
     Zend_Registry::get('bootstrap')->getContainer()->acl = $acl;
     $this->assertContains("WHERE (items.public = 1)", (string) $this->table->getSelect());
 }
Beispiel #11
0
 /**
  * Deny access to this role for a particular permissible object (or globally)
  *
  * @param  string           permission to deny
  * @param  QFrame_Permissible (optional) permissible object to deny access to
  */
 public function deny($permission, QFrame_Permissible $permissible = null)
 {
     $resource = $permissible === null ? "GLOBAL" : $permissible->getPermissionID();
     if (!$this->acl->hasRole($permission)) {
         $this->acl->addRole(new Zend_Acl_Role($permission));
     }
     if (!$this->acl->has($resource)) {
         $this->acl->add(new Zend_Acl_Resource($resource));
     }
     $this->acl->deny($permission, $resource);
 }
Beispiel #12
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     //roles
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('user'), 'guest');
     $acl->addRole(new Zend_Acl_Role('admin'));
     //resources
     $acl->add(new Zend_Acl_Resource('users'));
     $acl->add(new Zend_Acl_Resource('index'));
     //permissions
     $acl->deny();
     $acl->allow('admin', null);
     //Guest rights
     $acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
     $acl->allow('guest', 'index');
     //User rights
     $acl->allow('user', 'users', array('logout'));
     $acl->deny('user', 'users', array('login', 'registration'));
     Zend_Registry::set('acl', $acl);
 }
Beispiel #13
0
 protected function _loadPermissions()
 {
     $acls = Auth_Model_AclMapper::getInstance()->fetchAll(array());
     /* @var $acl Auth_Model_Acl */
     foreach ($acls as $acl) {
         if ($acl->get_allowed() == 'yes') {
             $this->_acl->allow($this->getRoleCode($acl->get_role_id()), $acl->get_resource_code(), $acl->get_privilege_code());
         } else {
             $this->_acl->deny($this->getRoleCode($acl->get_role_id()), $acl->get_resource_code(), $acl->get_privilege_code());
         }
     }
 }
Beispiel #14
0
 /**
  * Hlavni logika ACL
  *
  * @param $request
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $module = $request->getModuleName();
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity()) {
         $acl = new Zend_Acl();
         $identity = $auth->getIdentity();
         $acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner');
         if ($identity->owner == true) {
             $inherit = 'owner';
         } elseif ($identity->administrator == true) {
             $inherit = 'admin';
         } else {
             $inherit = 'user';
         }
         $acl->addRole(new Zend_Acl_Role($identity->email), $inherit);
         $projekt = $request->getParam('projekt');
         // Zakladni resource
         foreach ($this->_resources as $val => $key) {
             $acl->add(new Zend_Acl_Resource($key));
         }
         // Prava pro zakladni resource
         $acl->allow('owner');
         $acl->deny('admin', 'account');
         $acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir'));
         $acl->deny('user', 'account');
         $acl->deny('user', 'project', $this->_create);
         $acl->deny('user', 'people', $this->_create);
         $acl->deny('user', 'project', $this->_manage);
         $acl->deny('user', 'people', $this->_manage);
         if ($request->id == $identity->iduser) {
             $acl->allow('user', 'people', $this->_manage);
         }
         // Resource pro projektovou podsekci
         $this->_projectAcl($acl, $identity);
         Zend_Registry::set('acl', $acl);
         if ($identity->administrator == 1) {
             $isAllowed = true;
         } elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) {
             $isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName());
         } elseif (in_array($request->getControllerName(), $this->_resources)) {
             $isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName());
         } else {
             $isAllowed = false;
         }
         $error = $request->getParam('error_handler');
         if (is_null($error)) {
             if (!$isAllowed) {
                 $module = $this->_noacl['module'];
