Example #1
0
 public function init()
 {
     $acl = new Zend_Acl();
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_USER, OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, OpenSKOS_Db_Table_Users::USER_ROLE_USER);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR);
     $acl->addResource('website');
     $acl->addResource('editor');
     $acl->addResource('editor.concepts', 'editor');
     $acl->addResource('editor.concept-schemes', 'editor');
     $acl->addResource('editor.institution', 'editor');
     $acl->addResource('editor.collections', 'editor');
     $acl->addResource('editor.delete-all-concepts-in-collection', 'editor');
     $acl->addResource('editor.users', 'editor');
     $acl->addResource('editor.jobs', 'editor');
     $acl->addResource('editor.manage-search-profiles', 'editor');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST, 'website', 'view');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor', 'view');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor.concepts', 'view');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, 'editor.concepts', array('propose'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concepts', array('full-create', 'edit', 'delete', 'bulk-status-edit'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concept-schemes', array('index', 'create', 'edit', 'delete', 'manage-icons'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.institution', null);
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.collections', array('index', 'manage'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.users', array('index', 'manage'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.jobs', array('index', 'manage'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.manage-search-profiles', null);
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, 'editor.delete-all-concepts-in-collection', null);
     Zend_Registry::set(self::REGISTRY_KEY, $acl);
     //store the ACL for the view:
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
 }
Example #2
0
 public function init()
 {
     //set timeout
     $this->_sessionAdmin = new Zend_Session_Namespace(Zend_Auth_Storage_Session::NAMESPACE_DEFAULT);
     $this->_sessionAdmin->setExpirationSeconds(30 * 60);
     //load acl
     $aclLoader = HCMS_Acl_Loader::getInstance();
     $aclLoader->load();
     if (!Zend_Auth::getInstance()->hasIdentity()) {
         $this->_admin = null;
     } else {
         $this->_admin = Zend_Auth::getInstance()->getIdentity();
         $aclLoader->setCurrentRoleCode($aclLoader->getRoleCode($this->_admin->get_role_id()));
     }
     $this->view->admin = $this->_admin;
     if ($this->_checkAuth) {
         $this->_checkAuthorization();
     }
     $this->_redirect_to_ssl();
     $this->_checkIP();
     //set ACL object for Zend_Navigation
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($aclLoader->getAcl());
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($aclLoader->getCurrentRoleCode());
     $this->_initVersionInfo();
     $this->_module = new Application_Model_Module();
     if (Application_Model_ModuleMapper::getInstance()->findByCode($this->getRequest()->getModuleName(), $this->_module)) {
         $this->view->moduleSettings = $this->_module->get_settings();
     }
     parent::init();
 }
Example #3
0
    /**
     * Prepares the environment before running a test
     *
     */
    protected function setUp()
    {
        $cwd = __DIR__;

        // read navigation config
        $this->_files = $cwd . '/_files';
        $config = new \Zend\Config\Xml($this->_files . '/navigation.xml');

        // setup containers from config
        $this->_nav1 = new Navigation\Navigation($config->get('nav_test1'));
        $this->_nav2 = new Navigation\Navigation($config->get('nav_test2'));

        // setup view
        $view = new \Zend\View\PhpRenderer();
        $view->resolver()->addPath($cwd . '/_files/mvc/views');

        // setup front
        $front = Controller\Front::getInstance();
        $this->_oldControllerDir = $front->getControllerDirectory('test');
        $front->setControllerDirectory($cwd . '/_files/mvc/controllers');

        // create helper
        $this->_helper = new $this->_helperName;
        $this->_helper->setView($view);

        // set nav1 in helper as default
        $this->_helper->setContainer($this->_nav1);
