/**
* lógica para crear una aplicación con roles de usuarios
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
//creamos la instancia de acl para crear los roles
$acl = new Phalcon\Acl\Adapter\Memory();
//por defecto la acción será denegar el acceso a cualquier zona
$acl->setDefaultAction(Phalcon\Acl::DENY);
//----------------------------ROLES-----------------------------------
//registramos los roles que deseamos tener en nuestra aplicación****
$listaRoles = Rol::find();
foreach ($listaRoles as $rol) {
$acl->addRole(new \Phalcon\Acl\Role($rol->rol_nombre));
//Recupero todas las paginas de cada rol
$query = $this->modelsManager->createQuery("SELECT pagina.* FROM Acceso AS acceso,Pagina AS pagina,Rol AS rol WHERE rol.rol_id=" . $rol->rol_id . " and rol.rol_id=acceso.rol_id and acceso.pagina_id=pagina.pagina_id");
$listaPaginasPorRol = $query->execute();
foreach ($listaPaginasPorRol as $pagina) {
$acl->addResource(new Resource($pagina->pagina_nombreControlador), $pagina->pagina_nombreAccion);
$acl->allow($rol->rol_nombre, $pagina->pagina_nombreControlador, $pagina->pagina_nombreAccion);
}
}
//El acl queda almacenado en sesión
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Public area resources
$publicResources = array('index' => array('*'), 'admin' => array('login'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
//Creamos la instancia de ACL para crear los roles
$acl = new Phalcon\Acl\Adapter\Memory();
//Por defecto sera negar el acceso a cualquier zona
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Registramos los roles que deseamos tener en nuestra aplicacion
$roles = array('admin' => new Phalcon\Acl\Role('Admin'), 'registered' => new Phalcon\Acl\Role('Registered'), 'guest' => new Phalcon\Acl\Role('Guest'));
//Añadimos los roles al acl
foreach ($roles as $role) {
$acl->addRole($role);
}
//Zonas accesibles solo para el rol admin
//$adminAreas = array('admin' => array('index', 'save')
$adminAreas = array('admin' => array('tipo', 'get'));
//Añadimos las zonas de administrador a los recursos de la aplicación
foreach ($adminAreas as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Zonas protegidas sólo para usuarios registrados de la aplicación
$registeredAreas = array('dashboard' => array('index'), 'profile' => array('index', 'edit'));
//Añadimos las zonas para usuarios registrados a los recursos de la aplicación
foreach ($registeredAreas as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Zonas públicas de la aplicación
$publicAreas = array('index' => array('index', 'register', 'login', 'end'));
//Añadimos las zonas públicas a los recursos de la aplicación
foreach ($publicAreas as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Damos acceso a todos los usuarios a las zonas públicas de la aplicación
foreach ($roles as $role) {
foreach ($publicAreas as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//damos acceso a la zona de admins solo a rol Admin
foreach ($adminAreas as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Admin', $resource, $action);
}
}
//damos acceso a las zonas de registro tanto a los usuarios registrados como al admin
foreach ($registeredAreas as $resource => $actions) {
//damos acceso a los registrados
foreach ($actions as $action) {
$acl->allow('Registered', $resource, $action);
}
//damos acceso al admin
foreach ($actions as $action) {
$acl->allow('Admin', $resource, $action);
}
}
//El acl queda almacenado en sesión
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = ['admin' => new Phalcon\Acl\Role('admin'), 'dispatcher' => new Phalcon\Acl\Role('dispatcher'), 'handler' => new Phalcon\Acl\Role('handler'), 'assessor' => new Phalcon\Acl\Role('assessor')];
foreach ($roles as $role) {
$acl->addRole($role);
}
//All resources
$resources = ['admin' => ['*'], 'assessor' => ['*'], 'common' => ['*'], 'dispatcher' => ['*'], 'handler' => ['*']];
foreach ($resources as $controller => $actions) {
//Resource类对应某个Controller
$acl->addResource(new Phalcon\Acl\Resource($controller), $actions);
}
//Grant access to users
$acl->allow('admin', 'admin', '*');
$acl->allow('assessor', 'assessor', '*');
$acl->allow('dispatcher', 'dispatcher', '*');
$acl->allow('handler', 'handler', '*');
foreach ($roles as $role) {
$acl->allow($role->getName(), 'common', '*');
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function testIssues1513()
{
try {
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$acl->addRole(new \Phalcon\Acl\Role('11'));
$acl->addResource(new \Phalcon\Acl\Resource('11'), array('index'));
$this->assertTrue(TRUE);
} catch (Exception $e) {
$this->assertTrue(FALSE);
}
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