                 $controller = $this->_noacl['controller'];
                 $action = $this->_noacl['action'];
             }
         }
         $request->setModuleName($module);
         $request->setControllerName($controller);
         $request->setActionName($action);
     }
 }
Beispiel #15
0
 public function __construct()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('admin'));
     $acl->add(new Zend_Acl_Resource('admin'));
     $acl->add(new Zend_Acl_Resource('index'));
     $acl->deny();
     $acl->allow('admin', null);
     $acl->allow('guest', 'admin', array('login'));
     $acl->allow('guest', 'index');
     Zend_Registry::set('acl', $acl);
 }
Beispiel #16
0
 /**
  * @group ZF-10649
  */
 public function testAllowAndDenyWithNullForResourcesWillApplyToAllResources()
 {
     $this->_acl->addRole('guest');
     $this->_acl->addResource('blogpost');
     $this->_acl->allow('guest');
     $this->assertTrue($this->_acl->isAllowed('guest'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
     $this->_acl->deny('guest');
     $this->assertFalse($this->_acl->isAllowed('guest'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
 }
Beispiel #17
0
 protected function _initAcl()
 {
     $this->bootstrap('frontController');
     $front = $this->getResource('frontController');
     $acl = new \Zend_Acl();
     $acl->deny();
     $acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST));
     $acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST);
     $aclConfig = new \Zend_Config_Ini(APPLICATION_PATH . '/configs/acl.ini');
     foreach ($aclConfig as $resourceName => $role) {
         $acl->addResource($resourceName);
         $acl->allow($role, $resourceName);
     }
     $front->registerPlugin(new Acl($acl));
 }
Beispiel #18
0
 public function setUp()
 {
     $acl = new Zend_Acl();
     // Add resources and roles
     $acl->addResource('profile');
     $acl->addRole('admin');
     $acl->addRole('user');
     // Deny everything by default
     $acl->deny();
     // Admins can create and edit users but normal users are only
     // allowed to edit their own profile
     $acl->allow('admin', 'profile', array('create', 'read', 'update'));
     $acl->allow('user', 'profile', array('read', 'update'), new App_Acl_Assert_SameUser());
     $this->_acl = $acl;
 }
Beispiel #19
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $acl = new Zend_Acl();
     $acl->addResource("page");
     $acl->addResource("forum");
     $acl->addResource("catalog");
     $acl->addRole("administrator");
     $acl->addRole("moderator");
     $acl->allow("administrator");
     $acl->deny("moderator");
     $acl->allow("moderator", "forum", array("answer", "edit-own"));
     Zend_Registry::set('acl', $acl);
     if (!Zend_Auth::getInstance()->hasIdentity()) {
         $request->setControllerName('index')->setActionName('login');
     }
 }
Beispiel #20
0
 /**
  * @group ZF2-3454
  */
 public function testAclResourcePermissionsAreInheritedWithMultilevelResourcesAndDenyPolicy()
 {
     $this->_acl->addRole('guest');
     $this->_acl->addResource('blogposts');
     $this->_acl->addResource('feature', 'blogposts');
     $this->_acl->addResource('post_1', 'feature');
     $this->_acl->addResource('post_2', 'feature');
     // Allow a guest to read feature posts and
     // comment on everything except feature posts.
     $this->_acl->deny();
     $this->_acl->allow('guest', 'feature', 'read');
     $this->_acl->allow('guest', null, 'comment');
     $this->_acl->deny('guest', 'feature', 'comment');
     $this->assertFalse($this->_acl->isAllowed('guest', 'feature', 'write'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'post_1', 'read'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'post_2', 'read'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'post_1', 'comment'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'post_2', 'comment'));
 }
Beispiel #21
0
 /**
  * Tworzy ARO i ACO
  */
 public function init()
 {
     $acl = new Zend_Acl();
     $aro = $acl->aroRegistry();
     $aro->add('guest');
     $aro->add('ankieter', $aro->guest);
     $aro->add('administrator');
     // Zabieramy prawa, a potem jak trzeba, przyznajemy je.
