public function rebuild()
{
$acl = new AclMemory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$profiles = Profiles::find('active = "Y"');
foreach ($profiles as $profile) {
$acl->addRole(new AclRole($profile->name));
}
foreach ($this->privateResource as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
//数据库中查找到profiles表中的角色, 在找对应permissions表中的权限.
foreach ($profiles as $profile) {
foreach ($profile->getPermissions() as $permission) {
$acl->allow($profile->name, $permission->resource, $permission->action);
}
//所有的角色都可以访问 users
$acl->allow($profile->name, 'users', 'changePassword');
}
if (touch(APP_DIR . $this->filePath) && is_writable(APP_DIR . $this->filePath)) {
file_put_contents(APP_DIR . $this->filePath, serialize($acl));
} else {
$this->flash->error('The user does not have write permissions to create the ACL list at ' . APP_DIR . $this->filePath);
}
return $acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
try {
$acl = new Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$acl->addRole('guest');
//add guests role
$acl->addRole('user', 'guest');
//all users and companies get guest permissions
$acl->addRole('admin', 'user');
$resources = (require APPLICATION_PATH . '/config/acl/resources.php');
foreach ($resources as $controller => $actions) {
$acl->addResource($controller, $actions);
}
$permissions = (require APPLICATION_PATH . '/config/acl/permissions.php');
foreach ($permissions as $role => $rules) {
foreach ($rules as $controller => $action) {
$acl->allow($role, $controller, $action);
}
}
//give admins everything
$acl->addRole('admin');
$acl->allow('admin', '*', '*');
$this->persistent->acl = $acl;
} catch (\Exception $e) {
if (APPLICATION_ENV == 'development' || APPLICATION_ENV == 'local_development') {
die($e->getMessage() . "<hr><pre>" . print_r($e->getTraceAsString(), true) . "</pre>");
}
}
}
return $this->persistent->acl;
}
public function aclAction()
{
echo 'this is acl test!<br>';
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// 创建角色
// The first parameter is the name, the second parameter is an optional description.
$roleAdmins = new Role("Administrators");
$roleEditors = new Role("Editors");
// 添加 "Guests" 角色到ACL
$acl->addRole($roleAdmins);
$acl->addRole($roleEditors);
// 添加"Designers"到ACL, 仅使用此字符串。
//$acl->addRole("Designers");
// 定义 "Customers" 资源
$customersResource = new Resource("Customers");
$acl->addResource($customersResource, "search");
$acl->addResource($customersResource, array("create", "update"));
// 设置角色对资源的访问级别
$acl->allow("Administrators", "Customers", "search");
$acl->allow("Administrators", "Customers", "create");
$acl->deny("Editors", "Customers", "update");
var_dump($acl);
exit;
// 查询角色是否有访问权限
var_dump($acl->isAllowed("Administrators", "Customers", "search"));
exit;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!$this->persistent->get('acl')) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// Register roles
$roles = ['users' => new Role('Users', 'Member privileges, granted after sign in.'), 'guests' => new Role('Guests', 'Anyone browsing the site who is not signed in is considered to be a "Guest".')];
foreach ($roles as $role) {
$acl->addRole($role);
}
if ($this->resource instanceof ResourceInterface) {
foreach ($this->resource->getAllResources() as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($this->resource->getPublicResources() as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Grant access to private area to role Users
foreach ($this->resource->getPrivateResources() as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
}
// The acl is stored in session, APC would be useful here too
$this->persistent->set('acl', $acl);
}
return $this->persistent->get('acl');
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
//throw new \Exception("something");
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('guests' => new Role('Guests'), 'users' => new Role('Users'), 'admins' => new Role('Admins'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Public area resources - READ ONLY
$publicResources = array('index' => array('index'), 'user' => array('list', 'get', 'details', 'search'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('signup', 'login', 'logout'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//User area resources -- READ ONLY
$userResourses = array('user' => array('index', 'search'));
foreach ($userResourses as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant acess to private area to role Users
foreach ($userResourses as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//Admins Resourses -- ALLOW ALLs
$adminResourses = array('user' => array('index', 'edit', 'delete', 'update', 'create', 'search', 'save', 'remove'));
foreach ($adminResourses as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to private area to role Admins
foreach ($adminResourses as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Admins', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
private function getAcl($namespace)
{
// Create a new instantion of ACL
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// Get groups for later use
$groups = Groups::find();
// Get all available resources and add them to the acl resources
foreach ($this->getAvailableResources($namespace) as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Add groups to ACL roles
foreach ($groups as $group) {
$acl->addRole($group->name);
}
// Allow groups to use resources assigned to them
foreach ($groups as $group) {
foreach ($this->getPermissions($group->group_id) as $permission) {
foreach ($this->getAllowedResources($permission->permission_id, $namespace) as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($group->name, $resource, $action);
}
}
}
}
// Return ACL list
return $acl;
}
/**
* Get acl system.
