private function buildAclList()
{
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
/*========== Add roles to ACL ==========*/
$roles = [self::GUEST, self::USER, self::ADMIN];
foreach ($roles as $role) {
$acl->addRole($role);
}
/*========== Add resources to ACL ==========*/
$resources = [self::GUEST => ['index' => ['*'], 'signup' => ['*'], 'signin' => ['*'], 'error' => ['*'], 'profile' => ['newPassword'], 'language' => ['*']], self::USER => ['profile' => ['*'], 'logout' => ['*']], self::ADMIN => ['usermanagement' => ['*']]];
foreach ($resources as $area) {
foreach ($area as $controller => $action) {
$acl->addResource($controller, $action);
}
}
/*========== Add appropriate permissions ==========*/
foreach ($roles as $role) {
foreach ($resources[self::GUEST] as $controller => $action) {
$acl->allow($role, $controller, $action);
}
}
foreach ($resources[self::USER] as $controller => $action) {
$acl->allow(self::USER, $controller, $action);
$acl->allow(self::ADMIN, $controller, $action);
}
foreach ($resources[self::ADMIN] as $controller => $action) {
$acl->allow(self::ADMIN, $controller, $action);
}
return $acl;
}
public function aclAction()
{
echo 'this is acl test!<br>';
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// 创建角色
// The first parameter is the name, the second parameter is an optional description.
$roleAdmins = new Role("Administrators");
$roleEditors = new Role("Editors");
// 添加 "Guests" 角色到ACL
$acl->addRole($roleAdmins);
$acl->addRole($roleEditors);
// 添加"Designers"到ACL, 仅使用此字符串。
//$acl->addRole("Designers");
// 定义 "Customers" 资源
$customersResource = new Resource("Customers");
$acl->addResource($customersResource, "search");
$acl->addResource($customersResource, array("create", "update"));
// 设置角色对资源的访问级别
$acl->allow("Administrators", "Customers", "search");
$acl->allow("Administrators", "Customers", "create");
$acl->deny("Editors", "Customers", "update");
var_dump($acl);
exit;
// 查询角色是否有访问权限
var_dump($acl->isAllowed("Administrators", "Customers", "search"));
exit;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::ALLOW);
//Register roles
// $roles = array(
// 'users' => new Role('Users'),
// 'guests' => new Role('Guests')
// );
// foreach ($roles as $role) {
// $acl->addRole($role);
// }
//
// //Private area resources
// $privateResources = array(
// 'companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'),
// 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'),
// 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'),
// 'invoices' => array('index', 'profile')
// );
// foreach ($privateResources as $resource => $actions) {
// $acl->addResource(new Resource($resource), $actions);
// }
//
// //Public area resources
// $publicResources = array(
// 'index' => array('index'),
// 'about' => array('index'),
// 'register' => array('index'),
// 'errors' => array('show401', 'show404', 'show500'),
// 'session' => array('index', 'register', 'start', 'end'),
// 'contact' => array('index', 'send')
// );
// foreach ($publicResources as $resource => $actions) {
// $acl->addResource(new Resource($resource), $actions);
// }
//
// //Grant access to public areas to both users and guests
// foreach ($roles as $role) {
// foreach ($publicResources as $resource => $actions) {
// foreach ($actions as $action){
// $acl->allow($role->getName(), $resource, $action);
// }
// }
// }
//
// //Grant access to private area to role Users
// foreach ($privateResources as $resource => $actions) {
// foreach ($actions as $action){
// $acl->allow('Users', $resource, $action);
// }
// }
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function register()
{
$acl = new PhalconMemoryAdapter();
$acl->setDefaultAction(PhalconACL::DENY);
foreach (config()->acl->roles as $role) {
$acl->addRole(new PhalconRole($role));
}
return $acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
try {
$acl = new Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$acl->addRole('guest');
//add guests role