    }
Example #4
0
 public function routeShutdown(Zend_Controller_Request_Abstract $request)
 {
     $navContainer = null;
     $viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer');
     $viewRenderer->initView();
     $view = $viewRenderer->view;
     $module = $request->getModuleName();
     if ($module == "admin") {
         $navContainerConfig = new Zend_Config_Xml(APPLICATION_PATH . '/modules/admin/navigation.xml', 'nav');
         $navContainer = new Zend_Navigation($navContainerConfig);
         // Load the xml navigation menu
         // check if the database configuration has been set
         if (Shineisp_Main::isReady()) {
             // Adding the configuration menu items
             $configuration = SettingsGroups::getlist();
             $submenu = $navContainer->findOneByLabel('Configuration');
             foreach ($configuration as $id => $item) {
                 $pages[] = array('label' => $item, 'uri' => '/admin/settings/index/groupid/' . $id, 'resource' => 'admin:settings');
             }
             $submenu->addPages($pages);
         }
         // Attach the Zend ACL to the Navigation menu
         $auth = Zend_Auth::getInstance();
         if ($auth) {
             $acl = $auth->getStorage()->read();
             if (is_object($acl)) {
                 Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
                 Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole("administrator");
             }
         }
     } elseif ($module == "default") {
         $navContainerConfig = new Zend_Config_Xml(APPLICATION_PATH . '/modules/default/navigation.xml', 'nav');
         $navContainer = new Zend_Navigation($navContainerConfig);
         // Load the xml navigation menu
         // Attach the Zend ACL to the Navigation menu
         $auth = Zend_Auth::getInstance();
         if ($auth) {
             $acl = $auth->getStorage()->read();
             if (is_object($acl)) {
                 Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
                 Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole("guest");
             }
         }
     }
     if ($navContainer) {
         foreach ($navContainer->getPages() as $page) {
             foreach ($page->getPages() as $subpage) {
                 foreach ($subpage->getPages() as $subsubpage) {
                     $uri = $subsubpage->getHref();
                     if ($uri === $request->getRequestUri()) {
                         $subsubpage->setActive(true);
                     }
                 }
             }
         }
         $view->navigation($navContainer);
     }
 }
Example #5
0
 public static function init()
 {
     $aclProvider = new Application_Security_AclProvider();
     $acl = $aclProvider->getAcls();
     $aclProvider->getLogger()->debug('ACL: bootrapping');
     Zend_Registry::set('Opus_Acl', $acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(Application_Security_AclProvider::ACTIVE_ROLE);
 }
Example #6
0
 /**
  * used for handling top-level navigation
  * @return Zend_Navigation
  */
 protected function _initNavigation()
 {
     $this->bootstrap('layout');
     $layout = $this->getResource('layout');
     $view = $layout->getView();
     $config = new Zend_Config_Xml(APPLICATION_PATH . '/configs/navigation.xml', 'nav');
     $container = new Zend_Navigation($config);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl(new My_Acl());
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(My_Acl_Roles::GUEST);
     $view->navigation($container);
 }
Example #7
0
 /**
  * 在路由结束之后,载入权限分配表。
  * 
  * @see Zend_Controller_Request_Abstract::routeShutdown()
  * @param Zend_Controller_Plugin_Abstract $request
  * @return void
  */
 public function routeShutdown(Zend_Controller_Request_Abstract $request)
 {
     $user = Zend_Registry::get('user');
     $role = ZtChart_Model_Acl_Loader::hash($user->getRoleId());
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
     ZtChart_Model_Acl_Loader::getInstance()->load($this->_acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->_acl);
     // 如果拥有全部游戏,则设置为NULL。
     if (($gameTypes = $user->getRole()->getGameTypes(true)) == array_keys(ZtChart_Model_GameType::getGames())) {
         $gameTypes = null;
     }
     ZtChart_Model_Assemble_Backend_Abstract::setAllowedGameTypes($gameTypes);
