public function preDispatch(Zend_Controller_Request_Abstract $request) { $this->_initAcl(); if ($this->_auth->hasIdentity()) { $ident = $this->_auth->getIdentity(); $date = new Zend_Date(); $ident->last_login = $date->get(DATABASE_DATE_FORMAT); $ident->save(); } if ($request->getControllerName() != 'admin' && $request->getModuleName() != 'admin') { return; } // if this is not admin skip the rest if (!$this->_auth->hasIdentity() && !($request->getControllerName() == 'auth' && $request->getActionName() == 'login' && $request->getModuleName() == 'admin')) { $redirect = new Zend_Controller_Action_Helper_Redirector(); $redirect->gotoSimple('login', 'auth', 'admin'); } if ($request->getModuleName() == 'user' && $request->getControllerName() == 'admin' && $request->getActionName() == 'profile') { return; } // the profile is a free resource $resource = $request->getModuleName() . '_' . $request->getControllerName(); $hasResource = $this->_acl->has($resource); if ($hasResource && !$this->_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $request->getActionName())) { throw new FansubCMS_Exception_Denied('The user is not allowd to do this'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if ('company' == $request->getControllerName()) { $tsn = $request->tsn ? $request->tsn : $_COOKIE['tsn']; if ($tsn) { $token = Token::create($tsn); $token->update_sync_time(); } else { $token = Token::create_abstract('123'); } if ($token->is_logined() == true) { if ($token->is_expire()) { $token->destroy(); include_once LIB_PATH . '/view_helper/BuildUrl.php'; $url_builder = new Zend_View_Helper_BuildUrl(); $referer = SearchFilter::slashes($url_builder->buildUrl($request->getActionName(), $request->getControllerName(), $request->getModuleName())); $login_url = $url_builder->buildUrl('login', 'auth', 'index', array('redirect' => $referer)); $redirector = new Zend_Controller_Action_Helper_Redirector(); $redirector->gotoUrl($login_url); return; } $token->register(); } else { if ('auth' != $request->getActionName()) { $token->destroy(); $request->setModuleName('index'); $request->setControllerName('auth'); $request->setActionName('login'); } } } }
protected function _checkSkipAcl(Zend_Controller_Request_Abstract $request, $type) { // verificação de requisicao - Caso ajax, verifica se a action é delete, senao, SKIP nele. if ($request->isXmlHttpRequest() && !in_array($request->getActionName(), $this->_arrAjaxNotSkip)) { return TRUE; } $configs = Zend_Registry::get('configs'); $skip = $configs['security']['skip'][$type]; $result = FALSE; $result = in_array($request->getActionName(), $skip); foreach ($skip as $routers) { $route = explode('/', $routers); switch (count($route)) { case 1: // action $result = in_array($request->getActionName(), $skip); break; case 2: // controller/action $result = in_array($request->getControllerName() . '/' . $request->getActionName(), $skip); break; case 3: // module/controller/action $result = in_array($request->getModuleName() . '/' . $request->getControllerName() . '/' . $request->getActionName(), $skip); break; } if ($result) { return TRUE; } } return $result; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $storage = new Zend_Auth_Storage_Session(); $data = $storage->read(); $role = $data['emprole']; if ($role == 1) { $role = 'admin'; } $request->getModuleName(); $request->getControllerName(); $request->getActionName(); $module = $request->getModuleName(); $resource = $request->getControllerName(); $privilege = $request->getActionName(); $this->id_param = $request->getParam('id'); $allowed = false; $acl = $this->_getAcl(); $moduleResource = "{$module}:{$resource}"; if ($resource == 'profile') { $role = 'viewer'; } if ($resource == 'services') { $role = 'services'; } if ($role != '') { if ($acl->has($moduleResource)) { $allowed = $acl->isAllowed($role, $moduleResource, $privilege); } if (!$allowed) { $request->setControllerName('error'); $request->setActionName('error'); } } }