$acl->addRole('user', 'guest');
//all users and companies get guest permissions
$acl->addRole('admin', 'user');
$resources = (require APPLICATION_PATH . '/config/acl/resources.php');
foreach ($resources as $controller => $actions) {
$acl->addResource($controller, $actions);
}
$permissions = (require APPLICATION_PATH . '/config/acl/permissions.php');
foreach ($permissions as $role => $rules) {
foreach ($rules as $controller => $action) {
$acl->allow($role, $controller, $action);
}
}
//give admins everything
$acl->addRole('admin');
$acl->allow('admin', '*', '*');
$this->persistent->acl = $acl;
} catch (\Exception $e) {
if (APPLICATION_ENV == 'development' || APPLICATION_ENV == 'local_development') {
die($e->getMessage() . "<hr><pre>" . print_r($e->getTraceAsString(), true) . "</pre>");
}
}
}
return $this->persistent->acl;
}
public function __construct()
{
parent::__construct();
$roles = array('users' => new \Phalcon\Acl\Role('Users'), 'guests' => new \Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$this->addRole($role);
}
//Private area resources
$privateResources = array();
foreach ($privateResources as $resource => $actions) {
$this->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index/index' => array('index'), 'index/error' => array('error404', 'error500'), 'admin/index' => array('index', 'login', 'logout'));
foreach ($publicResources as $resource => $actions) {
$this->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$this->allow($role->getName(), $resource, '*');
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$this->allow('Users', $resource, $action);
}
}
}
public function __construct()
{
parent::__construct();
$this->setDefaultAction(\Phalcon\Acl::DENY);
$roles = array('admin' => new \Phalcon\Acl\Role('admin', 'Администратор'), 'guest' => new \Phalcon\Acl\Role('guest', 'Неавторизированный посетитель. Простое посещение'), 'member' => new \Phalcon\Acl\Role('member', 'Авторизированный посетитель'));
foreach ($roles as $role) {
$this->addRole($role);
}
$privateResources = array('admin/admin-user', 'cms/configuration', 'cms/translate', 'widget/admin', 'projects/admin', 'systems/admin', 'video/admin', 'file-manager/index', 'page/admin', 'publication/admin', 'slider/admin', 'seo/robots');
foreach ($privateResources as $resource) {
$this->addResource(new \Phalcon\Acl\Resource($resource));
}
$publicResources = array('admin/index', 'index/index', 'index/error', 'projects/index', 'systems/index', 'page/index', 'video/index', 'publication/index');
foreach ($publicResources as $resource) {
$this->addResource(new \Phalcon\Acl\Resource($resource));
}
foreach ($roles as $role) {
foreach ($publicResources as $resource) {
$this->allow($role->getName(), $resource, '*');
}
}
foreach ($privateResources as $resource) {
$this->allow('admin', $resource, '*');
}
}
/**
* @return AdapterInterface
*/
public function getAcl()
{
/**
* @todo remove
*/
$this->persistent->destroy();
if (!isset($this->persistent->acl)) {
$acl_adaptor = new Memory();
$acl_adaptor->setDefaultAction(Acl::DENY);
$acl_helper = new Helper($acl_adaptor, $this->public_resources, $this->private_resources);
/**
* The acl is stored in session, APC would be useful here too
*/
$this->persistent->acl = $acl_helper->initialize()->getAcl();
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
//throw new \Exception("something");
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('guests' => new Role('Guests'), 'users' => new Role('Users'), 'admins' => new Role('Admins'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Public area resources - READ ONLY
$publicResources = array('index' => array('index'), 'user' => array('list', 'get', 'details', 'search'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('signup', 'login', 'logout'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//User area resources -- READ ONLY
$userResourses = array('user' => array('index', 'search'));