*
* @return AclMemory
*/
public function getAcl($config)
{
$permission = $config->permission->toArray();
if (!$this->_acl) {
$cacheData = $this->getDI()->get('cacheData');
$acl = $cacheData->get(self::CACHE_KEY_ACL);
if ($acl === null) {
$acl = new PhAclMemory();
$acl->setDefaultAction(PhAcl::DENY);
$groupList = array_keys($permission);
foreach ($groupList as $groupConst => $groupValue) {
// Add Role
$acl->addRole(new Role((string) $groupValue));
if (isset($permission[$groupValue]) && is_array($permission[$groupValue]) == true) {
foreach ($permission[$groupValue] as $group => $controller) {
foreach ($controller as $action) {
$actionArr = explode('/', $action);
$resource = strtolower($group) . '/' . $actionArr[0];
// Add Resource
$acl->addResource($resource, $actionArr[1]);
// Grant role to resource
$acl->allow($groupValue, $resource, $actionArr[1]);
}
}
}
}
$cacheData->save(self::CACHE_KEY_ACL, $acl, 2592000);
// 30 days cache.
}
$this->_acl = $acl;
}
return $this->_acl;
}
private function buildAclList()
{
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
/*========== Add roles to ACL ==========*/
$roles = [self::GUEST, self::USER, self::ADMIN];
foreach ($roles as $role) {
$acl->addRole($role);
}
/*========== Add resources to ACL ==========*/
$resources = [self::GUEST => ['index' => ['*'], 'signup' => ['*'], 'signin' => ['*'], 'error' => ['*'], 'profile' => ['newPassword'], 'language' => ['*']], self::USER => ['profile' => ['*'], 'logout' => ['*']], self::ADMIN => ['usermanagement' => ['*']]];
foreach ($resources as $area) {
foreach ($area as $controller => $action) {
$acl->addResource($controller, $action);
}
}
/*========== Add appropriate permissions ==========*/
foreach ($roles as $role) {
foreach ($resources[self::GUEST] as $controller => $action) {
$acl->allow($role, $controller, $action);
}
}
foreach ($resources[self::USER] as $controller => $action) {
$acl->allow(self::USER, $controller, $action);
$acl->allow(self::ADMIN, $controller, $action);
}
foreach ($resources[self::ADMIN] as $controller => $action) {
$acl->allow(self::ADMIN, $controller, $action);
}
return $acl;
}
public function getAcl()
{
if ($this->acl) {
return $this->acl;
}
$cache = $this->getCache();
if ($cache && ($data = $cache->get('acl'))) {
return $this->acl = $data;
}
$acl = new MemoryAcl();
$acl->setDefaultAction(Acl::DENY);
$roles = Entities\Roles::find();
foreach ($roles as $role) {
$roleName = $role->name ? $role->name : $role->roleKey;
$acl->addRole($role->roleKey, $role->roleKey);
}
$resources = Entities\Resources::find();
foreach ($resources as $resource) {
$acl->addResource($resource->resourceKey);
}
$operations = Entities\Operations::find();
foreach ($operations as $operation) {
$acl->addResourceAccess($operation->resourceKey, $operation->operationKey);
if ($operation->roles) {
foreach ($operation->roles as $role) {
$acl->allow($role->roleKey, $operation->resourceKey, $operation->operationKey);
}
}
}
if ($cache) {
$cache->save('acl', $acl);
}
return $this->acl = $acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
//Creamos la lista de accesos
$acl = new AclList();
//Por defecto la lista deniega el acceso
$acl->setDefaultAction(Acl::DENY);
//Creamos los diferentes roles
$roles = array('users' => new Role('Users'), 'guest' => new Role('Guest'));
//Los añadirmos a la lista
foreach ($roles as $role) {
$acl->addRole($role);
}
//Indicamos las areas privadas
$privateResources = array('trabajo' => array('index'), 'trabajopadre' => array('index'), 'trabajoprofe' => array('index'), 'trabajoadmin' => array('index'), 'entidad' => array('index', 'operacionalumno'));
//Añadimos las alreas
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Indicamos las areas publicas
$publicResources = array('index' => array('index'), 'about' => array('index'), 'blog' => array('index'), 'contact' => array('index'), 'usuario' => array('login', 'end'), 'errors' => array('show401', 'show404', 'show500'));
//Añadimos las alreas
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Damos acceso a las areas publicas
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Damos acceso a las areas privadas