/** * checks if actual role has access for this request * * @param \Zend_Controller_Request_Abstract $request */ public function preDispatch(\Zend_Controller_Request_Abstract $request) { $accessManager = AccessManager::singleton(); if ($this->isGroupCheckEnabled()) { $resource = strtolower($request->getControllerName()); $privilege = strtolower($request->getActionName()); if (!$accessManager->isAllowed($resource, $privilege)) { if ($accessManager->hasIdentityRoleGuest($accessManager->getIdentityAsArray(), true)) { \Cms\ExceptionStack::addException(new \Cms\Exception(5)); } else { \Cms\ExceptionStack::addException(new \Cms\Exception(4, __METHOD__, __LINE__, array('resource' => $resource, 'privilege' => $request->getActionName()))); } } } /** * Sind Fehler aufgetreten, so muss hier explizit auf den Error-Controller * verwiesen werden. * Da wir im preDespatch sind greift unsere normale Weiterleitung auf den * Error-Controller bei nicht gefangenen Exception noch nicht. */ if (count(\Cms\ExceptionStack::getExceptions()) > 0) { $request->setControllerName('Error'); $request->setActionName('error'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $controller = ""; $action = ""; $module = ""; /* if($request->getControllerName() == "index" ){ $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); } else if ( !$this->_auth->hasIdentity() ) { }*/ if (!$this->_isAuthorized($request->getControllerName(), $request->getActionName())) { if (!$this->_auth->hasIdentity()) { if (!in_array($request->getControllerName(), $this->_moRedirect) && !Application_Model_Redirect::hasRequestUri()) { Application_Model_Redirect::saveRequestUri("/" . $request->getControllerName() . "/" . $request->getActionName()); } $controller = $this->_notLoggedRoute['controller']; $action = $this->_notLoggedRoute['action']; $module = $this->_notLoggedRoute['module']; } else { $controller = $this->_forbiddenRoute['controller']; $action = $this->_forbiddenRoute['action']; $module = $this->_forbiddenRoute['module']; } } else { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); } $request->setControllerName($controller); $request->setActionName($action); $request->setModuleName($module); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $table = $request->getParam('table'); $acl = $this->_getAcl(); $identity = Zend_Auth::getInstance()->getIdentity(); $role = 'Todos'; $resource = strtolower($request->getModuleName()); $controller = $request->getControllerName(); $privilege = $controller . self::RESOURCE_SEPARATOR . $request->getActionName(); if (isset($identity->role)) { $role = $identity->role; } if (!$acl->isAllowed($role, $resource, $privilege)) { if ($controller == 'scaffold' && $table) { $privilege = $table . self::RESOURCE_SEPARATOR . $request->getActionName(); if ($acl->isAllowed($role, $resource, $privilege)) { return true; } } if (isset($identity->role)) { $request->setModuleName('default')->setControllerName('error')->setActionName('access'); return false; } $request->setModuleName('auth')->setControllerName('index')->setActionName('index'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $loginController = 'authentication'; $loginAction = 'login'; $auth = Zend_Auth::getInstance(); // If user is not logged in and is not requesting login page // - redirect to login page. if (!$auth->hasIdentity() && $request->getControllerName() != $loginController && $request->getActionName() != $loginAction) { $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoSimpleAndExit($loginAction, $loginController); } // User is logged in or on login page. if ($auth->hasIdentity()) { // Is logged in // Let's check the credential $acl = new Tynex_Models_TynexAcl(); $identity = $auth->getIdentity(); // role is a column in the user table (database) $isAllowed = $acl->isAllowed($identity->role, $request->getControllerName(), $request->getActionName()); if (!$isAllowed) { $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoUrlAndExit('/'); } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if (!in_array($request->getModuleName(), array('qg', 'painel'))) { return; } $controller = ""; $action = ""; $module = ""; if (!$this->_auth->hasIdentity()) { $controller = $this->_notLoggedRoute['controller']; $action = $this->_notLoggedRoute['action']; $module = $request->getModuleName(); } else { if (!$this->_isAuthorized($request->getModuleName(), $request->getControllerName(), $request->getActionName())) { $controller = $this->_forbiddenRoute['controller']; $action = $this->_forbiddenRoute['action']; $module = $request->getModuleName(); } else { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); } } $request->setControllerName($controller); $request->setActionName($action); $request->setModuleName($module); }