foreach ($userResourses as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant acess to private area to role Users
foreach ($userResourses as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//Admins Resourses -- ALLOW ALLs
$adminResourses = array('user' => array('index', 'edit', 'delete', 'update', 'create', 'search', 'save', 'remove'));
foreach ($adminResourses as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to private area to role Admins
foreach ($adminResourses as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Admins', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!$this->persistent->get('acl')) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// Register roles
$roles = ['users' => new Role('Users', 'Member privileges, granted after sign in.'), 'guests' => new Role('Guests', 'Anyone browsing the site who is not signed in is considered to be a "Guest".')];
foreach ($roles as $role) {
$acl->addRole($role);
}
if ($this->resource instanceof ResourceInterface) {
foreach ($this->resource->getAllResources() as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($this->resource->getPublicResources() as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Grant access to private area to role Users
foreach ($this->resource->getPrivateResources() as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
}
// The acl is stored in session, APC would be useful here too
$this->persistent->set('acl', $acl);
}
return $this->persistent->get('acl');
}
public function getAcl()
{
if ($this->acl) {
return $this->acl;
}
$cache = $this->getCache();
if ($cache && ($data = $cache->get('acl'))) {
return $this->acl = $data;
}
$acl = new MemoryAcl();
$acl->setDefaultAction(Acl::DENY);
$roles = Entities\Roles::find();
foreach ($roles as $role) {
$roleName = $role->name ? $role->name : $role->roleKey;
$acl->addRole($role->roleKey, $role->roleKey);
}
$resources = Entities\Resources::find();
foreach ($resources as $resource) {
$acl->addResource($resource->resourceKey);
}
$operations = Entities\Operations::find();
foreach ($operations as $operation) {
$acl->addResourceAccess($operation->resourceKey, $operation->operationKey);
if ($operation->roles) {
foreach ($operation->roles as $role) {
$acl->allow($role->roleKey, $operation->resourceKey, $operation->operationKey);
}
}
}
if ($cache) {
$cache->save('acl', $acl);
}
return $this->acl = $acl;
}
public function _getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Memory();
$acl->setDefaultAction(Acl::ALLOW);
//Register roles
$roles = array('admin' => new Acl\Role('Administrator'), 'manager' => new Acl\Role('Manager'), 'staff' => new Acl\Role('Staff'));
$acl->addRole($roles['staff']);
$acl->addRole($roles['manager']);
$acl->addRole($roles['admin']);
// admin inherits staff
// resources that sales are denied
$staffResources = array("reports" => array("index"));
// add resources for sales
foreach ($staffResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
foreach ($actions as $action) {
$acl->deny($roles['staff']->getName(), $resource, $action);
}
// $acl->allow($roles['staff']->getName(), $resource, '*');
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Access Control List
*/
public function acl()
{
$acl = new Memory();
$acl->setDefaultAction(Acl::DENY);
$roles = array('guests', 'users');
$resources = array('users' => array('auth' => array('guests'), 'create' => array('guests'), 'logout' => array('users')), 'posts' => array('create' => array('users'), 'mine' => array('users'), 'all' => array('users')));
foreach ($roles as $role) {
$acl->addRole(new Role($role));
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new Resource($resource), array_keys($actions));
foreach ($actions as $action => $roles) {
foreach ($roles as $role) {
$acl->allow($role, $resource, $action);
}
}
}
return $acl;
}
public function __construct()
{
parent::__construct();
$this->setDefaultAction(\Phalcon\Acl::DENY);
/**
* Full list of Roles
*/
$roles = [];
$roles['guest'] = new \Phalcon\Acl\Role('guest', 'Guest');
