A Zend Framework 2 User Authentication and role based authorization module, created by Tahmina Khatoon

1. Add this project in your composer.json:

   "require": {
       "tahmina8765/zf2auth": "dev-master"
   }

2. Now tell composer to download ZfcUser by running the command:

   $ php composer.phar update

1. Enabling it in your application.config.phpfile.

   <?php
   return array(
       'modules' => array(
           // ...
           'Zf2auth'
       ),
       // ...
   );

2. Then Import the SQL schema located in ./vendor/tahmina8765/zf2auth/data/schema.sql.

3. Add the following in Application/Module.php (the main module which use to bootstrap the application)

   use Zend\Authentication\AuthenticationService;
   use Zend\Http\Response;
   use Zend\Session\Container;
   use Zend\Session\Config\SessionConfig;
   use Zend\Session\SessionManager;
   
   public function onBootstrap(MvcEvent $e)
   {
       $eventManager = $e->getApplication()->getEventManager();
       $moduleRouteListener = new ModuleRouteListener();
       $moduleRouteListener->attach($eventManager);
   
       $this->initAcl($e);
       $eventManager->attach('route', array($this, 'checkAcl'));
       $eventManager->attach(\Zend\Mvc\MvcEvent::EVENT_DISPATCH_ERROR, array($this, 'handleError'));
       $eventManager->attach(\Zend\Mvc\MvcEvent::EVENT_RENDER_ERROR, array($this, 'handleError'));
   }
   
   public function initSession($config)
   {
       $sessionConfig = new SessionConfig();
       $sessionConfig->setOptions($config);
       $sessionManager = new SessionManager($sessionConfig);
       $sessionManager->start();
       Container::setDefaultManager($sessionManager);
   }
   
   public function initAcl(MvcEvent $e)
   {
   
       $acl = new \Zend\Permissions\Acl\Acl();
       $application = $e->getApplication();
       $services = $application->getServiceManager();
   
       $this->rolesTable = $services->get('Zf2auth\Table\RolesTable');
       $this->resourcesTable = $services->get('Zf2auth\Table\ResourcesTable');
       $this->roleResourcesTable = $services->get('Zf2auth\Table\RoleResourcesTable');
   
   
       $roles = $this->rolesTable->fetchAll();
       $resources = $this->resourcesTable->fetchAll();
   
       $allResources = array();
       foreach ($resources as $resource) {
           if (!empty($resource)) {
               $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource->name));
               $allResources[] = $resource->name;
           }
       }
       $allowed = array();
       foreach ($roles as $role) {
           $role_id = $role->id;
           $role_name = ($role->name);
   
           $role = new \Zend\Permissions\Acl\Role\GenericRole($role_name);
           $acl->addRole($role_name);
   
           $allowed[$role_name] = array();
           if ($role_name == 'Administrator') {
               $acl->allow($role_name);
               $allowed[$role_name] = $allResources;
           } else {
               $role_resources = $this->roleResourcesTable->getResourcesBasedOnRole($role_id);
               $allowd_resources = array();
               foreach ($role_resources as $row) {
                   if (!empty($row)) {
                       $allowd_resources[] = $row;
                       $acl->allow($role_name, $row->resource_name);
                       $allowed[$role_name][] = $row->resource_name;
                   }
               }
           }
       }
       // Set Allowed Resources In session
       $container = new Container('system_init');
       if (empty($container->allowed_resources)) {
           $container->allowed_resources = $allowed;
       }
       $e->getViewModel()->acl = $acl;
   }
   
   public function checkAcl(MvcEvent $e)
   {
   
       $route = $e->getRouteMatch()->getMatchedRouteName();
       $Zf2AuthStorage = new \Zf2auth\Model\Zf2AuthStorage;
       $userRole = $Zf2AuthStorage->getRole();
   
       if (!$e->getViewModel()->acl->hasResource($route) || !$e->getViewModel()->acl->isAllowed($userRole, $route)) {
   
           $response = $e->getResponse();
   
           if (!empty($_SESSION['zf2authSession'])) {
   
               $response->getHeaders()->addHeaderLine('Location', $e->getRequest()->getBaseUrl() . '/404');
               $response->setStatusCode(403);
               $response->sendHeaders();
           } else {
               $url = $e->getRouter()->assemble(array('controller' => 'users', 'action' => 'login'), array('name' => 'users/login'));
               $response->getHeaders()->addHeaderLine('Location', $url);
               $response->setStatusCode(302);
               $response->sendHeaders();
           }
           exit;
       }
   }
   
   public function authPreDispatch(MvcEvent $e)
   {
   
       //- assemble your own URL - this is just an example
       $url = $e->getRouter()->assemble(array('action' => 'login'), array('name' => 'frontend'));
   
       $response = $e->getResponse();
       $response->getHeaders()->addHeaderLine('Location', $url);
       $response->setStatusCode(302);
       $response->sendHeaders();
       exit;
   }
   
   public function handleError(MvcEvent $e)
   {
       $exception = $e->getParam('exception');
   }
   
   public function getServiceConfig()
   {
       return array(
           'factories' => array(
               'ZF2AuthService' => function($sm) {
                   $authService = new AuthenticationService();
                   $authService->setStorage($sm->get('Zf2auth\Model\Zf2AuthStorage'));
                   return $authService;
               },                
           ),
       );
   }
   
   public function getSessionConfig()
   {
       $config = array();
       return $config;
   }

4. Set Admin role in piblic/index.php

   define('ADMIN_ROLE_ID', 1);