public function init()
{
$acl = new Zend_Acl();
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_USER, OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, OpenSKOS_Db_Table_Users::USER_ROLE_USER);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR);
$acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR);
$acl->addResource('website');
$acl->addResource('editor');
$acl->addResource('editor.concepts', 'editor');
$acl->addResource('editor.concept-schemes', 'editor');
$acl->addResource('editor.institution', 'editor');
$acl->addResource('editor.collections', 'editor');
$acl->addResource('editor.delete-all-concepts-in-collection', 'editor');
$acl->addResource('editor.users', 'editor');
$acl->addResource('editor.jobs', 'editor');
$acl->addResource('editor.manage-search-profiles', 'editor');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST, 'website', 'view');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor', 'view');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor.concepts', 'view');
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, 'editor.concepts', array('propose'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concepts', array('full-create', 'edit', 'delete', 'bulk-status-edit'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concept-schemes', array('index', 'create', 'edit', 'delete', 'manage-icons'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.institution', null);
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.collections', array('index', 'manage'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.users', array('index', 'manage'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.jobs', array('index', 'manage'));
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.manage-search-profiles', null);
$acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, 'editor.delete-all-concepts-in-collection', null);
Zend_Registry::set(self::REGISTRY_KEY, $acl);
//store the ACL for the view:
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
}
public function init()
{
//set timeout
$this->_sessionAdmin = new Zend_Session_Namespace(Zend_Auth_Storage_Session::NAMESPACE_DEFAULT);
$this->_sessionAdmin->setExpirationSeconds(30 * 60);
//load acl
$aclLoader = HCMS_Acl_Loader::getInstance();
$aclLoader->load();
if (!Zend_Auth::getInstance()->hasIdentity()) {
$this->_admin = null;
} else {
$this->_admin = Zend_Auth::getInstance()->getIdentity();
$aclLoader->setCurrentRoleCode($aclLoader->getRoleCode($this->_admin->get_role_id()));
}
$this->view->admin = $this->_admin;
if ($this->_checkAuth) {
$this->_checkAuthorization();
}
$this->_redirect_to_ssl();
$this->_checkIP();
//set ACL object for Zend_Navigation
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($aclLoader->getAcl());
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($aclLoader->getCurrentRoleCode());
$this->_initVersionInfo();
$this->_module = new Application_Model_Module();
if (Application_Model_ModuleMapper::getInstance()->findByCode($this->getRequest()->getModuleName(), $this->_module)) {
$this->view->moduleSettings = $this->_module->get_settings();
}
parent::init();
}
/**
* Prepares the environment before running a test
*
*/
protected function setUp()
{
$cwd = __DIR__;
// read navigation config
$this->_files = $cwd . '/_files';
$config = new \Zend\Config\Xml($this->_files . '/navigation.xml');
// setup containers from config
$this->_nav1 = new Navigation\Navigation($config->get('nav_test1'));
$this->_nav2 = new Navigation\Navigation($config->get('nav_test2'));
// setup view
$view = new \Zend\View\PhpRenderer();
$view->resolver()->addPath($cwd . '/_files/mvc/views');
// setup front
$front = Controller\Front::getInstance();
$this->_oldControllerDir = $front->getControllerDirectory('test');
$front->setControllerDirectory($cwd . '/_files/mvc/controllers');
// create helper
$this->_helper = new $this->_helperName;
$this->_helper->setView($view);
// set nav1 in helper as default
$this->_helper->setContainer($this->_nav1);
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
$navContainer = null;
$viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer');