$private = array('comments' => array('index', 'edit', 'delete', 'save'), 'posts' => array('new', 'edit', 'save', 'create', 'delete'), 'users' => array('search', 'new', 'edit', 'save', 'create', 'delete', 'logout'));
foreach ($private as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
$public = array('index' => array('index'), 'posts' => array('index', 'search', 'show', 'comment', 'feed'), 'users' => array('login', 'index'), 'js' => array('jquery'));
foreach ($public as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($roles as $role) {
foreach ($public as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
foreach ($private as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public static function getInstanceAccess()
{
if (!static::$_INSTANCE_ACCESS) {
$access = new \Phalcon\Acl\Adapter\Memory();
$access->setDefaultAction(\Phalcon\Acl::DENY);
foreach (json_decode(file_get_contents(sprintf('%s/access.json', ROOT_PATH))) as $rule) {
$access->addRole(new \Phalcon\Acl\Role($rule->role));
foreach ($rule->resources as $resource) {
$access->addResource(new \Phalcon\Acl\Resource($resource->name), $resource->list);
foreach ($resource->list as $item) {
$access->allow($rule->role, $resource->name, $item);
}
}
}
static::$_INSTANCE_ACCESS = $access;
}
return static::$_INSTANCE_ACCESS;
}
protected function _getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = [self::GUEST => new \Phalcon\Acl\Role(self::GUEST), self::USER => new \Phalcon\Acl\Role(self::USER), self::ADMIN => new \Phalcon\Acl\Role(self::ADMIN)];
foreach ($roles as $role) {
$acl->addRole($role);
}
// public resources
foreach ($this->_publicResources as $resource => $action) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
}
// overons resources
foreach ($this->_userResources as $resource => $action) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
}
// admin resources
foreach ($this->_adminResources as $resource => $action) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
}
// Allow all roles to access the public Resources
foreach ($roles as $role) {
foreach ($this->_publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
// Allow User and Admin to access the overons Resources
foreach ($this->_userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(self::USER, $resource, $action);
$acl->allow(self::ADMIN, $resource, $action);
}
}
// allow Admin to access the admin Resources
foreach ($this->_adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(self::ADMIN, $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
///
$roles = array('customer' => new Phalcon\Acl\Role('customer'), 'guests' => new Phalcon\Acl\Role('Guests'), 'admin' => new Phalcon\Acl\Role('admin'));
foreach ($roles as $role) {
$acl->addRole($role);
}
////
$privateResources = array('operate' => array('index', 'addnews', 'add'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
////
$userResources = array('personal' => array('index', 'detail', 'loan'));
foreach ($userResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
/////
$publicResources = array('index' => array('index', 'verifycode', 'getdata'), 'news' => array('index'), 'about' => array('index', 'contact', 'culture'), 'service' => array('index', 'method', 'mode'), 'situation' => array('index'), 'college' => array('index', 'case', 'test'), 'account' => array('verify', 'register'), 'session' => array('index', 'start', 'end'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
foreach ($userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('customer', $resource, $action);
}
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('admin', $resource, $action);
}
}
//
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
//if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$rol = Role::find(array("cache" => array("key" => "role")));
foreach ($rol as $ros) {
$roles[strtolower($ros->name)] = new Phalcon\Acl\Role($ros->name);
}
foreach ($roles as $role) {
$acl->addRole($role);
}
foreach (Action::find(array("cache" => array("key" => "action"))) as $actions) {
$acl->addResource(new Phalcon\Acl\Resource($actions->controller->name), $actions->name);
}
//Grant access to public areas to both users and guests
foreach ($rol as $role) {
foreach ($role->action as $action) {
$roledann[$role->name][$action->controller->name][] = $action->name;
}
}
// print_r($roledann);
foreach ($roledann as $keys => $dann) {
foreach ($dann as $key => $dan) {
$acl->allow($keys, $key, $dan);
}
}
//The acl is stored in session, APC would be useful here too
//$this->persistent->acl = $acl;
// }
//return $this->persistent->acl;
return $acl;
}
/**
* @param Event $event
* @param Dispatcher $dispatcher
* @return boolean
*/
public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
{
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//var_dump($acl->getRoles());exit;
$controllerName = $dispatcher->getControllerName();
