public function setUp() { // authentication service $this->authentication = new AuthenticationService; // authorization service $this->authorization = new AclAuthorization(); $this->authorization->addRole('guest'); $this->authorization->allow(); // event for mvc and mvc-auth $routeMatch = new RouteMatch(array()); $request = new HttpRequest(); $response = new HttpResponse(); $application = new Application(null, new ServiceManager(new Config(array('services' => array( 'event_manager' => new EventManager(), 'authentication' => $this->authentication, 'authorization' => $this->authorization, 'request' => $request, 'response' => $response ))))); $mvcEvent = new MvcEvent(); $mvcEvent->setRequest($request) ->setResponse($response) ->setRouteMatch($routeMatch) ->setApplication($application); $this->mvcAuthEvent = new MvcAuthEvent($mvcEvent, $this->authentication, $this->authorization); $this->listener = new DefaultAuthorizationListener($this->authorization); }
/** * Sets up permissions for the module * * @param \Acl $acl */ public static function addSongbookPrivileges($acl) { $acl->addRole('songbook - vstup'); $acl->addRole('songbook - vytváření/editace', 'songbook - vstup'); $acl->addRole('songbook - mazání', 'songbook - vytváření/editace'); $acl->addResource("Oddil:Songbook"); $acl->allow("base - člen", "Oddil:Songbook", "display"); $acl->allow("songbook - vstup", "Oddil:Songbook", "default"); $acl->allow("songbook - vytváření/editace", "Oddil:Songbook", ["add", "edit"]); $acl->allow("songbook - mazání", "Oddil:Songbook", "delete"); }
/** * Create the form-service * * @param \Zend\ServiceManager\ServiceLocatorInterface $serviceLocator * @return \Zend\Permissions\Acl\Acl */ public function createService(ServiceLocatorInterface $serviceLocator) { // Configure the locale $config = $serviceLocator->get('Configuration'); $srvConfig = isset($config['acl']) ? $config['acl'] : array(); $acl = new Acl(); if (!empty($srvConfig['roles'])) { foreach ((array) $srvConfig['roles'] as $role => $parents) { $acl->addRole((string) $role, $parents); } } if (!empty($srvConfig['resources'])) { foreach ((array) $srvConfig['resources'] as $resource => $parent) { $acl->addResource($resource, $parent); } } if (!empty($srvConfig['allow'])) { foreach ((array) $srvConfig['allow'] as $allow) { $acl->allow($allow['role'], $allow['resource'], $allow['privilege']); } } if (!empty($srvConfig['deny'])) { foreach ((array) $srvConfig['deny'] as $deny) { $acl->deny($deny['role'], $deny['resource'], $deny['privilege']); } } return $acl; }
public static function GetFromCached() { $mem = Cache::getInstance(); if (!$mem->get("allow")) { return false; } self::$allow = $mem->get("allow"); self::$parents = $mem->get("parents"); self::$Rolelist = $mem->get("role"); }
public function setUp() { // authentication service $this->authentication = new AuthenticationService(); // authorization service $this->authorization = new AclAuthorization(); $this->authorization->addRole('guest'); $this->authorization->allow(); // event for mvc and mvc-auth $routeMatch = $this->createRouteMatch([]); $request = new HttpRequest(); $response = new HttpResponse(); $container = new ServiceManager(); (new Config(['services' => ['EventManager' => new EventManager(), 'Authentication' => $this->authentication, 'Authorization' => $this->authorization, 'Request' => $request, 'Response' => $response]]))->configureServiceManager($container); $application = $this->applicationFactory($container); $mvcEvent = new MvcEvent(); $mvcEvent->setRequest($request)->setResponse($response)->setRouteMatch($routeMatch)->setApplication($application); $this->mvcAuthEvent = new MvcAuthEvent($mvcEvent, $this->authentication, $this->authorization); $this->listener = new DefaultAuthorizationListener($this->authorization); }
/** * Set allow on $acl object * * @param Acl $acl */ public function set_allow($acl) { // allow foreach ($this->_environments as $environment) { foreach ($this->_allow as $role => $rights) { foreach ($rights as $resource => $privileges) { foreach ($privileges as $privilege) { if (is_array($privilege)) { $own = isset($privilege[1]) && $privilege[1] === true ? true : false; $privilege = $privilege[0]; } else { $own = false; } $acl->allow($role, $resource, $privilege, $own, (string) $environment); } } } } }
/** * Set allow on $acl object * * @param Acl $acl */ public function set_allow($acl) { // allow foreach ($this->_environments as $environment) { foreach ($this->_allow as $role => $rights) { // manager-rights are automatically only for only one website if ($role == 'manager') { $role = 'manager_' . $environment; } // set allow rights on role foreach ($rights as $resource => $privileges) { foreach ($privileges as $privilege) { if (is_array($privilege)) { $own = isset($privilege[1]) && $privilege[1] === true ? true : false; $privilege = $privilege[0]; } else { $own = false; } $acl->allow($role, $resource, $privilege, $own, (string) $environment); } } } } }
/** * @param \Acl $acl */ private function addVIPChroniclePermissions($acl) { $acl->addRole('vip - vstup'); $acl->addRole('vip - vytváření/editace', 'vip - vstup'); $acl->addRole('vip - popisky', 'vip - vytváření/editace'); $acl->addRole('vip - generování', 'vip - popisky'); $acl->addRole('vip - zobrazování', 'vip - generování'); $acl->addRole('vip - mazání', 'vip - zobrazování'); $acl->addResource(self::MODULE_NAME . ':Admin:Vipchronicle'); $acl->allow('vip - vstup', self::MODULE_NAME . ':Admin:Vipchronicle', 'default'); $acl->allow('vip - vytváření/editace', self::MODULE_NAME . ':Admin:Vipchronicle', 'create'); $acl->allow('vip - vytváření/editace', self::MODULE_NAME . ':Admin:Vipchronicle', 'edit'); $acl->allow('vip - popisky', self::MODULE_NAME . ':Admin:Vipchronicle', 'photos'); $acl->allow('vip - generování', self::MODULE_NAME . ':Admin:Vipchronicle', 'generate'); $acl->allow('vip - zobrazování', self::MODULE_NAME . ':Admin:Vipchronicle', 'show'); $acl->allow('vip - mazání', self::MODULE_NAME . ':Admin:Vipchronicle', 'delete'); }
/** * Установить acl * @param Acl $acl * @return Auth */ public function setAcl($acl) { if ($this->hasIdentity()) { $acl->allow('guest', 'autharea', 'signout'); $acl->deny('guest', 'autharea', array('signin', 'signup')); } $this->_acl = $acl; return $this; }