$viewRenderer->initView();
$view = $viewRenderer->view;
$module = $request->getModuleName();
if ($module == "admin") {
$navContainerConfig = new Zend_Config_Xml(APPLICATION_PATH . '/modules/admin/navigation.xml', 'nav');
$navContainer = new Zend_Navigation($navContainerConfig);
// Load the xml navigation menu
// check if the database configuration has been set
if (Shineisp_Main::isReady()) {
// Adding the configuration menu items
$configuration = SettingsGroups::getlist();
$submenu = $navContainer->findOneByLabel('Configuration');
foreach ($configuration as $id => $item) {
$pages[] = array('label' => $item, 'uri' => '/admin/settings/index/groupid/' . $id, 'resource' => 'admin:settings');
}
$submenu->addPages($pages);
}
// Attach the Zend ACL to the Navigation menu
$auth = Zend_Auth::getInstance();
if ($auth) {
$acl = $auth->getStorage()->read();
if (is_object($acl)) {
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole("administrator");
}
}
} elseif ($module == "default") {
$navContainerConfig = new Zend_Config_Xml(APPLICATION_PATH . '/modules/default/navigation.xml', 'nav');
$navContainer = new Zend_Navigation($navContainerConfig);
// Load the xml navigation menu
// Attach the Zend ACL to the Navigation menu
$auth = Zend_Auth::getInstance();
if ($auth) {
$acl = $auth->getStorage()->read();
if (is_object($acl)) {
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole("guest");
}
}
}
if ($navContainer) {
foreach ($navContainer->getPages() as $page) {
foreach ($page->getPages() as $subpage) {
foreach ($subpage->getPages() as $subsubpage) {
$uri = $subsubpage->getHref();
if ($uri === $request->getRequestUri()) {
$subsubpage->setActive(true);
}
}
}
}
$view->navigation($navContainer);
}
}
public static function init()
{
$aclProvider = new Application_Security_AclProvider();
$acl = $aclProvider->getAcls();
$aclProvider->getLogger()->debug('ACL: bootrapping');
Zend_Registry::set('Opus_Acl', $acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(Application_Security_AclProvider::ACTIVE_ROLE);
}
/**
* used for handling top-level navigation
* @return Zend_Navigation
*/
protected function _initNavigation()
{
$this->bootstrap('layout');
$layout = $this->getResource('layout');
$view = $layout->getView();
$config = new Zend_Config_Xml(APPLICATION_PATH . '/configs/navigation.xml', 'nav');
$container = new Zend_Navigation($config);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl(new My_Acl());
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(My_Acl_Roles::GUEST);
$view->navigation($container);
}
/**
* 在路由结束之后,载入权限分配表。
*
* @see Zend_Controller_Request_Abstract::routeShutdown()
* @param Zend_Controller_Plugin_Abstract $request
* @return void
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
$user = Zend_Registry::get('user');
$role = ZtChart_Model_Acl_Loader::hash($user->getRoleId());
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
ZtChart_Model_Acl_Loader::getInstance()->load($this->_acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->_acl);
// 如果拥有全部游戏,则设置为NULL。
if (($gameTypes = $user->getRole()->getGameTypes(true)) == array_keys(ZtChart_Model_GameType::getGames())) {
$gameTypes = null;
}
ZtChart_Model_Assemble_Backend_Abstract::setAllowedGameTypes($gameTypes);
}
protected function _initAcl()
{
$options = $this->getOptions();
$config = $options['acl']['roles'];
if (isset($config)) {
$auth = Zend_Auth::getInstance();
$role = $auth->hasIdentity() && !empty($auth->getIdentity()->role) ? $auth->getIdentity()->role : 'guest';
$acl = new ZFExt_Acl();
$acl->_configureNavigationAccess();
// привязываем Acl к Navigation
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
}
return $acl;
}
/**
* Инициализация базовых настроек
* @return void
*/
public function init()
{
parent::init();
$this->_baseUrl = $this->getFrontController()->getBaseUrl();
$auth = Auth::getInstance();
$acl = new Acl();
$auth->setAcl($acl);
$this->view->doctype('XHTML1_TRANSITIONAL');
$this->view->headTitle()->setSeparator(' :: ');
$this->view->headTitle('HR');
$this->view->addHelperPath('Zend/Dojo/View/Helper/', 'Zend_Dojo_View_Helper');
// $this->view->addHelperPath('../application/views/helpers/', 'Helper');
