/**
* Query the ACL if the user is allowed to be dispatched to the resource
*
* @param Zend_Controller_Request_Abstract $request
* @throws Zend_Exception if user is not allowed (handled by error controller)
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$resource = $module . '/' . $controller;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity() === TRUE) {
$user = $auth->getIdentity();
} else {
$user = new App_User();
$user->setRole(Zend_Registry::get('acl_default_role_name'), Zend_Registry::get('acl_default_role_id'));
}
$auth->getStorage()->write($user);
/**
* load acl stuff from cache.
* the acl is created, that it doesnot grab the data from the database again
* so, we should have a little bit of performance here
*/
/*
//FIXME: ACL Caching seems be faulty or its the development process
// After changing rules, ACL doesn't match anymore
// Fix: After Changing roles/rules refresh the ACL Cache Object
$cache = Zend_Registry::get('Cache_Acl');
$acl = $cache->load('acl_object');
IF(!$acl) {
$acl = new App_Acl;
}
*/
$acl = new App_Acl();
// FIXME: remove after above is fixed
$acl->buildResourceRules($module, $controller, $action, $user);
// $cache->save($acl, 'acl_object'); // FIXME: enabled again after above problem is fixed
foreach ($user->getRoles() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
/**
* This part is critical (see todo in class docs)
*
* 1. On XML Requests:
* The setbody just adds information to the body. If an php error occure, the
* setBody just prepend the this error to the php error => the return is an Json/html mixed response, unreadable for Ajax Client
* 2. normal HTTP resposen:
* anonymouse rerouting to login page, no reason or any notification to the user
*/
if ($this->getRequest()->isXmlHttpRequest()) {
$this->getResponse()->setBody(Zend_Json_Encoder::encode(array('success' => FALSE, 'error_message' => 'No Right to execute this action')));
} elseif ($controller !== 'error') {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->gotoSimple('login', 'auth', 'noc');
}
}
/**
* Check if the current user (self::$user) is allowed to
* use the $module/$action
*
* @param string $module
* @param string $action
* @return bool
*/
public function isAllowed($module, $action)
{
$resource = 'webdesktop/' . $module;
// build rules on every call?
$this->acl->buildResourceRules('webdesktop', $module, $action, $this->user, TRUE);
$cache = Zend_Registry::get('Cache_Acl');
$cache->save($this->acl, 'acl_object');
foreach ($this->user->getRoles() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($this->acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
return FALSE;
}