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//Asignamos la lista de accesos a objeto persistente
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
*
* @return \Phalcon\Acl\Adapter\Memory
*/
public function getAcl()
{
// setup acl at first time
if (!isset($this->persistent->acl)) {
// create acl list for type of user
$acl = new AclList();
// deny is default acl
$acl->setDefaultAction(Acl::DENY);
// Create 2 roler for two user type: guest and user
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
// private resource area
$privateResources = array('users' => array('index', 'search', 'edit', 'delete'), 'companies' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
// add private area
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// public area
$publicResource = array('index' => array('index'), 'about' => array('index'), 'register' => array('index', 'regis'), 'session' => array('index', 'register', 'start', 'end'), 'users' => array('create', 'new'));
// add public area
foreach ($publicResource as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// grant all user have access to get public area
foreach ($roles as $role) {
foreach ($publicResource as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// grant for only user have access to private area
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users', 'Utilisateur authentifier avec un compte actif'), 'guests' => new Role('Guests', 'Utilisateur non authentifier'));
//var_dump($roles);die();
foreach ($roles as $role) {
$acl->addRole($role);
}
//Not camelCase autorized in define Ressource
//Private area resources
$privateResources = array('lang' => array('index', 'test'), 'contact' => array('index', 'form', 'new', 'edit', 'save', 'create', 'delete'), 'index' => array('listMembers'), 'listemenu' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'notFound' => array('index', 'debugEnv'), 'session' => array('index', 'start'), 'inscription' => array('index'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//var_dump($acl);die();
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
//var_dump($this->persistent->acl);die();
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
//throw new \Exception("something");
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('index' => array('export', 'import'), 'people' => array('list', 'new', 'edit', 'create', 'delete', 'update'), 'stickers' => array('add', 'delete', 'create'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
//throw new \Exception("something");
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'), 'privatepage' => array('index'), 'todo' => array('index', 'add', 'done', 'restore', 'remove'), 'phones' => array('index', 'reserve', 'getUserName', 'cancelReservation'), 'phoneAdd' => array('index', 'add'), 'phonesProducers' => array('index', 'add'), 'operatingSystems' => array('index', 'add'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'portfolio' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// Register roles
$roles = ['users' => new Role('Users', 'Member privileges, granted after sign in.'), 'guests' => new Role('Guests', 'Anyone browsing the site who is not signed in is considered to be a "Guest".')];
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('App\\Controllers\\companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'App\\Controllers\\products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'App\\Controllers\\producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'App\\Controllers\\invoices' => array('index', 'profile'), 'App\\Controllers\\Api\\V1\\about' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('App\\Controllers\\index' => array('index'), 'App\\Controllers\\about' => array('index'), 'App\\Controllers\\register' => array('index'), 'App\\Controllers\\errors' => array('show401', 'show404', 'show500'), 'App\\Controllers\\session' => array('index', 'register', 'start', 'end'), 'App\\Controllers\\contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (true) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('user' => array('register', 'list', 'delete'), 'tag' => array('list', 'create', 'delete'), 'content' => array('view', 'add'), 'pic' => array('list', 'create', 'delete', 'changeBrief'), 'search' => array('list', 'create', 'delete', 'userSearchList'), 'feedback' => array('list', 'view'), 'app' => array('list', 'unpass'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'api' => array('index'), 'install' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array();