$this->view->addHelperPath(APPLICATION_PATH . '/views/helpers/', 'Helper');
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole('guest');
$this->_setNavigation();
}
/**
* Инициализация пользовательской сессии
*
* @return array
*/
public function init()
{
$this->_bootstrap->bootstrap('Usersession');
$this->_bootstrap->bootstrap('View');
$acl = new Zend_Acl();
$role = $this->_bootstrap->Usersession->UserData['roleid'];
$acl->addRole(new Zend_Acl_Role($role));
$db = $this->_bootstrap->Db;
$select = $db->select()->from('pw_mvc_resources', new Zend_Db_Expr('DISTINCT module,controller'));
foreach ($db->fetchAll($select) as $row) {
$acl->add(new Zend_Acl_Resource(join(':', $row)));
}
foreach ($this->_bootstrap->Usersession->UserData['acl']['mvc'] as $modulename => $moduledata) {
foreach ($moduledata as $controllername => $controllerdata) {
$acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata));
}
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
$navigation = $this->_bootstrap->View->navigation();
$dir = APPLICATION_PATH . '/configs/navigation/';
if (is_dir($dir)) {
$handle = opendir($dir);
while ($module = readdir($handle)) {
if (is_dir($dir . $module) && !in_array($module, array('.', '..'))) {
$files = opendir($dir . $module);
while ($file = readdir($files)) {
if (preg_match('#^([^\\.]+)\\.xml$#iu', $file, $fileinfo)) {
$container = new Zend_Navigation(new Zend_Config_Xml($dir . $module . '/' . $file));
$this->_containers[$module][$fileinfo[1]] = array('menu' => $navigation->menu($container)->render(), 'breadcrumbs' => $navigation->breadcrumbs($container)->render());
}
}
closedir($files);
}
}
closedir($handle);
}
$this->_bootstrap->View->assign('Navigation', $this->_containers);
return $this->_containers;
}
/**
* Prepares the environment before running a test
*
*/
protected function setUp()
{
$cwd = dirname(__FILE__);
// read navigation config
$this->_files = $cwd . '/_files';
$config = new Zend_Config_Xml($this->_files . '/navigation.xml');
// setup containers from config
$this->_nav1 = new Zend_Navigation($config->get('nav_test1'));
$this->_nav2 = new Zend_Navigation($config->get('nav_test2'));
// setup view
$view = new Zend_View();
$view->setScriptPath($cwd . '/_files/mvc/views');
// setup front
$front = Zend_Controller_Front::getInstance();
$this->_oldControllerDir = $front->getControllerDirectory('test');
$front->setControllerDirectory($cwd . '/_files/mvc/controllers');
// create helper
$this->_helper = new $this->_helperName();
$this->_helper->setView($view);
// set nav1 in helper as default
$this->_helper->setContainer($this->_nav1);
}
/**
* Inicializacja navigation
* Dlatego jest to na configu że standardowy resource nie obsluguje menu
* w osobnym pliku.
*/
protected function navigation()
{
$section = 'navigation';
// if(Zend_Auth::getInstance()->getIdentity()->jednostka['type'] == 5) {
// $section = 'administration';
// }
$navigationConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/navigation.ini', $section);
$navigation = new Zend_Navigation($navigationConfig);
$this->getResource('view')->navigation($navigation);
Zend_Registry::set(Zend_Application_Resource_Navigation::DEFAULT_REGISTRY_KEY, $navigation);
$acl = $this->getResource('acl');
$authNamespace = new Zend_Session_Namespace('Zend_Auth');
//sprawdzanie czy użytkownik ma ustawionego ws klienta
if ($authNamespace->storage->ws_client_id == null && $authNamespace->storage->profile_id != null) {
//pobieranie stron na których jest wymagany klient
$pages = $navigation->findBy('clientrequired', true, true);
foreach ($pages as $page) {
//blokowanie wyświetlenia menu dla stron do których nie ma dostępu
$acl = $acl->deny('profile_' . $authNamespace->storage->profile_id, $page->getResource(), null);
}
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole('profile_' . Zend_Auth::getInstance()->getIdentity()->profile_id);
}
/**
* Sets default ACL role(s) to use when iterating pages if not explicitly
* set later with {@link setRole()}
*
* @param midex $role [optional] role to set. Expects null,
* string, or an instance of
* {@link Zend_Acl_Role_Interface}.
* Default is null, which sets no default
* role.