 }
Example #8
0
 protected function _initAcl()
 {
     $options = $this->getOptions();
     $config = $options['acl']['roles'];
     if (isset($config)) {
         $auth = Zend_Auth::getInstance();
         $role = $auth->hasIdentity() && !empty($auth->getIdentity()->role) ? $auth->getIdentity()->role : 'guest';
         $acl = new ZFExt_Acl();
         $acl->_configureNavigationAccess();
         // привязываем Acl к Navigation
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
     }
     return $acl;
 }
Example #9
0
 /**
  * Инициализация базовых настроек
  * @return void
  */
 public function init()
 {
     parent::init();
     $this->_baseUrl = $this->getFrontController()->getBaseUrl();
     $auth = Auth::getInstance();
     $acl = new Acl();
     $auth->setAcl($acl);
     $this->view->doctype('XHTML1_TRANSITIONAL');
     $this->view->headTitle()->setSeparator(' :: ');
     $this->view->headTitle('HR');
     $this->view->addHelperPath('Zend/Dojo/View/Helper/', 'Zend_Dojo_View_Helper');
     //        $this->view->addHelperPath('../application/views/helpers/', 'Helper');
     $this->view->addHelperPath(APPLICATION_PATH . '/views/helpers/', 'Helper');
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole('guest');
     $this->_setNavigation();
 }
Example #10
0
 /**
  * Инициализация пользовательской сессии
  *
  * @return array
  */
 public function init()
 {
     $this->_bootstrap->bootstrap('Usersession');
     $this->_bootstrap->bootstrap('View');
     $acl = new Zend_Acl();
     $role = $this->_bootstrap->Usersession->UserData['roleid'];
     $acl->addRole(new Zend_Acl_Role($role));
     $db = $this->_bootstrap->Db;
     $select = $db->select()->from('pw_mvc_resources', new Zend_Db_Expr('DISTINCT module,controller'));
     foreach ($db->fetchAll($select) as $row) {
         $acl->add(new Zend_Acl_Resource(join(':', $row)));
     }
     foreach ($this->_bootstrap->Usersession->UserData['acl']['mvc'] as $modulename => $moduledata) {
         foreach ($moduledata as $controllername => $controllerdata) {
             $acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata));
         }
     }
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
     $navigation = $this->_bootstrap->View->navigation();
     $dir = APPLICATION_PATH . '/configs/navigation/';
     if (is_dir($dir)) {
         $handle = opendir($dir);
         while ($module = readdir($handle)) {
             if (is_dir($dir . $module) && !in_array($module, array('.', '..'))) {
                 $files = opendir($dir . $module);
                 while ($file = readdir($files)) {
                     if (preg_match('#^([^\\.]+)\\.xml$#iu', $file, $fileinfo)) {
                         $container = new Zend_Navigation(new Zend_Config_Xml($dir . $module . '/' . $file));
                         $this->_containers[$module][$fileinfo[1]] = array('menu' => $navigation->menu($container)->render(), 'breadcrumbs' => $navigation->breadcrumbs($container)->render());
                     }
                 }
                 closedir($files);
             }
         }
         closedir($handle);
     }
     $this->_bootstrap->View->assign('Navigation', $this->_containers);
     return $this->_containers;
 }
Example #11
0
 /**
  * Prepares the environment before running a test
  *
  */
 protected function setUp()
 {
     $cwd = dirname(__FILE__);
     // read navigation config
     $this->_files = $cwd . '/_files';
     $config = new Zend_Config_Xml($this->_files . '/navigation.xml');
     // setup containers from config
     $this->_nav1 = new Zend_Navigation($config->get('nav_test1'));
     $this->_nav2 = new Zend_Navigation($config->get('nav_test2'));
     // setup view
     $view = new Zend_View();
     $view->setScriptPath($cwd . '/_files/mvc/views');
     // setup front
     $front = Zend_Controller_Front::getInstance();
     $this->_oldControllerDir = $front->getControllerDirectory('test');
     $front->setControllerDirectory($cwd . '/_files/mvc/controllers');
     // create helper
     $this->_helper = new $this->_helperName();
     $this->_helper->setView($view);
     // set nav1 in helper as default
     $this->_helper->setContainer($this->_nav1);
 }
Example #12
0
 /**
  * Inicializacja navigation
  * Dlatego jest to na configu że standardowy resource nie obsluguje menu
  * w osobnym pliku.