/** * checks whether a user needs a login and is loggedin * otherwise redirect to login page * * @return void */ public function preDispatch(Zend_Controller_Request_Abstract $request) { // allways allow silent update (for easy cronjob) if ($request->getControllerName() == 'update' && $request->getActionName() == 'silent') { return; } // show login if ($request->getParam('login', false) !== false) { $request->setControllerName('index'); $request->setActionName('login'); return; } // logout? if ($request->getParam('logout', false) !== false) { Zend_Registry::get('session')->__unset('authenticated'); $request->setControllerName('index'); $request->setActionName('login'); return; } // disallow readonly mode if user has option public not set if (Zend_Registry::get('session')->authenticated === 'readonly' && Zend_Registry::get('session')->public != 1) { Zend_Registry::get('session')->authenticated = false; } // check whether user loggedin or public access allowed if (Zend_Registry::get('session')->authenticated !== true && Zend_Registry::get('session')->authenticated !== 'readonly') { // no login required? $users = new application_models_users(); if (!$users->getUsername()) { Zend_Registry::get('session')->authenticated = true; // public access allowed? start public mode } elseif (Zend_Registry::get('session')->public == 1) { Zend_Registry::get('session')->authenticated = 'readonly'; // unallowed access -> show login window } else { $request->setControllerName('index'); $request->setActionName('login'); return; } } // load default values 4 readonly mode if (Zend_Registry::get('session')->authenticated === 'readonly') { $priorityStart = Zend_Registry::get('session')->priorityStart; $priorityEnd = Zend_Registry::get('session')->priorityEnd; // reset session with default config from config.ini Zend_Registry::get('bootstrap')->resetSession(false); // set priority slider Zend_Registry::get('session')->currentPriorityStart = $priorityStart; Zend_Registry::get('session')->currentPriorityEnd = $priorityEnd; Zend_Registry::get('session')->priorityStart = $priorityStart; Zend_Registry::get('session')->priorityEnd = $priorityEnd; } // don't allow any changings in readonly mode if (Zend_Registry::get('session')->authenticated !== true) { if ($request->getControllerName() != 'error' && $request->getControllerName() != 'index' && $request->getControllerName() != 'patch' && !($request->getControllerName() == 'item' && $request->getActionName() == 'list') && !($request->getControllerName() == 'item' && $request->getActionName() == 'listmore') && !($request->getControllerName() == 'update' && $request->getActionName() == 'silent')) { die('access denied'); } } }
public static function getModulesIdsByRequest(Zend_Controller_Request_Abstract $request) { $map = self::getMapModules(); if (isset($map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()])) { return $map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()]; } else { return false; } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { try { $this->_statusRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack')); $this->_aclRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'), $request->getQuery()); $this->_workflowRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack')); } catch (Saf_Controller_Front_Plugin_RouteRules_Exception $e) { Saf_Debug::out('Enforcing Routing Rule: ' . $e->getMessage()); $request->setModuleName($e->getModuleName()); $request->setControllerName($e->getControllerName()); $request->setActionName($e->getActionName()); $request->setParam('resourceStack', $e->getResourceStack()); } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { $layout = Zend_Layout::getMvcInstance(); $layoutConfig = Zend_Json::decode(file_get_contents(APPLICATION_PATH . '/configs/layout.json'), true); $layoutName = 'layout'; if (isset($layoutConfig[$request->getControllerName()])) { if (is_array($layoutConfig[$request->getControllerName()]) && isset($layoutConfig[$request->getControllerName()][$request->getActionName()])) { $layoutName = $layoutConfig[$request->getControllerName()][$request->getActionName()]; } else { $layoutName = $layoutConfig[$request->getControllerName()]; } } $layout->setLayout('layouts/' . $layoutName); parent::routeShutdown($request); }