     $acl->deny();
     // gość
     $acl->index->allow($aro->guest);
     $acl->ankieta->allow($aro->guest);
     // ankieter
     $acl->ankieter->allow($aro->ankieter);
     $acl->raport->allow($aro->ankieter);
     $acl->ankieta->allow($aro->ankieter);
     // admin
     $acl->allow($aro->administrator);
     $this->acl = $acl;
 }
Beispiel #22
0
 /**
  * @return void
  */
 public function addAllPermissions()
 {
     // First of all deny everything.
     parent::deny();
     $query = Doctrine_Query::create()->select('module.name, acontroller.name, controller.name, action.name,
                 service.id, role.id, story.id, permission.*, story.name')->from('Model_Entity_Service service')->leftJoin('service.Resource controller')->leftJoin('controller.Module module')->leftJoin('service.Action action')->leftJoin('action.Controller acontroller')->leftJoin('service.Story story')->leftJoin('story.Permission permission')->leftJoin('permission.Role role')->useQueryCache(Kebab_Cache_Query::isEnable());
     $services = $query->execute();
     if (count($services->toArray()) > 0) {
         foreach ($services as $service) {
             $action = !isset($service->Action->name) ? null : $service->Action->name;
             $resource = isset($service->Resource) ? $service->Resource->Module->name . '_' . $service->Resource->name : null;
             $resource = is_null($resource) && isset($service->Action->Controller) ? $service->Action->Controller->Module->name . '_' . $service->Action->Controller->name : $resource;
             if (isset($service->Story)) {
                 foreach ($service->Story->Permission->toArray() as $permission) {
                     if (count($permission) > 0) {
                         Zend_Registry::get('logging')->log($permission['Role']['id'] . '-' . $resource . '-' . $action, Zend_Log::DEBUG);
                         parent::allow($permission['Role']['id'], $resource, $action);
                     }
                 }
             }
         }
     }
 }
 /**
  * Carrega todos os menus cadastrados no sistema negando o acesso
  */
 protected function carregaMenus()
 {
     $oAcoes = Administrativo_Model_Acao::getAll();
     foreach ($oAcoes as $oAcao) {
         $sModulo = $oAcao->getControle()->getModulo()->getIdentidade();
         $sControle = $oAcao->getControle()->getIdentidade();
         $oAcoesExtra = explode(',', trim($oAcao->getSubAcoes()));
         $aAcoesExtra = array_merge($oAcoesExtra, array($oAcao->getAcaoAcl()));
         $oResource = new Zend_Acl_Resource($sModulo . ":" . $sControle);
         if (!$this->_acl->has($oResource->getResourceId())) {
             $this->_acl->addResource($oResource->getResourceId());
         }
         foreach ($aAcoesExtra as $sAcao) {
             if (empty($sAcao)) {
                 continue;
             }
             if (!$oAcao->getControle()->getVisivel()) {
                 $this->_acl->allow('Usuario', $oResource->getResourceId(), $sAcao);
             } else {
                 $this->_acl->deny('Usuario', $oResource->getResourceId(), $sAcao);
             }
         }
     }
 }
Beispiel #24
0
 /**
  * Implementa os roles, resources e privileges
  * no objeto Zend_Acl levantado
  * 
  * Para que assim começamos a definir os objetos a serem
  * exibidos na tela
  * 
  * @param string $module
  */
 private function loadAcl($module)
 {
     /**
      * Resgata o cache
      * Define o id do acl
      * 
      * Verifica se existe no cache um acl para o módulo
      * recebido por esta função
      */
     $cache = $this->getObjectCache();
     $idCache = 'acl_' . strtolower($module);
     $data = $cache->load($idCache);
     $this->_moduleLoaded = $module;
     if (!$data) {
         $_privilege = $this->_getPrivilege();
         $privileges = $_privilege->getPrivileges($module);
         foreach ($privileges as $privilege) {
             $this->add($privilege->getRole(), $privilege->getResource(), $privilege->getAccess() == 'A');
         }
         $data = serialize($this->_privileges);
         $cache->save($data, $idCache);
     } else {
         $this->_privileges = unserialize($data);
     }
     return true;
     if (!$data) {
         $this->_acl = new Zend_Acl();
         /**
          * Adiciona os papeis no ACL
          * Para que posteriormente seja verificado os recursos
          */
         $role = $this->_getRole();
         $roles = $role->getRoles();
         foreach ($roles as $row) {
             /**
              * Verifica se há existência de um papel pai
              * se houver temos que adicionar um novo Zend_Acl_Role atribuindo
              * a ele o nome do papel pai resgatado 
              */
             if ($row->getParent() != '') {
                 $this->_acl->addRole(new Zend_Acl_Role($row->getName()), $row->getParent());
             } else {
                 $this->_acl->addRole(new Zend_Acl_Role($row->getName()));
             }
         }
         /**
          * Adiciona os recuros no ACL
          */
         $resource = $this->_getResource();
         $resources = $resource->getResources($module);
         foreach ($resources as $resource) {
             if ($resource->getParent() != '') {
                 $this->_acl->add(new Zend_Acl_Resource($resource->getName()), $resource->getParent());
             } else {
                 $this->_acl->add(new Zend_Acl_Resource($resource->getName()));
             }
         }
         /**
          * Define as permissões que o usuário terá
          * negando a ele acessar determinadas telas.