  */
 protected function navigation()
 {
     $section = 'navigation';
     //        if(Zend_Auth::getInstance()->getIdentity()->jednostka['type'] == 5) {
     //            $section = 'administration';
     //        }
     $navigationConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/navigation.ini', $section);
     $navigation = new Zend_Navigation($navigationConfig);
     $this->getResource('view')->navigation($navigation);
     Zend_Registry::set(Zend_Application_Resource_Navigation::DEFAULT_REGISTRY_KEY, $navigation);
     $acl = $this->getResource('acl');
     $authNamespace = new Zend_Session_Namespace('Zend_Auth');
     //sprawdzanie czy użytkownik ma ustawionego ws klienta
     if ($authNamespace->storage->ws_client_id == null && $authNamespace->storage->profile_id != null) {
         //pobieranie stron na których jest wymagany klient
         $pages = $navigation->findBy('clientrequired', true, true);
         foreach ($pages as $page) {
             //blokowanie wyświetlenia menu dla stron do których nie ma dostępu
             $acl = $acl->deny('profile_' . $authNamespace->storage->profile_id, $page->getResource(), null);
         }
     }
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole('profile_' . Zend_Auth::getInstance()->getIdentity()->profile_id);
 }
 /**
  * Sets default ACL role(s) to use when iterating pages if not explicitly
  * set later with {@link setRole()}
  *
  * @param  midex $role               [optional] role to set. Expects null,
  *                                   string, or an instance of
  *                                   {@link Zend_Acl_Role_Interface}.
  *                                   Default is null, which sets no default
  *                                   role.
  * @throws Zend_View_Exception       if role is invalid
  * @return void
  */
 public static function setDefaultRole($role = null)
 {
     if (null === $role || is_string($role) || $role instanceof Zend_Acl_Role_Interface) {
         self::$_defaultRole = $role;
     } else {
         #require_once 'Zend/View/Exception.php';
         throw new Zend_View_Exception('$role must be null|string|Zend_Acl_Role_Interface');
     }
 }
Example #14
0
 /**
  * Magic overload: Proxy to other navigation helpers or the container
  *
  * Examples of usage from a view script or layout:
  * <code>
  * // proxy to Menu helper and render container:
  * echo $this->navigation()->menu();
  *
  * // proxy to Breadcrumbs helper and set indentation:
  * $this->navigation()->breadcrumbs()->setIndent(8);
  *
  * // proxy to container and find all pages with 'blog' route:
  * $blogPages = $this->navigation()->findAllByRoute('blog');
  * </code>
  *
  * @param  string $method             helper name or method name in
  *                                    container
  * @param  array  $arguments          [optional] arguments to pass
  * @return mixed                      returns what the proxied call returns
  * @throws Zend_View_Exception        if proxying to a helper, and the
  *                                    helper is not an instance of the
  *                                    interface specified in
  *                                    {@link findHelper()}
  * @throws Zend_Navigation_Exception  if method does not exist in container
  */
 public function __call($method, array $arguments = array())
 {
     // check if call should proxy to another helper
     if ($helper = $this->findHelper($method, false)) {
         return call_user_func_array(array($helper, $method), $arguments);
     }
     // default behaviour: proxy call to container
     return parent::__call($method, $arguments);
 }
Example #15
0
    /**
     * Magic overload: Proxy calls to {@link findRelation()} or container
     *
     * Examples of finder calls:
     * <code>
     * // METHOD                  // SAME AS
     * $h->findRelNext($page);    // $h->findRelation($page, 'rel', 'next')
     * $h->findRevSection($page); // $h->findRelation($page, 'rev', 'section');
     * $h->findRelFoo($page);     // $h->findRelation($page, 'rel', 'foo');
     * </code>
     *
     * @param  string $method             method name
     * @param  array  $arguments          method arguments
     * @throws Zend_Navigation_Exception  if method does not exist in container
     */
    public function __call($method, array $arguments = array())
    {
        if (@preg_match('/find(Rel|Rev)(.+)/', $method, $match)) {
            return $this->findRelation($arguments[0],
                                       strtolower($match[1]),
                                       strtolower($match[2]));
        }

        return parent::__call($method, $arguments);
    }
Example #16
0
 public function processAcl(Zend_Controller_Request_Abstract $Request)
 {
     // Request Info
     $sModule = $Request->getModuleName();
     $sController = $Request->getControllerName();
     $role = $this->getIdentityRole();
     // Resource
     $resource = $sModule . ':' . $sController;