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { if ($request->getModuleName() == 'admin') { if (!$this->_auth->hasIdentity()) { if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') { return true; } $this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index/login'); } else { if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') { $this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index'); } } } }
/** * routeShutdown * 在 路由器 完成请求的路由后被调用 * @param Zend_Controller_Request_Abstract $request * @return void */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { /** * 检测请求的Content-type类型 */ $pathinfo = $request->getPathInfo(); if (!empty($pathinfo)) { if ($extension = pathinfo($pathinfo, PATHINFO_EXTENSION)) { if (preg_match('/^[-a-z0-9]+$/i', $extension)) { $request->setParam(static::KEY_EXT, strtolower($extension)); } } } /** * 检测是否支持json响应 */ if ($request->getParam(static::KEY_EXT) == '') { $accept = $request->getServer('HTTP_ACCEPT'); if (!empty($accept)) { if (strpos($accept, 'json') !== false) { $request->setParam(static::KEY_EXT, 'json'); } } } /** * 格式化请求目标信息,不允许[-a-zA-Z0-9]以外的字符 */ $pattern = '/[^-a-zA-Z0-9].*/'; $request->setModuleName(preg_replace($pattern, '', $request->getModuleName())); $request->setControllerName(preg_replace($pattern, '', $request->getControllerName())); $request->setActionName(preg_replace($pattern, '', $request->getActionName())); }
public function postDispatch(Zend_Controller_Request_Abstract $request) { $layout = Zend_Layout::getMvcInstance(); // the name "maintenanceMode" is also referred to in the Admin_MaintenanceController, // so if you change the filename, it needs to be changed there too $maintenanceModeFileName = 'maintenanceMode'; $register = new Ot_Config_Register(); $identity = Zend_Auth::getInstance()->getIdentity(); $role = empty($identity->role) ? $register->defaultRole->getValue() : $identity->role; if (isset($identity->masquerading) && $identity->masquerading == true && isset($identity->realAccount) && !is_null($identity->realAccount) && isset($identity->realAccount->role)) { $role = $identity->realAccount->role; } $acl = Zend_Registry::get('acl'); $view = $layout->getView(); $viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer'); if (is_file(APPLICATION_PATH . '/../overrides/' . $maintenanceModeFileName) && (!$request->isXmlHttpRequest() && !$viewRenderer->getNeverRender())) { if (!$acl->isAllowed($role, 'ot_maintenance', 'index')) { if (!($request->getModuleName() == 'ot' && $request->getControllerName() == 'login' && $request->getActionName() == 'index')) { $response = $this->getResponse(); $layout->disableLayout(); $response->setBody($view->maintenanceMode()->publicLayout()); } } else { $response = $this->getResponse(); // there's no point in setting text here if it's a redirect if ($response->isRedirect()) { $response->setBody(''); } else { $response->setBody($view->maintenanceMode()->header() . $response->getBody()); } } } }
/** * Predispatch method to authenticate user * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { //user only to login for access to admin functions /*if ('admin' != $request->getModuleName()) { return; } if (App_Model_Users::isLoggedIn() && App_Model_Users::isAdmin()) { //user is logged in and allowed to access admin functions return; }*/ if ('admin' == $request->getModuleName()) { return; } /** * User not logged in or not allowed to access admin ... redirect to login. * Note: if user is logged in but not authorised, we redirect to login * to allow user to login as a different user with the right permissions. */ Zend_Session::destroy(true); if ($request->getActionName() != 'logincheck') { $request->setModuleName('default')->setControllerName('login')->setActionName('index'); //->setDispatched(FALSE); header("Location:http://" . $_SERVER['HTTP_HOST'] . "/login/index"); } }
/** * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $options = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getApplication()->getOptions(); $config = new Zend_Config($options); $acl = new My_Acl($config); $role = 'guest'; if (Zend_Auth::getInstance()->hasIdentity()) { $role = 'user'; if (Zend_Auth::getInstance()->hasIdentity()) { return; } else { $login = Zend_Auth::getInstance()->getIdentity(); $user = My_Model::get('Users')->getUserByEmail($login); if ($user->admin == 1) { $role = 'admin'; } } } $controller = $request->getControllerName(); $action = $request->getActionName(); $resource = $controller; $privilege = $action; if (!$acl->has($resource)) { $resource = null; } if (is_null($privilege)) { $privilege = 'index'; } if (!$acl->isAllowed($role, $resource, $privilege)) { // $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); // $flash->addMessage('Access Denied'); $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoSimpleAndExit('login', 'admin'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Zend_Auth::getInstance(); $publicPages = array(); $publicPages['controllers'] = array('login'); $publicPages['actions'] = array(); $controllerName = $request->getControllerName(); if ($auth->hasIdentity() || in_array($controllerName, $publicPages['controllers'])) { return true; } throw new WebVista_App_AuthException('You must be authenticated to access the system.'); $roleId = $auth->getIdentity()->roleId; $acl = WebVista_Acl::getInstance(); if (!$acl->hasRole($roleId)) { $error = "Sorry, the requested user role '" . $roleId . "' does not exist"; } if (!$acl->has($request->getModuleName() . '_' . $request->getControllerName())) { $error = "Sorry, the requested controller '" . $request->getControllerName() . "' does not exist as an ACL resource"; } if (!$acl->isAllowed($roleId, $request->getModuleName() . '_' . $request->getControllerName(), $request->getActionName())) { $error = "Sorry, the page you requested does not exist or you do not have access"; } if (isset($error)) { throw new WebVista_App_AuthException('You must be authenticated to access the system.'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Zend_Auth::getInstance(); $isAllowed = false; $controller = $request->getControllerName(); $action = $request->getActionName(); // Generate the resource name $resourceName = $controller . '/' . $action; // Don't block errors if ($resourceName == 'error/error') { return; } $resources = $this->acl->getResources(); if (!in_array($resourceName, $resources)) { $request->setControllerName('error')->setActionName('error')->setDispatched(true); throw new Zend_Controller_Action_Exception('This page does not exist', 404); return; } // Check if user can access this resource or not $isAllowed = $this->acl->isAllowed(Zend_Registry::get('role'), $resourceName); // Forward user to access denied or login page if this is guest if (!$isAllowed) { if (!Zend_Auth::getInstance()->hasIdentity()) { $forwardAction = 'login'; } else { $forwardAction = 'deny'; } $request->setControllerName('index')->setActionName($forwardAction)->setDispatched(true); } }
protected function _init(Zend_Controller_Request_Abstract $request) { $this->_module = $request->getModuleName(); $this->_controller = $request->getControllerName(); $this->_action = $request->getActionName(); $this->_resource = $this->_module . ':' . $this->_controller; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { //clear session from search session //$this->clearSession(); $session_user = new Zend_Session_Namespace('auth'); $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $url = $module . "/" . $controller . "/" . $action; $_url = ""; //have login if (isset($session_user->arr_acl)) { $arr_acl = $session_user->arr_acl; $valid_action = FALSE; foreach ($arr_acl as $acl) { if ($module == $acl["module"] && $controller == $acl["controller"]) { $valid_action = TRUE; break; } elseif ($module === "rsvAcl" && $controller === "user" && $action === "change-password") { //all user level can change password all $valid_action = TRUE; break; } elseif ($module === "rsvAcl" && $session_user->level === "1") { //user level 1 can access all action in module "rsvAcl" $valid_action = TRUE; break; } } //redirect to homepage if (!$valid_action) { //just open block below if ($url !== "default/index/index" && $url !== "default/error/error" && $url !== "default/index/changepassword" && $url !== "default/index/logout") { $_url = '/'; } $_have = false; foreach ($this->_exception_url as $i => $val) { if ($url === $val) { $_have = true; break; } } if (!$_have) { $_url = '/'; } } else { $_url = $this->rewriteUrl($url); } } else { //no login //redirect to login page if ($url !