          * Executar determinadas funções
          */
         $privilege = $this->_getPrivilege();
         $privileges = $privilege->getPrivileges($module);
         foreach ($privileges as $privilege) {
             if ($privilege->getAccess() == 'A') {
                 $this->_acl->allow($privilege->getRole(), $privilege->getResource());
             } else {
                 $this->_acl->deny($privilege->getRole(), $privilege->getResource());
             }
         }
         $data = serialize($this->_acl);
         $cache->save($data, $idCache);
     } else {
         $this->_acl = unserialize($data);
     }
 }
 /**
  * get roles and resources from db, build Zend_Acl structure and add permissions
  * @param Zend_Db $db
  */
 protected function makeAcl($db)
 {
     $acl = new Zend_Acl();
     $res = $db->fetchAll('select * from system_role');
     foreach ($res as $obj) {
         if ($obj['inherit_role'] != '') {
             if ($acl->hasRole($obj['inherit_role'])) {
                 $acl->addRole(new Zend_Acl_Role($obj['role']), $obj['inherit_role']);
             } else {
                 /**
                  * @todo very simply system to order roles, add role before inherited role
                  */
                 $res[] = $obj;
                 continue;
             }
         } else {
             $acl->addRole(new Zend_Acl_Role($obj['role']));
         }
     }
     $res = $db->fetchAll('select * from system_resource');
     foreach ($res as $obj) {
         $acl->addResource(new Zend_Acl_Resource($obj['resource']));
     }
     $res = $db->fetchAll('select r.role as role, rs.resource as resource, permission, privilege ' . 'from system_role as r join system_role_has_system_resource as m on ' . '(r.id = m.system_role_id) join system_resource as rs on (m.system_resource_id = rs.id)');
     foreach ($res as $obj) {
         $privilege = explode(',', $obj['privilege']);
         if ($obj['permission'] == 'allow') {
             $acl->allow($obj['role'], $obj['resource'], $privilege);
         } else {
             $acl->deny($obj['role'], $obj['resource'], $privilege);
         }
     }
     return $acl;
 }
Beispiel #26
0
 protected function _initAcl()
 {
     $acl = new Zend_Acl();
     // roles: member, user, admin, super admin
     $acl->addRole(new Zend_Acl_Role(Tools_Security_Acl::ROLE_GUEST));
     $acl->addRole(new Zend_Acl_Role(Tools_Security_Acl::ROLE_MEMBER), Tools_Security_Acl::ROLE_GUEST);
     $acl->addRole(new Zend_Acl_Role(Tools_Security_Acl::ROLE_USER), Tools_Security_Acl::ROLE_MEMBER);
     $acl->addRole(new Zend_Acl_Role(Tools_Security_Acl::ROLE_ADMIN));
     $acl->addRole(new Zend_Acl_Role(Tools_Security_Acl::ROLE_SUPERADMIN));
     //resources
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_CONTENT));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_WIDGETS));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_PAGE_PROTECTED));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_PAGE_PUBLIC));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_CACHE_PAGE));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_CODE));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_THEMES));
     //resources of admin area
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_ADMINPANEL));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_PAGES));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_MEDIA));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_SEO));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_LAYOUT));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_CONFIG));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_USERS));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_PLUGINS));
     $acl->addResource(new Zend_Acl_Resource(Tools_Security_Acl::RESOURCE_PLUGINS_MENU));
     //permissions
     $acl->allow(Tools_Security_Acl::ROLE_GUEST, Tools_Security_Acl::RESOURCE_PAGE_PUBLIC);
     $acl->allow(Tools_Security_Acl::ROLE_GUEST, Tools_Security_Acl::RESOURCE_CACHE_PAGE);
     $acl->deny(Tools_Security_Acl::ROLE_MEMBER, Tools_Security_Acl::RESOURCE_CACHE_PAGE);
     $acl->allow(Tools_Security_Acl::ROLE_MEMBER, Tools_Security_Acl::RESOURCE_PAGE_PROTECTED);
     $acl->allow(Tools_Security_Acl::ROLE_MEMBER, Tools_Security_Acl::RESOURCE_ADMINPANEL);
     $acl->allow(Tools_Security_Acl::ROLE_MEMBER, Tools_Security_Acl::RESOURCE_PLUGINS_MENU);
     //user = copywriter
     $acl->allow(Tools_Security_Acl::ROLE_USER, Tools_Security_Acl::RESOURCE_PLUGINS);