* @throws Zend_View_Exception if role is invalid
* @return void
*/
public static function setDefaultRole($role = null)
{
if (null === $role || is_string($role) || $role instanceof Zend_Acl_Role_Interface) {
self::$_defaultRole = $role;
} else {
#require_once 'Zend/View/Exception.php';
throw new Zend_View_Exception('$role must be null|string|Zend_Acl_Role_Interface');
}
}
/**
* Magic overload: Proxy to other navigation helpers or the container
*
* Examples of usage from a view script or layout:
* <code>
* // proxy to Menu helper and render container:
* echo $this->navigation()->menu();
*
* // proxy to Breadcrumbs helper and set indentation:
* $this->navigation()->breadcrumbs()->setIndent(8);
*
* // proxy to container and find all pages with 'blog' route:
* $blogPages = $this->navigation()->findAllByRoute('blog');
* </code>
*
* @param string $method helper name or method name in
* container
* @param array $arguments [optional] arguments to pass
* @return mixed returns what the proxied call returns
* @throws Zend_View_Exception if proxying to a helper, and the
* helper is not an instance of the
* interface specified in
* {@link findHelper()}
* @throws Zend_Navigation_Exception if method does not exist in container
*/
public function __call($method, array $arguments = array())
{
// check if call should proxy to another helper
if ($helper = $this->findHelper($method, false)) {
return call_user_func_array(array($helper, $method), $arguments);
}
// default behaviour: proxy call to container
return parent::__call($method, $arguments);
}
/**
* Magic overload: Proxy calls to {@link findRelation()} or container
*
* Examples of finder calls:
* <code>
* // METHOD // SAME AS
* $h->findRelNext($page); // $h->findRelation($page, 'rel', 'next')
* $h->findRevSection($page); // $h->findRelation($page, 'rev', 'section');
* $h->findRelFoo($page); // $h->findRelation($page, 'rel', 'foo');
* </code>
*
* @param string $method method name
* @param array $arguments method arguments
* @throws Zend_Navigation_Exception if method does not exist in container
*/
public function __call($method, array $arguments = array())
{
if (@preg_match('/find(Rel|Rev)(.+)/', $method, $match)) {
return $this->findRelation($arguments[0],
strtolower($match[1]),
strtolower($match[2]));
}
return parent::__call($method, $arguments);
}
public function processAcl(Zend_Controller_Request_Abstract $Request)
{
// Request Info
$sModule = $Request->getModuleName();
$sController = $Request->getControllerName();
$role = $this->getIdentityRole();
// Resource
$resource = $sModule . ':' . $sController;
if (!$this->checkAuth($role, $resource)) {
$this->addError('noAccess');
return $this->_redirectToLogin($Request);
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->getAcl());
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
}
/**
* Строит MVC-менюшки
*
* @param object $navigation - Zend_View_Helper_Navigation
* @param string $module - Название модуля
* @param string $filename - Имя xml-файла с деревом разделов
*
* @return array
*/
function getMvcMenus($navigation, $module = "default", $filename = "menu")
{
if (!file_exists($this->paths["applct"] . "/modules/" . $module . "/" . $filename . ".xml")) {
return false;
}
$roles = array_values($this->UserData["roles"]);
$role = $roles[0];
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role($role));
$sql = "SELECT DISTINCT module,controller FROM pw_mvc_resources";
foreach ($this->db->fetchAll($sql) as $row) {
$acl->add(new Zend_Acl_Resource($row["module"] . ":" . $row["controller"]));
}
foreach ($this->UserData["acl"]["mvc"] as $modulename => $moduledata) {
foreach ($moduledata as $controllername => $controllerdata) {
$acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata));
}
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
$file = $this->paths["applct"] . "modules/" . $module . "/" . $filename . ".xml";
$this->UserSession->mvcMenuContainers[$module][$filename] = $container = new Zend_Navigation(new Zend_Config_Xml($file));
// Верхнее навигационное меню