$roles['member'] = new \Phalcon\Acl\Role('member', 'Member');
$roles['journalist'] = new \Phalcon\Acl\Role('journalist', 'Journalist');
$roles['editor'] = new \Phalcon\Acl\Role('editor', 'Journalist');
$roles['admin'] = new \Phalcon\Acl\Role('admin', 'Admin');
/**
* Frontend roles
*/
$this->addRole($roles['guest']);
$this->addRole($roles['member'], $roles['guest']);
/**
* Backend roles
*/
$this->addRole($roles['journalist']);
$this->addRole($roles['editor'], $roles['journalist']);
$this->addRole($roles['admin']);
/**
* Include resources permissions list from file /app/config/acl.php
*/
$resources = (include APPLICATION_PATH . '/config/acl.php');
foreach ($resources as $roles_resources) {
foreach ($roles_resources as $resource => $actions) {
$registerActions = '*';
if (is_array($actions)) {
$registerActions = $actions;
}
$this->addResource(new \Phalcon\Acl\Resource($resource), $registerActions);
}
}
/**
* Make unlimited access for admin role
*/
$this->allow('admin', '*', '*');
/**
* Set roles permissions
*/
foreach ($roles as $k => $role) {
$user_resource = $resources[$k];
foreach ($user_resource as $roles_resources => $method) {
if ($method == '*') {
$this->allow($k, $roles_resources, '*');
} else {
$this->allow($k, $roles_resources, $method);
}
}
}
}
private function getAcl($namespace)
{
// Create a new instantion of ACL
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
// Get groups for later use
$groups = Groups::find();
// Get all available resources and add them to the acl resources
foreach ($this->getAvailableResources($namespace) as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Add groups to ACL roles
foreach ($groups as $group) {
$acl->addRole($group->name);
}
// Allow groups to use resources assigned to them
foreach ($groups as $group) {
foreach ($this->getPermissions($group->group_id) as $permission) {
foreach ($this->getAllowedResources($permission->permission_id, $namespace) as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($group->name, $resource, $action);
}
}
}
}
// Return ACL list
return $acl;
}
public function rebuild()
{
$acl = new AclMemory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$profiles = Profiles::find('active = "Y"');
foreach ($profiles as $profile) {
$acl->addRole(new AclRole($profile->name));
}
foreach ($this->privateResource as $resource => $actions) {
$acl->addResource(new AclResource($resource), $actions);
}
//数据库中查找到profiles表中的角色, 在找对应permissions表中的权限.
foreach ($profiles as $profile) {
foreach ($profile->getPermissions() as $permission) {
$acl->allow($profile->name, $permission->resource, $permission->action);
}
//所有的角色都可以访问 users
$acl->allow($profile->name, 'users', 'changePassword');
}
if (touch(APP_DIR . $this->filePath) && is_writable(APP_DIR . $this->filePath)) {
file_put_contents(APP_DIR . $this->filePath, serialize($acl));
} else {
$this->flash->error('The user does not have write permissions to create the ACL list at ' . APP_DIR . $this->filePath);
}
return $acl;
}
/**
* Get acl system.
*
* @return AclMemory
*/
public function getAcl($config)
{
$permission = $config->permission->toArray();
if (!$this->_acl) {
$cacheData = $this->getDI()->get('cacheData');
$acl = $cacheData->get(self::CACHE_KEY_ACL);
if ($acl === null) {
$acl = new PhAclMemory();
$acl->setDefaultAction(PhAcl::DENY);
$groupList = array_keys($permission);
foreach ($groupList as $groupConst => $groupValue) {
// Add Role
$acl->addRole(new Role((string) $groupValue));
if (isset($permission[$groupValue]) && is_array($permission[$groupValue]) == true) {
foreach ($permission[$groupValue] as $group => $controller) {
foreach ($controller as $action) {
$actionArr = explode('/', $action);
$resource = strtolower($group) . '/' . $actionArr[0];
// Add Resource
$acl->addResource($resource, $actionArr[1]);
// Grant role to resource
$acl->allow($groupValue, $resource, $actionArr[1]);
}
}
}
}
$cacheData->save(self::CACHE_KEY_ACL, $acl, 2592000);
// 30 days cache.