$actionName = $dispatcher->getActionName();
$url = "{$controllerName}/{$actionName}";
$session = $this->session;
if ($this->canAccess($session, $controllerName, $actionName)) {
file_put_contents('a2.txt', $url, FILE_APPEND);
return true;
} else {
$url = "{$controllerName}/{$actionName}";
file_put_contents('a1.txt', $url, FILE_APPEND);
$dispatcher->forward(array('controller' => 'mainBoard', 'action' => 'lock'));
return false;
}
}
protected function _getAcl()
{
if (!$this->acl) {
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PUBLIC));
$acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PRIVATE));
// Allow All Roles to access the Public resources
foreach ($this->publicEndpoints as $endpoint) {
$acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint);
$acl->allow(self::ROLE_PUBLIC, self::RESOURCE_API, $endpoint);
$acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint);
}
foreach ($this->privateEndpoints as $endpoint) {
$acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint);
$acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint);
}
$this->acl = $acl;
}
return $this->acl;
}
private function _getAcl()
{
$this->persistent->destroy();
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array(Core_UserCenter_Enum::ADMIN => new Phalcon\Acl\Role(Core_UserCenter_Enum::ADMIN), Core_UserCenter_Enum::USERS => new Phalcon\Acl\Role(Core_UserCenter_Enum::USERS), Core_UserCenter_Enum::GUESTS => new Phalcon\Acl\Role(Core_UserCenter_Enum::GUESTS));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('xadmin' => array('index'), 'stock' => array('manage'), 'auth' => array('logout'), 'pupil' => array('add'), 'config' => array('edit'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('auth' => array('login', 'switch'), 'index' => array('index'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('*', $resource, $action);
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(Core_UserCenter_Enum::USERS, $resource, $action);
$acl->allow(Core_UserCenter_Enum::ADMIN, $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('Common' => new Phalcon\Acl\Role('Common'), 'Person' => new Phalcon\Acl\Role('Person'), 'Company' => new Phalcon\Acl\Role('Company'), 'Guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail'));
//Grant resources to role users
$privateACL = array('Common' => array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest')), 'Person' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')), 'Company' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('user' => array('index', 'register', 'login', 'loginSubmit', 'registerSubmit', 'loginout', 'applyInvest', 'applyPerson', 'applyPersonSubmit', 'applyCompany', 'applyCompanySubmit', 'applyTest', 'imgVerity', 'img_verity'), 'index' => array('index'), 'file' => array('upload'), 'invest' => array('index', 'pjCenter'), 'raise_funds' => array('index'), 'raise_product' => array('index', 'pdShow'), 'user_raise_basic' => array('ajaxGetType'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
//Grant acess to private area to role Users
foreach ($privateACL as $roleUser => $privateResources) {
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($roleUser, $resource, $action);
}
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Creates ACL (Access Control List) if not already created
*/
public function getACL($isRefresh)
{
if ($isRefresh || !isset($this->persistent->acl)) {
//not yet created, make it
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//register roles
$roles = array('guests' => new Phalcon\Acl\Role('Guests'), 'users' => new Phalcon\Acl\Role('Users'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources (the controller then actions)
$privateResources = array('profile' => array('index', 'other'), 'session' => array('logout'), 'creategoal' => array('index'), 'goal' => array('create', 'browse', 'view', 'edit'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'session' => array('login', 'register', 'logout', 'sendconf', 'completeReg'), 'admin' => array('index', 'updateAcl'), 'test' => array('index'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area only to those logged in
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//store new ACL
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
/*
* Buscar ACL en cache
*/
// $acl = $this->cache->get('acl-cache');
// if (!$acl) {
// No existe, crear objeto ACL
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
// $acl = $this->acl;
$userroles = Role::find();
$modelManager = Phalcon\DI::getDefault()->get('modelsManager');
$sql = "SELECT Resource.name AS resource, Action.name AS action \n FROM Action\n JOIN Resource ON (Action.idResource = Resource.idResource)";
$results = $modelManager->executeQuery($sql);