     $acl->allow(Tools_Security_Acl::ROLE_USER, Tools_Security_Acl::RESOURCE_ADMINPANEL);
     $acl->allow(Tools_Security_Acl::ROLE_USER, Tools_Security_Acl::RESOURCE_CONTENT);
     $acl->allow(Tools_Security_Acl::ROLE_USER, Tools_Security_Acl::RESOURCE_MEDIA);
     $acl->allow(Tools_Security_Acl::ROLE_USER, Tools_Security_Acl::RESOURCE_PAGES);
     $acl->allow(Tools_Security_Acl::ROLE_USER, Tools_Security_Acl::RESOURCE_THEMES);
     $acl->allow(Tools_Security_Acl::ROLE_ADMIN);
     $acl->deny(Tools_Security_Acl::ROLE_ADMIN, Tools_Security_Acl::RESOURCE_CODE);
     $acl->deny(Tools_Security_Acl::ROLE_ADMIN, Tools_Security_Acl::RESOURCE_CACHE_PAGE);
     $acl->allow(Tools_Security_Acl::ROLE_SUPERADMIN);
     $acl->deny(Tools_Security_Acl::ROLE_SUPERADMIN, Tools_Security_Acl::RESOURCE_CACHE_PAGE);
     Zend_Registry::set('acl', $acl);
 }
Beispiel #27
0
 /**
  * Proxy to the underlying Zend_Acl's deny()
  *
  * We use the controller's name as the resource and the
  * action name(s) as the privilege(s)
  *
  * @param  Zend_Acl_Role_Interface|string|array     $roles
  * @param  string|array                             $actions
  * @uses   Zend_Acl::setRule()
  * @return Expenses_Controller_Action_Helper_Acl Provides a fluent interface
  */
 public function deny($roles = null, $actions = null)
 {
     $resource = $this->_action->getRequest()->getControllerName();
     $this->_acl->deny($roles, $resource, $actions);
     return $this;
 }
Beispiel #28
0
 /** Proxy to the underlying Zend_Acl's deny()
  * We use the controller's name as the resource and the
  * action name(s) as the privilege(s)
  * @access public
  * @param  Zend_Acl_Role_Interface|string|array     $roles
  * @param  string|array                             $actions
  * @uses   Zend_Acl::setRule()
  * @return Pas_Controller_Action_Helper_Acl Provides a fluent interface
  */
 public function deny($roles = null, $actions = null)
 {
     $resource = $this->_controllerName;
     $this->_acl->deny($roles, $resource, $actions);
     return $this;
 }
Beispiel #29
0
 /**
  * PreDispatch method for ACL Plugin. It checks if current user has privileges for resources requested 
  * @see Zend_Controller_Plugin_Abstract::preDispatch()
  * @param Zend_Controller_Request_Abstract $request 
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     try {
         $frontendOptions = array('lifetime' => 43200, 'automatic_serialization' => true);
         $backendOptions = array('cache_dir' => APPLICATION_CACHE_PATH);
         $cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions);
         // fetch the current user
         $auth = Zend_Auth::getInstance();
         if ($auth->hasIdentity()) {
             $identity = $auth->getIdentity();
             $objRole->id = $identity->role_id;
             // get an instance of Zend_Session_Namespace used by Zend_Auth
             #$authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace());
             // set an expiration on the Zend_Auth namespace where identity is held
             #$authns->setExpirationSeconds(60 * 30);  // expire auth storage after 30 min
         } else {
             $objRole->id = 3;
             # guess
         }
         $cacheACL = false;
         if ($cache->load('cacheACL_' . $objRole->id) && $cache->test('cacheACL_' . $objRole->id)) {
             $cacheACL = $cache->load('cacheACL_' . $objRole->id);
         }
         if ($cacheACL == false) {
             // set up acl
             $acl = new Zend_Acl();
             $mdlRole = new Acl_Model_Role();
             $mdlResource = new Acl_Model_Resource();
             $mdlPermission = new Acl_Model_Permission();
             #$role = $mdlRole->createRow();
             $acl->addRole(new Zend_Acl_Role($objRole->id));
             $role = $mdlRole->find($objRole->id)->current();
             #var_dump($role, $objRole->id);
             #die();
             if ($role == null) {
                 throw new Zend_Exception('Role not found');
             }
             $select = $mdlRole->select()->order('priority DESC')->limit(1);
             $childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current();
             $resources = $mdlResource->getRegisteredList();
             #if ( !$resources ) throw new Zend_Exception('Resources not available');
             if ($resources->count() > 0) {
                 foreach ($resources as $resource) {
                     $resourceTemp = strtolower($resource->module . ':' . $resource->controller);