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'api' => array('index', 'addCategory', 'addProduct', 'getCategory', 'getProduct', 'getProductByCategory', 'updateCategory', 'updateProduct', 'deleteProduct', 'deleteCategory'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!$this->_acl) {
$acl = new Memory();
$acl->setDefaultAction(PhAcl::DENY);
// Register roles
$roles = array('users' => new PhRole('Users'), 'guests' => new PhRole('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
// Private area resources
$privateResources = array('awards' => array('add', 'edit', 'delete'), 'players' => array('add', 'edit', 'delete'), 'episodes' => array('add', 'edit', 'delete'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new PhResource($resource), $actions);
}
// Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'awards' => array('index'), 'players' => array('index'), 'episodes' => array('index'), 'session' => array('index', 'start'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new PhResource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
// Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->_acl = $acl;
}
return $this->_acl;
}
private function _getAcl()
{
// Create an empty ACL
$acl = new AclList();
// Set the default action to be DENY access
$acl->setDefaultAction(Acl::DENY);
$roles = array('admin' => new Role('admin'), 'donor' => new Role('donor'), 'none' => new Role('none'));
foreach ($roles as $role) {
$acl->addRole($role);
}
$adminResources = array('admin' => array('index', 'update', 'setup'));
$donorResources = array('donor' => array('index'));
$noneResources = array('index' => array('index'), 'user' => array('login', 'logout'));
$resources = array($adminResources, $donorResources, $noneResources);
foreach ($resources as $resourceList) {
foreach ($resourceList as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
}
foreach ($roles as $role) {
foreach ($noneResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
foreach ($donorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('donor', $resource, $action);
}
}
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('admin', $resource, $action);
}
}
return $acl;
}
public function getAcl()
{
$auth = new Auth();
if (!empty($auth->getPermission())) {
$acl = new AcList();
// Default action is deny access
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$role = new Role($auth->getPermission());
// Add "Guests" role to acl
$acl->addRole($role);
$info = $this->getInfoPermission();
foreach ($info as $k => $v) {
$acl->addResource(new Resource($v->privilege->controller), $v->privilege->action);
$acl->allow($auth->getPermission(), $v->privilege->controller, $v->privilege->action);
}
return $acl;
} else {
return false;
}
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
$config = $this->getDI()->get('config')->acl;
//Register roles
foreach ($config->roles as $role => $inheritance) {
$role = new Role($role);
if ($acl->isRole($inheritance) && !is_null($inheritance)) {
$inheritance = new Role($inheritance);
}
$acl->addRole($role, $inheritance);
}
//Register resources
foreach ($config->resources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions->toArray());
}
//Privileges
foreach ($config->privilege as $role => $methodList) {
foreach ($methodList as $method => $levels) {
foreach ($levels as $resource => $accessList) {
foreach ($accessList as $access) {
if ($method == 'allow') {
$acl->allow($role, $resource, $access);
} else {
$acl->deny($role, $resource, $access);
}
}
}
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function createAcl()
{