$userandroles = $modelManager->executeQuery('SELECT Role.name AS rolename, Resource.name AS resname, Action.name AS actname
FROM Allowed
JOIN Role ON (Role.idRole = Allowed.idRole)
JOIN Action ON (Action.idAction = Allowed.idAction)
JOIN Resource ON (Action.idResource = Resource.idResource)');
//Registrando roles
foreach ($userroles as $role) {
$acl->addRole(new Phalcon\Acl\Role($role->name));
}
//Registrando recursos
$resources = array();
foreach ($results as $key) {
if (!isset($resources[$key['resource']])) {
$resources[$key['resource']] = array($key['action']);
}
$resources[$key['resource']][] = $key['action'];
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Relacionando roles y recursos desde la base de datos
foreach ($userandroles as $role) {
$acl->allow($role->rolename, $role->resname, $role->actname);
}
// $this->cache->save('acl-cache', $acl);
// }
// Retornar ACL
$this->_dependencyInjector->set('acl', $acl);
return $acl;
}
private function initAcl()
{
if (empty($this->acl)) {
// Создаем ACL
$acl = new \Phalcon\Acl\Adapter\Memory();
// Действием по умолчанию будет запрет
$acl->setDefaultAction(\Phalcon\Acl::DENY);
// Регистрируем две роли. Users - это зарегистрированные пользователи,
// а Guests - неидентифициорованные посетители.
$roles = array('users' => new \Phalcon\Acl\Role('users'), 'guests' => new \Phalcon\Acl\Role('guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
// Приватные ресурсы (бакенд)
$privateResources = ['user' => ['index', 'profile'], 'clan' => ['index']];
// Публичные ресурсы (фронтенд)
$publicResources = array('index' => ['index'], 'session' => ['index', 'start', 'end'], 'user' => ['register']);
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
// Предоставляем пользователям и гостям доступ к публичным ресурсам
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
// Доступ к приватным ресурсам предоставляем только пользователям
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('users', $resource, $action);
}
}
$this->acl = $acl;
}
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('dashboard' => array('index'), 'agenda' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index', 'login', 'logout'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!$this->_acl) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('news' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'post' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'inter' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'comment' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'insertion' => array('index', 'profile'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'), 'article' => array('index', 'show'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->_acl = $acl;
}
return $this->_acl;
}
public function getACL()
{
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role("Administrators", "Super-User role"), 'guests' => new Phalcon\Acl\Role("Guests"));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources // Define the "NiuUsrInfo" resource //$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
$privateResources = array('NiuUsrInfo' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
// Add "NiuUsrInfo" resource with a couple of operations // $acl->addResource($customersResource, array("search", "update", "create"));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Set access level for roles into resources $acl->allow("Guests", "NiuUsrInfo", "search"); $acl->deny("Guests", "NiuUsrInfo", "create");
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
}
private function _getAcl()
{
//используется только при дебаге, чтобы всегда ACL был новый
$this->persistent->destroy();
if (!isset($this->persistent->acl)) {
$userEnum = Core_UserCenter_Enum::getInstance();
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Регистрация роллей из Core_UserCenter_Enum
foreach ($userEnum->getAll() as $name => $value) {
$acl->addRole($name);
}
//Public area resources
$publicResources = ['test' => ['index'], 'auth' => ['login']];
$privateResources = ['test' => ['bla', 'getlist'], 'index' => ['index'], 'auth' => ['logout']];
foreach (array_merge_recursive($privateResources, $publicResources) as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('*', $resource, $action);
}
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($userEnum->getName($userEnum::ADMIN), $resource, $action);
}
}
//Разрешаем для группы ADMIN ВЕЗДЕ доступ
$acl->allow($userEnum->getName($userEnum::ADMIN), '*', '*');
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
// Create the ACL
$acl = new Phalcon\Acl\Adapter\Memory();
// The default action is DENY access
$acl->setDefaultAction(Phalcon\Acl::DENY);
// Register roles
$roles = array('admin' => new Phalcon\Acl\Role('admin'), 'user' => new Phalcon\Acl\Role('user'));