== "default/index/index") { $_url = "/"; } } if (!empty($_url)) { // echo"url here". $_url;exit(); $_url = "/home"; Application_Form_FrmMessage::redirectUrl($_url); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if ($this->_auth->hasIdentity()) { $role = $this->_auth->role; } else { $role = 'guest'; } $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); if (!$this->_acl->has($module)) { $module = null; } if (!$this->acl->isAllowed($role, $module)) { if (!$this->auth->hasIdentity()) { $controller = $this->_noauth['controller']; $action = $this->_noauth['action']; } else { $controller = $this->_noacl['controller']; $action = $this->_noacl['action']; } } $request->setModuleName($module); $request->setControllerName($controller); $request->setActionName($action); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role(Model_Role::GUEST)); $acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST); $acl->addResource(new Zend_Acl_Resource('admin')); $acl->addResource(new Zend_Acl_Resource('blog')); $acl->addResource(new Zend_Acl_Resource('error')); $acl->addResource(new Zend_Acl_Resource('index')); $acl->allow(Model_Role::GUEST, 'blog'); $acl->allow(Model_Role::GUEST, 'error'); $acl->allow(Model_Role::GUEST, 'index'); $acl->allow(Model_Role::GUEST, 'admin', array('login')); $acl->allow(Model_Role::ADMIN, 'admin'); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $user = new Model_User($auth->getIdentity()); $role = $user->role_id; } else { $role = Model_Role::GUEST; } $resource = $request->getControllerName(); $privilege = $request->getActionName(); if (!$acl->isAllowed($role, $resource, $privilege)) { $this->_request->setControllerName('admin')->setActionName('login'); $this->_response->setRedirect('/admin/login/'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $resource = $request->getActionName(); $privilegio = $request->getControllerName(); $modulo = $request->getModuleName(); $privilegio = $modulo . ':' . $privilegio; $storageObj = $this->_authEngine->getStorage()->read(); $role = 'visitante'; if ($this->_authEngine->hasIdentity()) { $auth = $this->_authEngine->getStorage()->read(); $id = $auth['usuario_id']; $usuarioModel = new Application_Model_Usuario(); $usuario = $usuarioModel->find($id)->current(); $role = $usuario['tipo']; } try { if (!$this->_acl->has($privilegio)) { throw new Zend_Exception('Recurso não encontrado: ' . $privilegio); } if (!$this->_acl->isAllowed($role, $privilegio, $resource)) { $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoUrlAndExit('/error/errorpermission'); } } catch (Zend_Exception $e) { // echo $e->getMessage(); } catch (Zend_Acl_Exception $e) { // echo $e->getMessage(); } }
/** * Hlavni logika ACL * * @param $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $acl = new Zend_Acl(); $identity = $auth->getIdentity(); $acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner'); if ($identity->owner == true) { $inherit = 'owner'; } elseif ($identity->administrator == true) { $inherit = 'admin'; } else { $inherit = 'user'; } $acl->addRole(new Zend_Acl_Role($identity->email), $inherit); $projekt = $request->getParam('projekt'); // Zakladni resource foreach ($this->_resources as $val => $key) { $acl->add(new Zend_Acl_Resource($key)); } // Prava pro zakladni resource $acl->allow('owner'); $acl->deny('admin', 'account'); $acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir')); $acl->deny('user', 'account'); $acl->deny('user', 'project', $this->_create); $acl->deny('user', 'people', $this->_create); $acl->deny('user', 'project', $this->_manage); $acl->deny('user', 'people', $this->_manage); if ($request->id == $identity->iduser) { $acl->allow('user', 'people', $this->_manage); } // Resource pro projektovou podsekci $this->_projectAcl($acl, $identity); Zend_Registry::set('acl', $acl); if ($identity->administrator == 1) { $isAllowed = true; } elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) { $isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName()); } elseif (in_array($request->getControllerName(), $this->_resources)) { $isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName()); } else { $isAllowed = false; } $error = $request->getParam('error_handler'); if (is_null($error)) { if (!$isAllowed) { $module = $this->_noacl['module']; $controller = $this->_noacl['controller']; $action = $this->_noacl['action']; } } $request->setModuleName($module); $request->setControllerName($controller); $request->setActionName($action); } }