$acl = new AclList();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
foreach ($this->resources as $role => $groups) {
$acl->addRole(new Role($role, ucfirst($role)));
foreach ($groups as $module => $controllers) {
foreach ($controllers as $controller => $actions) {
$resource = strtolower($module) . '/' . $controller;
$acl->addResource(new Resource($resource), $actions);
$acl->allow($role, $resource, $actions);
}
}
}
if (touch(ROOT_URL . $this->filePath) && is_writable(ROOT_URL . $this->filePath)) {
// Save in File
file_put_contents(ROOT_URL . $this->filePath, serialize($acl));
// Save cache in APC
if (function_exists('apc_store')) {
apc_store('acl', $acl);
}
}
return $acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
$roles = array('admin' => new Role("Admin"), 'users' => new Role("User"), 'guests' => new Role("Guest"));
foreach ($roles as $role) {
$acl->addRole($role);
}
$aclResources = array('admin' => array(), 'user' => array('profile' => array("index", "edit", "view")), 'public' => array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'start', 'end')));
foreach ($aclResources as $type => $resource) {
foreach ($resource as $res => $actions) {
$acl->addResource(new Resource($res), $actions);
}
}
foreach ($aclResources["public"] as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("Guest", $resource, $action);
$acl->allow("User", $resource, $action);
$acl->allow("Admin", $resource, $action);
}
}
foreach ($aclResources["user"] as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("User", $resource, $action);
$acl->allow("Admin", $resource, $action);
}
}
foreach ($aclResources["admin"] as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("Admin", $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Access Control List
*/
public function acl()
{
$acl = new Memory();
$acl->setDefaultAction(Acl::DENY);
$roles = array('guests', 'users');
$resources = array('users' => array('auth' => array('guests'), 'create' => array('guests'), 'logout' => array('users')), 'posts' => array('create' => array('users'), 'mine' => array('users'), 'all' => array('users')));
foreach ($roles as $role) {
$acl->addRole(new Role($role));
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new Resource($resource), array_keys($actions));
foreach ($actions as $action => $roles) {
foreach ($roles as $role) {
$acl->allow($role, $resource, $action);
}
}
}
return $acl;
}
/**
* Rebuilds the access list into a file
*
* @return \Phalcon\Acl\Adapter\Memory
*/
public function rebuild()
{
$acl = new AclMemory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
// Register roles
$profiles = Profiles::find('active = "Y"');
foreach ($profiles as $profile) {
$acl->addRole(new AclRole($profile->name));
}
foreach ($this->privateResources as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
// Grant acess to private area to role Users
foreach ($profiles as $profile) {
// Grant permissions in "permissions" model
foreach ($profile->getPermissions() as $permission) {
$acl->allow($profile->name, $permission->resource, $permission->action);
}
// Always grant these permissions
$acl->allow($profile->name, 'users', 'changePassword');
}
if (touch(APP_DIR . $this->filePath) && is_writable(APP_DIR . $this->filePath)) {
file_put_contents(APP_DIR . $this->filePath, serialize($acl));
// Store the ACL in APC
if (function_exists('apc_store')) {
apc_store('vokuro-acl', $acl);
}
} else {
$this->flash->error('The user does not have write permissions to create the ACL list at ' . APP_DIR . $this->filePath);
}
return $acl;
}
/**
* Rebuils the access list into a file
*
*/
public function rebuild()
{
$acl = new AclMemory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
//Register roles
$profiles = Profiles::find('active = "Y"');
foreach ($profiles as $profile) {
$acl->addRole(new AclRole($profile->name));
}
foreach ($this->_privateResources as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
//Grant acess to private area to role Users
foreach ($profiles as $profile) {
//Grant permissions in "permissions" model
foreach ($profile->getPermissions() as $permission) {