     if (!$this->checkAuth($role, $resource)) {
         $this->addError('noAccess');
         return $this->_redirectToLogin($Request);
     }
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->getAcl());
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
 }
Example #17
0
 /**
  * Строит MVC-менюшки
  * 
  * @param object $navigation - Zend_View_Helper_Navigation
  * @param string $module - Название модуля
  * @param string $filename - Имя xml-файла с деревом разделов
  *  
  * @return array
  */
 function getMvcMenus($navigation, $module = "default", $filename = "menu")
 {
     if (!file_exists($this->paths["applct"] . "/modules/" . $module . "/" . $filename . ".xml")) {
         return false;
     }
     $roles = array_values($this->UserData["roles"]);
     $role = $roles[0];
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role($role));
     $sql = "SELECT DISTINCT module,controller FROM pw_mvc_resources";
     foreach ($this->db->fetchAll($sql) as $row) {
         $acl->add(new Zend_Acl_Resource($row["module"] . ":" . $row["controller"]));
     }
     foreach ($this->UserData["acl"]["mvc"] as $modulename => $moduledata) {
         foreach ($moduledata as $controllername => $controllerdata) {
             $acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata));
         }
     }
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
     $file = $this->paths["applct"] . "modules/" . $module . "/" . $filename . ".xml";
     $this->UserSession->mvcMenuContainers[$module][$filename] = $container = new Zend_Navigation(new Zend_Config_Xml($file));
     // Верхнее навигационное меню
     $menu = $navigation->menu($container);
     $menu = $menu->setMinDepth(null)->setMaxDepth(null);
     $topmenu = Phorm_Filter_Utf2Win::filter($menu->render());
     // Пользовательское меню
     $current = $container->findBy("action", "users");
     $menu = $navigation->menu($current);
     $menu = $menu->setMinDepth(null)->setMaxDepth(null);
     $usermenu = Phorm_Filter_Utf2Win::filter($menu->render());
     // Подразделы (сестры или детки)
     $current = $container->findBy("active", true);
     $menu = $navigation->menu($current);
     $menu = $menu->setMinDepth(0)->setMaxDepth(0);
     $branchmenu = Phorm_Filter_Utf2Win::filter($menu->render());
     if ($branchmenu == "" && method_exists($current, "getParent")) {
         $menu = $navigation->menu($current->getParent());
         $menu = $menu->setMinDepth(0)->setMaxDepth(0);
         $branchmenu = Phorm_Filter_Utf2Win::filter($menu->render());
     }
     // Хлебные крошки
     $menu = $navigation->breadcrumbs($container)->setSeparator(" / ");
     $breadcrumbs = Phorm_Filter_Utf2Win::filter($menu->render());
     return array("topmenu" => $topmenu, "branchmenu" => $branchmenu, "usermenu" => $usermenu, "breadcrumbs" => $breadcrumbs);
 }
Example #18
0
 /**
  * Predispatch
  * Checks if the current user identified by roleName has rights to the requested url (module/controller/action)
  * If not, it will call denyAccess to be redirected to errorPage
  *
  * @return void
  **/
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $controller = strtolower($request->getControllerName());
     if (in_array($controller, array("api", "auth", "locale"))) {
         $this->setRoleName("G");
     } elseif (!Zend_Auth::getInstance()->hasIdentity()) {
         if ($controller !== 'login') {
             if ($request->isXmlHttpRequest()) {
                 $url = 'http://' . $request->getHttpHost() . '/login';
                 $json = Zend_Json::encode(array('auth' => false, 'url' => $url));
                 // Prepare response
                 $this->getResponse()->setHttpResponseCode(401)->setBody($json)->sendResponse();
                 //redirectAndExit() cleans up, sends the headers and stops the script
                 Zend_Controller_Action_HelperBroker::getStaticHelper('redirector')->redirectAndExit();
             } else {
                 $r = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
                 $r->gotoSimpleAndExit('index', 'login', $request->getModuleName());
             }
         }
     } else {
         $userInfo = Zend_Auth::getInstance()->getStorage()->read();
         $this->setRoleName($userInfo->type);
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->_acl);
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($this->_roleName);
         $resourceName = '';
         if ($request->getModuleName() != 'default') {
             $resourceName .= strtolower($request->getModuleName()) . ':';
         }
         $resourceName .= $controller;
         /** Check if the controller/action can be accessed by the current user */
         if (!$this->getAcl()->has($resourceName) || !$this->getAcl()->isAllowed($this->_roleName, $resourceName, $request->getActionName())) {
             /** Redirect to access denied page */
             $this->denyAccess();
         }
     }
 }
Example #19
0
 /**
  * Initialisiert Zend_Acl für die Authorization in OPUS.
