/**
* Query the ACL if the user is allowed to be dispatched to the resource
*
* @param Zend_Controller_Request_Abstract $request
* @throws Zend_Exception if user is not allowed (handled by error controller)
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$resource = $module . '/' . $controller;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity() === TRUE) {
$user = $auth->getIdentity();
} else {
$user = new App_User();
$user->setRole(Zend_Registry::get('acl_default_role_name'), Zend_Registry::get('acl_default_role_id'));
}
$auth->getStorage()->write($user);
/**
* load acl stuff from cache.
* the acl is created, that it doesnot grab the data from the database again
* so, we should have a little bit of performance here
*/
/*
//FIXME: ACL Caching seems be faulty or its the development process
// After changing rules, ACL doesn't match anymore
// Fix: After Changing roles/rules refresh the ACL Cache Object
$cache = Zend_Registry::get('Cache_Acl');
$acl = $cache->load('acl_object');
IF(!$acl) {
$acl = new App_Acl;
}
*/
$acl = new App_Acl();
// FIXME: remove after above is fixed
$acl->buildResourceRules($module, $controller, $action, $user);
// $cache->save($acl, 'acl_object'); // FIXME: enabled again after above problem is fixed
foreach ($user->getRoles() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
/**
* This part is critical (see todo in class docs)
*
* 1. On XML Requests:
* The setbody just adds information to the body. If an php error occure, the
* setBody just prepend the this error to the php error => the return is an Json/html mixed response, unreadable for Ajax Client
* 2. normal HTTP resposen:
* anonymouse rerouting to login page, no reason or any notification to the user
*/
if ($this->getRequest()->isXmlHttpRequest()) {
$this->getResponse()->setBody(Zend_Json_Encoder::encode(array('success' => FALSE, 'error_message' => 'No Right to execute this action')));
} elseif ($controller !== 'error') {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->gotoSimple('login', 'auth', 'noc');
}
}
public function testPaidAccess()
{
$paid = App_Roles::PAID;
$this->assertFalse($this->acl->isAllowed($paid, App_Resources::ADMIN_SECTION));
$this->assertTrue($this->acl->isAllowed($paid, App_Resources::ACCOUNT_PAID));
$this->assertFalse($this->acl->isAllowed($paid, App_Resources::ACCOUNT_FREE));
$this->assertTrue($this->acl->isAllowed($paid, App_Resources::PUBLICPAGE));
}
/**
* Check if the current user (self::$user) is allowed to
* use the $module/$action
*
* @param string $module
* @param string $action
* @return bool
*/
public function isAllowed($module, $action)
{
$resource = 'webdesktop/' . $module;
// build rules on every call?
$this->acl->buildResourceRules('webdesktop', $module, $action, $this->user, TRUE);
$cache = Zend_Registry::get('Cache_Acl');
$cache->save($this->acl, 'acl_object');
foreach ($this->user->getRoles() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($this->acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
return FALSE;
}
public function getuserinfoAction()
{
if(Zend_Auth::getInstance()->getIdentity())
$role = Zend_Auth::getInstance()->getIdentity()->status;
$acl = new App_Acl();
if(!$acl->isAllowed($role, App_Resources::PAYSUSERINFO))
$this->getHelper('Redirector')->gotoSimpleAndExit('index', 'error', '');
$this->_helper->viewRenderer->setNoRender ();
$this->_helper->getHelper('layout')->disableLayout ();
if ($this->getRequest()->isPost()) {
$contract = $this->_getParam('login');
$userinfo = new Application_Model_DbTable_Hna();
$info = $userinfo->getUserInfo($contract);
$userpays = new Application_Model_DbTable_Pays();
$pays = $userpays->getUserPays($info['user_id']);
if($info['user_id']) {
echo "{ 'user_id' : '" . $info['user_id'] . "'," .
" 'surname' : '" . $info['surname'] . "'," .
" 'firstname' : '" . $info['firstname'] . "'," .
" 'lastname' : '" . $info['lastname'] . "'," .
" 'connect' : " . $pays['connect'] . "," .
" 'm1' : " . $pays['1'] . "," .
" 'm2' : " . $pays['2'] . "," .
" 'm3' : " . $pays['3'] . "," .
" 'm4' : " . $pays['4'] . "," .
" 'm5' : " . $pays['5'] . "," .
" 'm6' : " . $pays['6'] . "," .
" 'm7' : " . $pays['7'] . "," .
" 'm8' : " . $pays['8'] . "," .
" 'm9' : " . $pays['9'] . "," .
" 'm10' : " . $pays['10'] . "," .
" 'm11' : " . $pays['11'] . "," .
" 'm12' : " . $pays['12'] . " }";
} else {
echo "{ 'user_id' : '-1'}";
}
}
}
public function payslistAction() {
if (Zend_Auth::getInstance()->getIdentity())
$role = Zend_Auth::getInstance()->getIdentity()->status;
$acl = new App_Acl();
if (!$acl->isAllowed($role, App_Resources::INDEX))
$this->getHelper('Redirector')->gotoSimpleAndExit('index', 'error', '');
$this->view->title = "HNA - Оплаты";
$this->view->headTitle($this->view->title);
$user = new Application_Model_DbTable_Hna();
$this->view->hna = $user->getPaysList();
}