                     if (!$acl->has(new Zend_Acl_Resource($resourceTemp))) {
                         $acl->addResource(new Zend_Acl_Resource($resourceTemp));
                     }
                 }
             } else {
                 throw new Zend_Exception('Resources not available');
             }
             if ($resources->count() > 0) {
                 foreach ($resources as $resource) {
                     $resourceTemp = strtolower($resource->module . ':' . $resource->controller);
                     $childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null;
                     $rolePrivilege = $mdlPermission->getByResource($resource, $role);
                     if ($objRole->id < 2) {
                         $acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
                     } elseif (!$childRole && !$rolePrivilege || strcasecmp($rolePrivilege->privilege, 'deny') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) {
                         $acl->deny($objRole->id, $resourceTemp, $resource->actioncontroller);
                     } elseif (strcasecmp($rolePrivilege->privilege, 'allow') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) {
                         $acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller);
                     }
                 }
                 # foreach ( $resources as $resource )
             }
             # if ( $resources->count() > 0 )
             $cache->save($acl, 'cacheACL_' . $objRole->id);
             Zend_Registry::set('ZendACL', $acl);
         } else {
             Zend_Registry::set('ZendACL', $cacheACL);
         }
         Zend_Registry::set('cacheACL', $cache);
     } catch (Exception $e) {
         try {
             $writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugins.log');
             $logger = new Zend_Log($writer);
             $logger->log($e->getMessage(), Zend_Log::ERR);
         } catch (Exception $e) {
         }
     }
 }
Beispiel #30
0
 public static function setupAcl()
 {
     $acl = new Zend_Acl();
     $application = Stuffpress_Application::getInstance();
     /* Creating roles */
     $acl->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('member'), 'guest')->addRole(new Zend_Acl_Role('admin'), 'member');
     /* Add the root resource */
     $acl->add(new Zend_Acl_Resource('root'));
     /* Resources for public module */
     $acl->add(new Zend_Acl_Resource('public'), 'root');
     $acl->add(new Zend_Acl_Resource('public:comments'), 'public');
     $acl->add(new Zend_Acl_Resource('public:embed'), 'public');
     $acl->add(new Zend_Acl_Resource('public:error'), 'public');
     $acl->add(new Zend_Acl_Resource('public:file'), 'public');
     $acl->add(new Zend_Acl_Resource('public:index'), 'public');
     $acl->add(new Zend_Acl_Resource('public:home'), 'public');
     $acl->add(new Zend_Acl_Resource('public:shorturl'), 'public');
     $acl->add(new Zend_Acl_Resource('public:story'), 'public');
     $acl->add(new Zend_Acl_Resource('public:storymap'), 'public');
     $acl->add(new Zend_Acl_Resource('public:mappage'), 'public');
     $acl->add(new Zend_Acl_Resource('public:timeline'), 'public');
     /* Resources for consolemodule */
     $acl->add(new Zend_Acl_Resource('console'), 'root');
     $acl->add(new Zend_Acl_Resource('console:stats'), 'console');
     /* Resources for admin module */
     $acl->add(new Zend_Acl_Resource('admin'), 'root');
     $acl->add(new Zend_Acl_Resource('admin:advanced'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:auth'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:avatar'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:backup'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:bookmarklet'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:design'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:home'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:index'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:pages'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:page'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:password'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:post'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:postemail'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:preferences'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:profile'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:recover'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:register'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:services'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:sns'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:share'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:story'), 'admin');