  *
  * TODO use Application_Security_AclProvider
  */
 protected function _initAuthz()
 {
     $this->bootstrap('Logging', 'Navigation', 'view');
     $config = $this->getResource('configuration');
     if (isset($config->security) && $config->security == 1) {
         Application_Security_AclProvider::init();
     } else {
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl(null);
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(null);
     }
 }
Example #20
0
 public function preDispatch()
 {
     $request = $this->getRequest();
     if (Axis_Area::isFrontend()) {
         if (!Axis::getCustomerId() && $this->getActionController() instanceof Axis_Account_Controller_Abstract) {
             $request->setModuleName('Axis_Account')->setControllerName('auth')->setActionName('index')->setDispatched(false);
         }
         return;
     }
     if (!Axis_Area::isBackend()) {
         return;
     }
     $auth = Zend_Auth::getInstance();
     $auth->setStorage(new Zend_Auth_Storage_Session('admin'));
     if (in_array($request->getControllerName(), array('auth', 'forgot')) && 'Axis_Admin' === $request->getModuleName()) {
         return;
     }
     if (!$auth->hasIdentity()) {
         if ($request->isXmlHttpRequest()) {
             Axis::message()->addError(Axis::translate('admin')->__('Your session has been expired. Please relogin'));
             $jsonHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('json');
             $jsonHelper->sendFailure();
             return;
         }
         $request->setModuleName('Axis_Admin')->setControllerName('auth')->setActionName('index')->setDispatched(false);
         return;
     }
     $user = Axis::single('admin/user')->find($auth->getIdentity())->current();
     if (!$user) {
         $request->setModuleName('Axis_Admin')->setControllerName('auth')->setActionName('logout')->setDispatched(false);
         return;
     }
     $acl = new Zend_Acl();
     // add resources
     $resources = Axis::model('admin/acl_resource')->toFlatTree();
     foreach ($resources as $resource) {
         $parent = $resource['parent'];
         try {
             $acl->addResource($resource['id'], $parent);
         } catch (Zend_Acl_Exception $e) {
             Axis::message()->addError($e->getMessage());
         }
     }
     //add role(s)
     $role = (string) $user->role_id;
     $acl->addRole($role);
     //add permission
     $rowset = Axis::single('admin/acl_rule')->select('*')->where('role_id = ?', $role)->fetchRowset();
     foreach ($rowset as $row) {
         if (!$acl->has($row->resource_id)) {
             // $row->delete(); // remove invalid rule
             continue;
         }
         $action = 'deny';
         if ('allow' === $row->permission) {
             $action = 'allow';
         }
         try {
             $acl->{$action}($row->role_id, $row->resource_id);
         } catch (Zend_Acl_Exception $e) {
             Axis::message()->addError($e->getMessage());
         }
     }
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
     if (in_array($request->getControllerName(), array('error')) && 'Axis_Admin' === $request->getModuleName()) {
         return;
     }
     //get current resource by request
     $request = $this->getRequest();
     $inflector = new Zend_Filter_Inflector();
     $resource = $inflector->addRules(array(':module' => array('Word_CamelCaseToDash', new Zend_Filter_Word_UnderscoreToSeparator('/'), 'StringToLower'), ':controller' => array('Word_CamelCaseToDash', 'StringToLower', new Zend_Filter_PregReplace('/admin_/', '')), ':action' => array('Word_CamelCaseToDash', 'StringToLower')))->setTarget('admin/:module/:controller/:action')->filter($request->getParams());