$menu = $navigation->menu($container);
$menu = $menu->setMinDepth(null)->setMaxDepth(null);
$topmenu = Phorm_Filter_Utf2Win::filter($menu->render());
// Пользовательское меню
$current = $container->findBy("action", "users");
$menu = $navigation->menu($current);
$menu = $menu->setMinDepth(null)->setMaxDepth(null);
$usermenu = Phorm_Filter_Utf2Win::filter($menu->render());
// Подразделы (сестры или детки)
$current = $container->findBy("active", true);
$menu = $navigation->menu($current);
$menu = $menu->setMinDepth(0)->setMaxDepth(0);
$branchmenu = Phorm_Filter_Utf2Win::filter($menu->render());
if ($branchmenu == "" && method_exists($current, "getParent")) {
$menu = $navigation->menu($current->getParent());
$menu = $menu->setMinDepth(0)->setMaxDepth(0);
$branchmenu = Phorm_Filter_Utf2Win::filter($menu->render());
}
// Хлебные крошки
$menu = $navigation->breadcrumbs($container)->setSeparator(" / ");
$breadcrumbs = Phorm_Filter_Utf2Win::filter($menu->render());
return array("topmenu" => $topmenu, "branchmenu" => $branchmenu, "usermenu" => $usermenu, "breadcrumbs" => $breadcrumbs);
}
/**
* Predispatch
* Checks if the current user identified by roleName has rights to the requested url (module/controller/action)
* If not, it will call denyAccess to be redirected to errorPage
*
* @return void
**/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = strtolower($request->getControllerName());
if (in_array($controller, array("api", "auth", "locale"))) {
$this->setRoleName("G");
} elseif (!Zend_Auth::getInstance()->hasIdentity()) {
if ($controller !== 'login') {
if ($request->isXmlHttpRequest()) {
$url = 'http://' . $request->getHttpHost() . '/login';
$json = Zend_Json::encode(array('auth' => false, 'url' => $url));
// Prepare response
$this->getResponse()->setHttpResponseCode(401)->setBody($json)->sendResponse();
//redirectAndExit() cleans up, sends the headers and stops the script
Zend_Controller_Action_HelperBroker::getStaticHelper('redirector')->redirectAndExit();
} else {
$r = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$r->gotoSimpleAndExit('index', 'login', $request->getModuleName());
}
}
} else {
$userInfo = Zend_Auth::getInstance()->getStorage()->read();
$this->setRoleName($userInfo->type);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->_acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($this->_roleName);
$resourceName = '';
if ($request->getModuleName() != 'default') {
$resourceName .= strtolower($request->getModuleName()) . ':';
}
$resourceName .= $controller;
/** Check if the controller/action can be accessed by the current user */
if (!$this->getAcl()->has($resourceName) || !$this->getAcl()->isAllowed($this->_roleName, $resourceName, $request->getActionName())) {
/** Redirect to access denied page */
$this->denyAccess();
}
}
}
/**
* Initialisiert Zend_Acl für die Authorization in OPUS.
*
* TODO use Application_Security_AclProvider
*/
protected function _initAuthz()
{
$this->bootstrap('Logging', 'Navigation', 'view');
$config = $this->getResource('configuration');
if (isset($config->security) && $config->security == 1) {
Application_Security_AclProvider::init();
} else {
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl(null);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(null);
}
}
public function preDispatch()
{
$request = $this->getRequest();
if (Axis_Area::isFrontend()) {
if (!Axis::getCustomerId() && $this->getActionController() instanceof Axis_Account_Controller_Abstract) {
$request->setModuleName('Axis_Account')->setControllerName('auth')->setActionName('index')->setDispatched(false);
}
return;
}
if (!Axis_Area::isBackend()) {
return;
}
$auth = Zend_Auth::getInstance();
$auth->setStorage(new Zend_Auth_Storage_Session('admin'));
if (in_array($request->getControllerName(), array('auth', 'forgot')) && 'Axis_Admin' === $request->getModuleName()) {
return;
}
if (!$auth->hasIdentity()) {
if ($request->isXmlHttpRequest()) {
Axis::message()->addError(Axis::translate('admin')->__('Your session has been expired. Please relogin'));
$jsonHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('json');
$jsonHelper->sendFailure();
return;
}
$request->setModuleName('Axis_Admin')->setControllerName('auth')->setActionName('index')->setDispatched(false);
return;
}
$user = Axis::single('admin/user')->find($auth->getIdentity())->current();
if (!$user) {
$request->setModuleName('Axis_Admin')->setControllerName('auth')->setActionName('logout')->setDispatched(false);
return;
}
$acl = new Zend_Acl();
// add resources
$resources = Axis::model('admin/acl_resource')->toFlatTree();
foreach ($resources as $resource) {
$parent = $resource['parent'];
try {
$acl->addResource($resource['id'], $parent);
} catch (Zend_Acl_Exception $e) {
Axis::message()->addError($e->getMessage());
}
}
//add role(s)
$role = (string) $user->role_id;
$acl->addRole($role);
//add permission
$rowset = Axis::single('admin/acl_rule')->select('*')->where('role_id = ?', $role)->fetchRowset();
foreach ($rowset as $row) {
if (!$acl->has($row->resource_id)) {
// $row->delete(); // remove invalid rule
continue;
}
$action = 'deny';
if ('allow' === $row->permission) {
$action = 'allow';
}
try {
$acl->{$action}($row->role_id, $row->resource_id);
} catch (Zend_Acl_Exception $e) {
Axis::message()->addError($e->getMessage());
}
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
if (in_array($request->getControllerName(), array('error')) && 'Axis_Admin' === $request->getModuleName()) {
return;
}
//get current resource by request
$request = $this->getRequest();
$inflector = new Zend_Filter_Inflector();
$resource = $inflector->addRules(array(':module' => array('Word_CamelCaseToDash', new Zend_Filter_Word_UnderscoreToSeparator('/'), 'StringToLower'), ':controller' => array('Word_CamelCaseToDash', 'StringToLower', new Zend_Filter_PregReplace('/admin_/', '')), ':action' => array('Word_CamelCaseToDash', 'StringToLower')))->setTarget('admin/:module/:controller/:action')->filter($request->getParams());
if (!$acl->has($resource) || $acl->isAllowed($role, $resource)) {
return;
}
if ($request->isXmlHttpRequest()) {
Axis::message()->addError(Axis::translate('admin')->__('You have no permission for this operation'));
$jsonHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('json');
$jsonHelper->sendFailure();
return;
}
$request->setModuleName('Axis_Admin')->setControllerName('error')->setActionName('access-denied')->setDispatched(false);
}
<?php
require_once 'Acl_plugin.php';
$ccAcl = new Zend_Acl();
$ccAcl->addRole(new Zend_Acl_Role('G'))->addRole(new Zend_Acl_Role('H'), 'G')->addRole(new Zend_Acl_Role('P'), 'H')->addRole(new Zend_Acl_Role('A'), 'P');
$ccAcl->add(new Zend_Acl_Resource('library'))->add(new Zend_Acl_Resource('index'))->add(new Zend_Acl_Resource('user'))->add(new Zend_Acl_Resource('error'))->add(new Zend_Acl_Resource('login'))->add(new Zend_Acl_Resource('playlist'))->add(new Zend_Acl_Resource('plupload'))->add(new Zend_Acl_Resource('schedule'))->add(new Zend_Acl_Resource('api'))->add(new Zend_Acl_Resource('nowplaying'))->add(new Zend_Acl_Resource('search'))->add(new Zend_Acl_Resource('dashboard'))->add(new Zend_Acl_Resource('preference'))->add(new Zend_Acl_Resource('recorder'))->add(new Zend_Acl_Resource('statistics'));
/** Creating permissions */
$ccAcl->allow('G', 'index')->allow('G', 'login')->allow('G', 'error')->allow('G', 'nowplaying')->allow('G', 'api')->allow('G', 'recorder')->allow('G', 'schedule')->allow('G', 'dashboard')->allow('H', 'plupload')->allow('H', 'library')->allow('H', 'search')->allow('H', 'playlist')->allow('A', 'user')->allow('A', 'preference')->allow('A', 'statistics');
$aclPlugin = new Zend_Controller_Plugin_Acl($ccAcl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($ccAcl);
$front = Zend_Controller_Front::getInstance();
$front->registerPlugin($aclPlugin);
protected function _initAcl()
{
$acl = new Acl();
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(UserMap::getRole());
Zend_Registry::set('Zend_Acl', $acl);
return $acl;
}
protected function _initAlc()
{
$auth = Zend_Auth::getInstance();
// Определяем роль пользователя.