// Adding Roles to the ACL
foreach ($roles as $role) {
$acl->addRole($role);
}
// Adding Resources (controllers/actions)
// resources allowed for all groups
$publicResources = array('index' => array('index', 'notFound', 'forbidden', 'internalServerError'), 'user' => array('myProfile', 'changePassword'), 'country' => array('index', 'add', 'edit', 'delete'), 'area' => array('index', 'add', 'wfs'));
$privateResources = array('user' => array('index', 'add', 'edit', 'delete', 'resetPassword'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
// Defining Access Controls
// Grant access to public areas to all roles
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Grant access to private area only to certain roles
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($roles['admin']->getName(), $resource, $action);
}
}
return $acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
/* update values here */
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$roles = array("GUEST" => new Acl\Role("GUEST"), "USER" => new Acl\Role("USER"), "COORDINATOR" => new Acl\Role("COORDINATOR"), "ADMIN" => new Acl\Role("ADMIN"));
foreach ($roles as $key => $role) {
switch ($key) {
case "GUEST":
$acl->addRole($role);
break;
case "USER":
$acl->addRole($role, $roles['GUEST']);
break;
case "COORDINATOR":
$acl->addRole($role, $roles['USER']);
break;
case "ADMIN":
$acl->addRole($role, $roles['COORDINATOR']);
break;
}
}
//Resources of admin (cms)
$adminResources = array("config" => array('index', "saveorder"), "tags" => array("delete"), "user" => array("deleteuser", "newuser", "index", "saveuser", "edit", "inactive"), "sections" => array("index", "home", "feedpost", "updatesection", "orderpostsections"), "category" => array("index", "new", "edit", "delete", "validatecategory"));
foreach ($adminResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$coordinatorResources = array("index" => array("index"), "course" => array("index", "new", "delete", "validateurl", "uploadimage", "save", "edit", "inactive", "update"), "instructor" => array("index", "new", "delete", "uploadfile", "save", "edit", "inactive", "update", "view"));
foreach ($coordinatorResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$userResources = array("index" => array("index"), "user" => array('index', "profile", "updateuser", "updatepassword", "updateuserimage", "uploadimage", "socialmedia", "validateemail", "validateusername", "editnote"));
foreach ($userResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$publicResources = array("login" => array('index', "logout", "session"));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("GUEST", $resource, $action);
}
}
foreach ($userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("USER", $resource, $action);
$acl->allow("COORDINATOR", $resource, $action);
$acl->allow("ADMIN", $resource, $action);
$acl->deny("USER", "login", "index");
}
}
foreach ($coordinatorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("COORDINATOR", $resource, $action);
$acl->allow("ADMIN", $resource, $action);
$acl->deny("COORDINATOR", "login", "index");
}
}
//Grant acess to adminResources area to role ADMIN
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("ADMIN", $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
$di->setShared('sfunc', function () {
return new FunctionPlugin();
});
$di->setShared('totp', function () {
$totp = new Rych\OTP\TOTP(Rych\OTP\Seed::generate(32));
return $totp;
});
$di['oauth'] = function () {
$oauth = new Cucu\Phalcon\Oauth2\Plugin\OauthPlugin();
$oauth->initAuthorizationServer();
$oauth->initResourceServer();
$oauth->enableAllGrants();
return $oauth;
};
$di['acl'] = function () {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
// Create some roles
//$roleAdmins = new Phalcon\Acl\Role("Administrators", "Super-User role");
$roleGuests = new Phalcon\Acl\Role("Guests");
// Add "Guests" role to ACL
$acl->addRole($roleGuests);
// Define the "NiuUsrInfo" resource
$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
// Add "NiuUsrInfo" resource with a couple of operations
$acl->addResource($customersResource, array("search", "update", "create"));
// Set access level for roles into resources
$acl->allow("Guests", "NiuUsrInfo", "search");
$acl->deny("Guests", "NiuUsrInfo", "create");
$acl->allow("Guests", "NiuUsrInfo", "update");
return $acl;
<?php
//Create an event manager
$eventsManager = new Phalcon\Events\Manager();
//Attach a listener for type "acl"
$eventsManager->attach("acl", function ($event, $acl) {
if ($event->getType() == 'beforeCheckAccess') {
echo $acl->getActiveRole(), $acl->getActiveResource(), $acl->getActiveAccess();
}
});
$acl = new \Phalcon\Acl\Adapter\Memory();
//Setup the $acl
//...