     if (!$acl->has($resource) || $acl->isAllowed($role, $resource)) {
         return;
     }
     if ($request->isXmlHttpRequest()) {
         Axis::message()->addError(Axis::translate('admin')->__('You have no permission for this operation'));
         $jsonHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('json');
         $jsonHelper->sendFailure();
         return;
     }
     $request->setModuleName('Axis_Admin')->setControllerName('error')->setActionName('access-denied')->setDispatched(false);
 }
Example #21
0
<?php

require_once 'Acl_plugin.php';
$ccAcl = new Zend_Acl();
$ccAcl->addRole(new Zend_Acl_Role('G'))->addRole(new Zend_Acl_Role('H'), 'G')->addRole(new Zend_Acl_Role('P'), 'H')->addRole(new Zend_Acl_Role('A'), 'P');
$ccAcl->add(new Zend_Acl_Resource('library'))->add(new Zend_Acl_Resource('index'))->add(new Zend_Acl_Resource('user'))->add(new Zend_Acl_Resource('error'))->add(new Zend_Acl_Resource('login'))->add(new Zend_Acl_Resource('playlist'))->add(new Zend_Acl_Resource('plupload'))->add(new Zend_Acl_Resource('schedule'))->add(new Zend_Acl_Resource('api'))->add(new Zend_Acl_Resource('nowplaying'))->add(new Zend_Acl_Resource('search'))->add(new Zend_Acl_Resource('dashboard'))->add(new Zend_Acl_Resource('preference'))->add(new Zend_Acl_Resource('recorder'))->add(new Zend_Acl_Resource('statistics'));
/** Creating permissions */
$ccAcl->allow('G', 'index')->allow('G', 'login')->allow('G', 'error')->allow('G', 'nowplaying')->allow('G', 'api')->allow('G', 'recorder')->allow('G', 'schedule')->allow('G', 'dashboard')->allow('H', 'plupload')->allow('H', 'library')->allow('H', 'search')->allow('H', 'playlist')->allow('A', 'user')->allow('A', 'preference')->allow('A', 'statistics');
$aclPlugin = new Zend_Controller_Plugin_Acl($ccAcl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($ccAcl);
$front = Zend_Controller_Front::getInstance();
$front->registerPlugin($aclPlugin);
Example #22
0
 protected function _initAcl()
 {
     $acl = new Acl();
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(UserMap::getRole());
     Zend_Registry::set('Zend_Acl', $acl);
     return $acl;
 }
 protected function _initAlc()
 {
     $auth = Zend_Auth::getInstance();
     // Определяем роль пользователя.
     // Если не авторизирован - значит "гость"
     $role = $auth->hasIdentity() && !empty($auth->getIdentity()->role) ? $auth->getIdentity()->role : 'guest';
     // Создаём объект Zend_Acl
     $acl = new Zend_Acl();
     // указываем, что у нас есть ресурсы
     $acl->addResource(new Zend_Acl_Resource('error'));
     $acl->addResource(new Zend_Acl_Resource('auth'));
     $acl->addResource(new Zend_Acl_Resource('index'));
     $acl->addResource(new Zend_Acl_Resource('pages'));
     $acl->addResource(new Zend_Acl_Resource('catalog'));
     $acl->addResource(new Zend_Acl_Resource('categories'));
     $acl->addResource(new Zend_Acl_Resource('products'));
     $acl->addResource(new Zend_Acl_Resource('manufacture'));
     $acl->addResource(new Zend_Acl_Resource('manufacture-categories'));
     $acl->addResource(new Zend_Acl_Resource('pipeline'));
     $acl->addResource(new Zend_Acl_Resource('pipeline-categories'));
     $acl->addResource(new Zend_Acl_Resource('pipeline-property'));
     $acl->addResource(new Zend_Acl_Resource('pipeline-property-value'));
     $acl->addResource(new Zend_Acl_Resource('oil'));
     $acl->addResource(new Zend_Acl_Resource('oil-categories'));
     $acl->addResource(new Zend_Acl_Resource('forum'));
     $acl->addResource(new Zend_Acl_Resource('media'));
     $acl->addResource(new Zend_Acl_Resource('media-categories'));
     $acl->addResource(new Zend_Acl_Resource('home'));
     $acl->addResource(new Zend_Acl_Resource('about'));