// Если не авторизирован - значит "гость"
$role = $auth->hasIdentity() && !empty($auth->getIdentity()->role) ? $auth->getIdentity()->role : 'guest';
// Создаём объект Zend_Acl
$acl = new Zend_Acl();
// указываем, что у нас есть ресурсы
$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('auth'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->addResource(new Zend_Acl_Resource('pages'));
$acl->addResource(new Zend_Acl_Resource('catalog'));
$acl->addResource(new Zend_Acl_Resource('categories'));
$acl->addResource(new Zend_Acl_Resource('products'));
$acl->addResource(new Zend_Acl_Resource('manufacture'));
$acl->addResource(new Zend_Acl_Resource('manufacture-categories'));
$acl->addResource(new Zend_Acl_Resource('pipeline'));
$acl->addResource(new Zend_Acl_Resource('pipeline-categories'));
$acl->addResource(new Zend_Acl_Resource('pipeline-property'));
$acl->addResource(new Zend_Acl_Resource('pipeline-property-value'));
$acl->addResource(new Zend_Acl_Resource('oil'));
$acl->addResource(new Zend_Acl_Resource('oil-categories'));
$acl->addResource(new Zend_Acl_Resource('forum'));
$acl->addResource(new Zend_Acl_Resource('media'));
$acl->addResource(new Zend_Acl_Resource('media-categories'));
$acl->addResource(new Zend_Acl_Resource('home'));
$acl->addResource(new Zend_Acl_Resource('about'));
$acl->addResource(new Zend_Acl_Resource('contacts'));
$acl->addResource(new Zend_Acl_Resource('search'));
$acl->addResource(new Zend_Acl_Resource('trash'));
$acl->addResource(new Zend_Acl_Resource('utils'));
$acl->addResource(new Zend_Acl_Resource('search-index'));
$acl->addResource(new Zend_Acl_Resource('cache-manager'));
$acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
$acl->addResource(new Zend_Acl_Resource('products-draft'));
$acl->addResource(new Zend_Acl_Resource('models-generator'));
$acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('api'));
$acl->addResource(new Zend_Acl_Resource('get'));
// далее переходим к созданию ролей, которых у нас 2:
// гость (неавторизированный пользователь)
$acl->addRole('guest');
// администратор, который наследует доступ от гостя
$acl->addRole('manager', 'guest');
// администратор, который наследует доступ от гостя
$acl->addRole('admin', 'guest');
$acl->deny();
$acl->allow('guest', array('auth', 'error'));
$acl->allow('manager', array('index', 'home', 'contacts', 'about', 'pages', 'categories', 'products', 'manufacture', 'manufacture-categories', 'pipeline', 'pipeline-categories', 'pipeline-property', 'oil', 'oil-categories', 'forum', 'media', 'media-categories', 'search'), array('index', 'list', 'edit', 'json', 'get', 'property', 'modifications', 'modification-edit', 'modification-property-edit', 'category', 'slugify', 'slugify-product-sku', 'property-edit', 'view', 'passport', 'reply', 'articles', 'categories'));
$acl->allow('admin');
// получаем экземпляр главного контроллера
$fc = Zend_Controller_Front::getInstance();
// регистрируем плагин с названием Acl, в который передаём
// на ACL и экземпляр Zend_Auth
$fc->registerPlugin(new Plugin_AclAdmin($acl, Zend_Auth::getInstance()));
// Цепляем ACL к Zend_Navigation
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
}
/**
* Run plugin on preDispatch
* @param Zend_Controller_Request_Abstract $Request
* @see Zend/Controller/Plugin/Zend_Controller_Plugin_Abstract::preDispatch()
*/
public function preDispatch(Zend_Controller_Request_Abstract $Request)
{
$sController = $Request->getControllerName();
$sModule = $Request->getModuleName();
$sResource = $sModule . $this->getDefaultSeparator() . $sController;
// Set current resource
$this->setCurrentResource($sResource);
if ($this->getAutoWhitelistErrorResource() && $sResource == $this->getErrorResource()) {
return;
// Error Resource whitelisted
}
if (!$this->getSecurityManager()->isAuthorized($sResource, $this->getDefaultPrivilege())) {
$this->_handleError($Request, self::STR_ACCESSDENIED, $sResource);
} else {
if ($this->getSecurityManager()->isSessionExpired()) {
$this->_handleError($Request, self::STR_SESSIONEXPIRED, $sResource);
}
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->getSecurityManager()->getAcl());
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($this->getSecurityManager()->getActiveUser());
}
public function testSetDefaultRoleThrowsExceptionWhenGivenAnArbitraryObject()
{
try {
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(new stdClass());
$this->fail('An invalid argument was given, but a ' . 'Zend_View_Exception was not thrown');
} catch (Zend_View_Exception $e) {
$this->assertContains('$role must be', $e->getMessage());
}
}