protected function _initAcl()
{
$acl = new Zend_Acl();
$acl->addRole(Infra_AclHelper::ROLE_GUEST);
$currentRole = Infra_AclHelper::getCurrentRole();
$currentPermissions = Infra_AclHelper::getCurrentPermissions();
if (!$acl->hasRole($currentRole)) {
$acl->addRole($currentRole);
}
$accessItems = Zend_Registry::get('config')->access;
$allAccess = array();
foreach ($accessItems as $resource => $accessConfig) {
if (!$accessConfig instanceof Zend_Config) {
$requiredPermissions = $accessConfig;
} else {
if (isset($accessConfig->all)) {
$requiredPermissions = $accessConfig->all;
} else {
continue;
}
}
$acl->addResource(new Zend_Acl_Resource($resource));
if ($requiredPermissions) {
$allow = true;
if ($requiredPermissions != '*') {
$allAccess[$resource] = $requiredPermissions;
$requiredPermissions = array_map('trim', explode(',', $requiredPermissions));
foreach ($requiredPermissions as $required) {
if (!in_array($required, $currentPermissions, true)) {
$allow = false;
break;
}
}
}
if ($allow) {
$acl->allow($currentRole, $resource);
} else {
$acl->deny($currentRole, $resource);
}
}
}
foreach ($accessItems as $resource => $accessConfig) {
if ($accessConfig instanceof Zend_Config) {
foreach ($accessConfig as $action => $requiredPermissions) {
if ($action == 'all') {
continue;
}
$acl->addResource(new Zend_Acl_Resource($resource . $action), $resource);
$allow = true;
if ($requiredPermissions != '*') {
if (isset($allAccess[$resource])) {
$requiredPermissions .= ',' . $allAccess[$resource];
}
$requiredPermissions = array_map('trim', explode(',', $requiredPermissions));
foreach ($requiredPermissions as $required) {
if (!in_array($required, $currentPermissions, true)) {
$allow = false;
break;
}
}
} else {
//If no special permission is required to view this resource, it should be added to the whitelisted resources
$resourceUrl = "{$resource}/{$action}";
Infra_AuthPlugin::addToWhitelist($resourceUrl);
}
if ($allow) {
$acl->allow($currentRole, $resource, $action);
} else {
$acl->deny($currentRole, $resource, $action);
}
}
}
}
Zend_Registry::set('acl', $acl);
}
/**
* Define the default action when login failed
* @param string $url
*/
public static function setDefaultAction($controller, $action = 'index')
{
self::$defaultController = $controller;
self::$defaultAction = $action;
}