/** * @param Zend_Controller_Request_Abstract $oHttpRequest */ public function preDispatch(Zend_Controller_Request_Abstract $oHttpRequest) { $sControllerName = $oHttpRequest->getControllerName(); $sActionName = $oHttpRequest->getActionName(); $aRequestedParams = $oHttpRequest->getUserParams(); $sQuery = ''; unset($aRequestedParams['controller']); unset($aRequestedParams['action']); // Define user role if (Zend_Auth::getInstance()->hasIdentity()) { $aData = Zend_Auth::getInstance()->getStorage()->read(); $sRole = $aData['role']; } else { // Default role $sRole = 'guest'; } // Check access if (!$this->_oAcl->isAllowed($sRole, $sControllerName, $sActionName)) { $oHttpRequest->setParam('referer_controller', $sControllerName); $oHttpRequest->setParam('referer_action', $sActionName); $aParams = array(); if (count($aRequestedParams)) { foreach ($aRequestedParams as $sKey => $sValue) { $aParams[] = $sKey; $aParams[] = $sValue; } $sQuery = implode('/', $aParams) . '/'; } $oHttpRequest->setParam('query', $sQuery); $oHttpRequest->setControllerName('auth')->setActionName('login'); $this->_response->setHttpResponseCode(401); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { // Kiem tra neu chua dang nhap thi bo qua $identity = Digitalus_Auth::getIdentity(); if (!$identity) { return; } //////////////////////////////////////// // $this->_cache = ZendX_Cache_Manager::getInstance(); $this->_cache = Digitalus_Cache_Manager::getInstance(); // La la cac phuong thuc khac get() no se khong lay tu content tu cache ra if (!$request->isGet()) { self::$doNotCache = true; return; } $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $path = $request->getPathInfo(); // co loi o day , xem link de biet cach sua $this->_key = md5($path); $this->_keyTags = array($module, "{$module}_{$controller}", "{$module}_{$controller}_{$action}"); if (false !== ($data = $this->getCache())) { $response = $this->getResponse(); $response->setBody($data['default']); $response->sendResponse(); exit; } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if ($request->isXmlHttpRequest()) { return; } $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $isAllowed = false; if (Zend_Auth::getInstance()->hasIdentity()) { $user = Zend_Auth::getInstance()->getIdentity(); require_once APPLICATION_PATH . '/modules/core/services/Acl.php'; $acl = Core_Services_Acl::getInstance(); if (in_array(strtolower($module . '_' . $controller . '_' . $action), array('default_index_index', 'identity_account_logout'))) { $isAllowed = true; } else { $isAllowed = $acl->isUserOrRoleAllowed($user, $module, $controller, $action); } } if (!$isAllowed) { if (Zend_Auth::getInstance()->hasIdentity()) { $forwardAction = 'deny'; } else { $forwardAction = 'login'; } $sReturn = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $sReturn = base64_encode($sReturn); $request->setModuleName('core')->setControllerName('Auth')->setActionName($forwardAction)->setParam('returnUrl', $sReturn)->setDispatched(true); } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { //starten des Zend_Layouts $layout = Zend_Layout::startMvc(array('layoutPath' => '../application/modules/default/views/layouts')); $contollerName = $request->getControllerName(); $modulName = $request->getModuleName(); if ($contollerName == 'make' and $modulName == 'annotation' or $contollerName == 'browse' and $modulName == 'annotation' and $request->getActionName() != 'index') { $layout->disableLayout(); //setLayout('flexlayout'); } elseif ($modulName == 'service') { $layout->disableLayout(); } elseif ($modulName == 'image' and $contollerName == 'index') { $layout->disableLayout(); } else { $layout->setLayout('layout'); } // der view Voreinstellungen übergeben $view = $layout->getView(); $view->doctype('XHTML1_TRANSITIONAL'); $view->headLink(array('href' => '/styles/index.css', 'rel' => 'stylesheet', 'type' => 'text/css', 'media' => 'screen')); $view->headLink(array('href' => '/images/website/favicon.ico', 'rel' => 'shortcut icon')); $view->headTitle(Zend_Registry::get('APP_NAME')); //??$view->headMeta()->appendName('http-equiv','text/html; charset=utf-8'); // register the MESSAGE key $registry = Zend_Registry::getInstance(); $registry->MESSAGE = ''; }