//Bind the eventsManager to the acl component
$acl->setEventsManager($eventManagers);
<?php
//Create the ACL
$acl = new Phalcon\Acl\Adapter\Memory();
//The default action is DENY access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register two roles, Users is registered users
//and guests are users without a defined identity
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
});
$path = new \stdClass();
$path->path = $config->general->path;
$path->tmpfolder = $config->general->tmp;
$di->set('path', $path);
$di->set('hash', function () {
$hash = new \Phalcon\Security();
//Set the password hashing factor to 12 rounds
$hash->setWorkFactor(12);
return $hash;
}, true);
$di->set('cache', function () use($config) {
$frontCache = new \Phalcon\Cache\Frontend\Data(array("lifetime" => 172800));
if (class_exists('Memcache')) {
$cache = new \Phalcon\Cache\Backend\Memcache($frontCache, array("host" => "localhost", "port" => "11211"));
} else {
$cache = new \Phalcon\Cache\Backend\File($frontCache, array("cacheDir" => $config->cache->acldir));
}
return $cache;
});
$di->set('acl', function () {
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
return $acl;
});
//Handle the request
$application = new \Phalcon\Mvc\Application($di);
echo $application->handle()->getContent();
} catch (\Phalcon\Exception $e) {
echo "PhalconException: ", $e->getMessage();
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('admin' => new Phalcon\Acl\Role("M"), 'leader' => new Phalcon\Acl\Role("L"), 'pm' => new Phalcon\Acl\Role('P'), 'examinee' => new Phalcon\Acl\Role("E"), 'interviewer' => new Phalcon\Acl\Role("I"), 'guests' => new Phalcon\Acl\Role('G'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//manager area resources
$privateResources = array('admin' => array('index'), 'examinee' => array('index'), 'interviewer' => array('index'), 'leader' => array('index'), 'pm' => array('index'), 'test' => array('index'));
//Public area resources
$publicResources = array('managerlogin' => array('index', 'login', 'logout'), 'examinee' => array('login'), 'index' => array('index'), 'test' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
$acl->allow('M', 'admin', '*');
$acl->allow('E', 'examinee', '*');
$acl->allow('P', 'pm', '*');
$acl->allow('L', 'leader', '*');
$acl->allow('I', 'interviewer', '*');
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function testOptionsWithAcl()
{
$I = $this->tester;
$_SERVER['REQUEST_METHOD'] = 'OPTIONS';
$resource = new \Phalcon\Acl\Resource('/foo');
$role = new \Phalcon\Acl\Role('foo');
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$acl->addResource($resource, []);
$acl->addRole($role);
$acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']);
$acl->allow($role->getName(), $resource->getName(), 'GET');
$acl->allow($role->getName(), $resource->getName(), 'POST');
$acl->isAllowed($role->getName(), $resource->getName(), 'GET');
$app = Rest\App::instance();
$app->setService('acl', $acl, true);
$controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']);
$controller->setDI($app->getDI());
$resp = $controller->handle();
$actual = $resp->getHeaders()->get('Allow');
$I->assertEquals('GET', $actual);
}