     $acl->addResource(new Zend_Acl_Resource('contacts'));
     $acl->addResource(new Zend_Acl_Resource('search'));
     $acl->addResource(new Zend_Acl_Resource('trash'));
     $acl->addResource(new Zend_Acl_Resource('utils'));
     $acl->addResource(new Zend_Acl_Resource('search-index'));
     $acl->addResource(new Zend_Acl_Resource('cache-manager'));
     $acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
     $acl->addResource(new Zend_Acl_Resource('products-draft'));
     $acl->addResource(new Zend_Acl_Resource('models-generator'));
     $acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
     $acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
     $acl->addResource(new Zend_Acl_Resource('api'));
     $acl->addResource(new Zend_Acl_Resource('get'));
     // далее переходим к созданию ролей, которых у нас 2:
     // гость (неавторизированный пользователь)
     $acl->addRole('guest');
     // администратор, который наследует доступ от гостя
     $acl->addRole('manager', 'guest');
     // администратор, который наследует доступ от гостя
     $acl->addRole('admin', 'guest');
     $acl->deny();
     $acl->allow('guest', array('auth', 'error'));
     $acl->allow('manager', array('index', 'home', 'contacts', 'about', 'pages', 'categories', 'products', 'manufacture', 'manufacture-categories', 'pipeline', 'pipeline-categories', 'pipeline-property', 'oil', 'oil-categories', 'forum', 'media', 'media-categories', 'search'), array('index', 'list', 'edit', 'json', 'get', 'property', 'modifications', 'modification-edit', 'modification-property-edit', 'category', 'slugify', 'slugify-product-sku', 'property-edit', 'view', 'passport', 'reply', 'articles', 'categories'));
     $acl->allow('admin');
     // получаем экземпляр главного контроллера
     $fc = Zend_Controller_Front::getInstance();
     // регистрируем плагин с названием Acl, в который передаём
     // на ACL и экземпляр Zend_Auth
     $fc->registerPlugin(new Plugin_AclAdmin($acl, Zend_Auth::getInstance()));
     // Цепляем ACL к Zend_Navigation
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
 }
Example #24
0
 /**
  * Run plugin on preDispatch
  * @param Zend_Controller_Request_Abstract $Request
  * @see Zend/Controller/Plugin/Zend_Controller_Plugin_Abstract::preDispatch()
  */
 public function preDispatch(Zend_Controller_Request_Abstract $Request)
 {
     $sController = $Request->getControllerName();
     $sModule = $Request->getModuleName();
     $sResource = $sModule . $this->getDefaultSeparator() . $sController;
     // Set current resource
     $this->setCurrentResource($sResource);
     if ($this->getAutoWhitelistErrorResource() && $sResource == $this->getErrorResource()) {
         return;
         // Error Resource whitelisted
     }
     if (!$this->getSecurityManager()->isAuthorized($sResource, $this->getDefaultPrivilege())) {
         $this->_handleError($Request, self::STR_ACCESSDENIED, $sResource);
     } else {
         if ($this->getSecurityManager()->isSessionExpired()) {
             $this->_handleError($Request, self::STR_SESSIONEXPIRED, $sResource);
         }
     }
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->getSecurityManager()->getAcl());
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($this->getSecurityManager()->getActiveUser());
 }
Example #25
0
 public function testSetDefaultRoleThrowsExceptionWhenGivenAnArbitraryObject()
 {
     try {
         Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(new stdClass());
         $this->fail('An invalid argument was given, but a ' . 'Zend_View_Exception was not thrown');
     } catch (Zend_View_Exception $e) {
         $this->assertContains('$role must be', $e->getMessage());
     }
 }