$acl->allow($profile->name, $permission->resource, $permission->action);
}
//Always grant these permissions
$acl->allow($profile->name, 'users', 'changePassword');
}
return $acl;
}
/**
* Rebuilds the access list into a file
*
* @return \Phalcon\Acl\Adapter\Memory
*/
public function rebuild()
{
$acl = new AclMemory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
// Register roles
$profiles = Profiles::find('deleted = 0 AND hidden=0');
foreach ($profiles as $profile) {
$acl->addRole(new AclRole($profile->title));
}
foreach ($this->privateResources as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
foreach ($this->publicResources as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
// Grant acess to private area to role Users
foreach ($profiles as $profile) {
foreach ($profile->getPermissions() as $permission) {
$resource = $permission->getResource();
$acl->addResource(new AclResource($resource->title), $permission->resourceaction);
$acl->allow($profile->title, $resource->title, $permission->resourceaction);
foreach ($this->privateResources as $privateResources => $actions) {
$acl->allow($profile->title, $privateResources, $actions);
}
foreach ($this->publicResources as $publicresource => $actions) {
$acl->allow($profile->title, $publicresource, '*');
}
}
// Always grant these permissions
}
$roles = array('guests' => new AclRole('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
foreach ($roles as $role) {
foreach ($this->publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
if (touch($this->config->application->appsDir . $this->filePath) && is_writable($this->config->application->appsDir . $this->filePath)) {
file_put_contents($this->config->application->appsDir . $this->filePath, serialize($acl));
// Store the ACL in APC
if (function_exists('apc_store')) {
apc_store('reportingtool-acl', $acl);
}
} else {
$this->flash->error('The user does not have write permissions to create the ACL list at ' . $this->config->application->appsDir . $this->filePath);
}
return $acl;
}
/**
* Rebuils the access list into a file.
*/
public function rebuild()
{
$acl = new AclAdapter();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
//Register roles
$profiles = UserGroups::find('active = 1');
foreach ($profiles as $profile) {
$acl->addRole(new AclRole($profile->name));
}
foreach ($this->_privateResources as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
//Grant acess to private area to role Users
foreach ($profiles as $profile) {
//Grant permissions in "permissions" model
foreach ($profile->getPermissions() as $permission) {
$acl->allow($profile->name, $permission->resource, $permission->action);
}
//Always grant these permissions
$acl->allow($profile->name, 'users', 'changePassword');
}
if (is_writable(__DIR__ . $this->_filePath)) {
file_put_contents(__DIR__ . $this->_filePath, serialize($acl));
//Store the ACL in APC
if (function_exists('apc_store')) {
apc_store($this->di->config->cradaUserPlugin->appId, $acl);
}
} else {
$this->flash->error('The user does not have write permissions');
}
return $acl;
}
use Mocks\Examples\User;
use Ovide\Libs\Mvc\Rest\App;
use Phalcon\Acl;
use Ovide\Libs\Mvc\Rest\ContentType\XmlEncoder;
App::reset();
$app = App::instance();
$handlers = $app->getHandlers();
$accept = $handlers[\Ovide\Libs\Mvc\Rest\HeaderHandler\Accept::HEADER];
$accept->setAcceptable(XmlEncoder::CONTENT_TYPE, XmlEncoder::class);
$app->mountResource(User::class);
$app->di->set('acl', function () {
$guest = new Acl\Role('guest');
$user = new Acl\Role('user');
$root = new Acl\Role('root');
$users = new Acl\Resource('users');
$acl = new Acl\Adapter\Memory();
$acl->addRole($guest);
$acl->addRole($user, $guest);
$acl->addRole($root, $user);
$acl->addResource($users, ['delete', 'get', 'getOne', 'post', 'put', 'putSelf', 'getSelf', 'deleteSelf']);
$acl->allow('guest', 'users', ['post']);
$acl->allow('user', 'users', ['getSelf', 'deleteSelf', 'putSelf']);
$acl->deny('user', 'users', 'post');
$acl->allow('root', 'users', '*');
$acl->setDefaultAction(Acl::DENY);
//Sets 'gest' as active role
$acl->isAllowed('guest', '', '');
return $acl;
}, true);
return $app;