     $acl->add(new Zend_Acl_Resource('admin:widgets'), 'admin');
     /* Resources for widgets */
     $acl->add(new Zend_Acl_Resource('widgets'), 'root');
     $acl->add(new Zend_Acl_Resource('widgets:archives'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:bio'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:custom'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:lastcomments'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:links'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:logo'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:music'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:rsslink'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:search'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:tags'), 'widgets');
     $acl->add(new Zend_Acl_Resource('widgets:membersgfc'), 'widgets');
     /* Resources for pages */
     $acl->add(new Zend_Acl_Resource('pages'), 'root');
     $acl->add(new Zend_Acl_Resource('pages:custom'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:dashboard'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:link'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:lifestream'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:nopage'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:pictures'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:stories'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:videos'), 'pages');
     $acl->add(new Zend_Acl_Resource('pages:map'), 'pages');
     /* Resources for dialogs */
     $acl->add(new Zend_Acl_Resource('dialogs'), 'root');
     $acl->add(new Zend_Acl_Resource('dialogs:customrss'), 'dialogs');
     /* Deny everything to everyone*/
     $acl->deny(null);
     /* Permissions for admins */
     $acl->allow('admin', 'console');
     /* Permissions for members */
     $acl->allow('member', 'public');
     $acl->allow('member', 'admin');
     $acl->allow('member', 'widgets');
     $acl->allow('member', 'pages');
     /* Permissions for guests */
     $acl->allow('guest', 'public:comments', array('index', 'form', 'add'));
     $acl->allow('guest', 'public:embed');
     $acl->allow('guest', 'public:error');
     $acl->allow('guest', 'public:file');
     $acl->allow('guest', 'public:home');
     $acl->allow('guest', 'public:index');
     $acl->allow('guest', 'public:shorturl');
     $acl->allow('guest', 'public:story', array('view', 'map'));
     $acl->allow('guest', 'public:storymap', array('view'));
     $acl->allow('guest', 'public:mappage');
     $acl->allow('guest', 'public:timeline', array('archive', 'search', 'rss', 'selection', 'view', 'tag', 'type', 'slide', 'image'));
     $acl->allow('guest', 'pages:custom', array('index'));
     $acl->allow('guest', 'pages:dashboard', array('index'));
     $acl->allow('guest', 'pages:lifestream', array('index'));
     $acl->allow('guest', 'pages:link', array('index'));
     $acl->allow('guest', 'pages:nopage', array('index'));
     $acl->allow('guest', 'pages:pictures', array('index'));
     $acl->allow('guest', 'pages:stories', array('index'));
     $acl->allow('guest', 'pages:videos', array('index'));
     $acl->allow('guest', 'pages:map', array('index'));
     $acl->allow('guest', 'widgets:archives', array('index'));
     $acl->allow('guest', 'widgets:bio', array('index'));
     $acl->allow('guest', 'widgets:custom', array('index'));
     $acl->allow('guest', 'widgets:lastcomments', array('index'));
     $acl->allow('guest', 'widgets:links', array('index'));
     $acl->allow('guest', 'widgets:logo', array('index'));
     $acl->allow('guest', 'widgets:music', array('index'));
     $acl->allow('guest', 'widgets:rsslink', array('index'));
     $acl->allow('guest', 'widgets:search', array('index'));
     $acl->allow('guest', 'widgets:tags', array('index'));
     $acl->allow('guest', 'widgets:membersgfc', array('index'));
     $acl->allow('guest', 'admin:index');
     $acl->allow('guest', 'admin:auth');
     $acl->allow('guest', 'admin:home');
     $acl->allow('guest', 'admin:page');
     $acl->allow('guest', 'admin:register');
     $acl->allow('guest', 'admin:recover');
     self::$frontController->registerPlugin(new Stuffpress_Controller_Plugin_Acl($acl, $application->role));
 }