}
$this->_acl = $acl;
}
return $this->_acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
$roles = array('admin' => new Role("Admin"), 'users' => new Role("User"), 'guests' => new Role("Guest"));
foreach ($roles as $role) {
$acl->addRole($role);
}
$aclResources = array('admin' => array(), 'user' => array('profile' => array("index", "edit", "view")), 'public' => array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'start', 'end')));
foreach ($aclResources as $type => $resource) {
foreach ($resource as $res => $actions) {
$acl->addResource(new Resource($res), $actions);
}
}
foreach ($aclResources["public"] as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("Guest", $resource, $action);
$acl->allow("User", $resource, $action);
$acl->allow("Admin", $resource, $action);
}
}
foreach ($aclResources["user"] as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("User", $resource, $action);
$acl->allow("Admin", $resource, $action);
}
}
foreach ($aclResources["admin"] as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("Admin", $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Add role to acl.
*
* @param string $role role
* @param \Phalcon\Config $rules rules
*
* @return $this
*
* @throws \Phalcon\Acl\Exception
*/
protected function addRole($role, \Phalcon\Config $rules)
{
// role has inheritance ?
if ($rules->get('inherit')) {
// role exists?
if (!array_key_exists($rules->inherit, $this->roles)) {
throw new \Phalcon\Acl\Exception(sprintf('Role "%s" cannot inherit non-existent role "%s".
Either such role does not exist or it is set to be inherited before it is actually defined.', $role, $rules->inherit));
}
$this->acl->addRole($this->roles[$role], $this->roles[$rules->inherit]);
} else {
$this->acl->addRole($this->roles[$role]);
}
return $this;
}
public function createAcl()
{
$acl = new AclList();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
foreach ($this->resources as $role => $groups) {
$acl->addRole(new Role($role, ucfirst($role)));
foreach ($groups as $module => $controllers) {
foreach ($controllers as $controller => $actions) {
$resource = strtolower($module) . '/' . $controller;
$acl->addResource(new Resource($resource), $actions);
$acl->allow($role, $resource, $actions);
}
}
}
if (touch(ROOT_URL . $this->filePath) && is_writable(ROOT_URL . $this->filePath)) {
// Save in File
file_put_contents(ROOT_URL . $this->filePath, serialize($acl));
// Save cache in APC
if (function_exists('apc_store')) {
apc_store('acl', $acl);
}
}
return $acl;
}
protected function _getAcl(){
if(!isset($this->persistent->acl)){
$acl=new Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$roles=[
self::GUEST => new Acl\Role(self::GUEST),
self::USER => new Acl\Role(self::USER),
self::ADMIN => new Acl\Role(self::ADMIN)
];
foreach($roles as $role){
$acl->addRole($role);
}
//Public Resources
foreach($this->_publicResources as $resource => $action){
$acl->addResource(new Acl\Resource($resource),$action);
}
//User Resources
foreach($this->_userResources as $resource => $action){
$acl->addResource(new Acl\Resource($resource),$action);
}
//Admin Resources
foreach($this->_adminResources as $resource => $action){
$acl->addResource(new Acl\Resource($resource),$action);
}
//Allow all resources to access the Public Resources
foreach($roles as $role){
foreach($this->_publicResources as $resource=> $action){
$acl->allow($role->getName(), $resource,'*');
}
}
//Allow User and Admin to access the User Resources
foreach($this->_userResources as $resource => $actions){
foreach($actions as $action){
$acl->allow(self::USER,$resource,$action);
$acl->allow(self::ADMIN,$resource,$action);
}
}
//Allow admin to access the Admin Resources
foreach($this->_adminResources as $resource => $actions){
foreach($actions as $action){
$acl->allow(self::ADMIN,$resource,$action);
}
}
$this->persistent->acl=$acl;
}
return $this->persistent->acl;
}
/**
* Get access control list.
* @return access control list
*/
private function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('guest' => new Role('guest'), 'user' => new Role('user'), 'administrator' => new Role('administrator'));
foreach ($roles as $role) {
$acl->addRole($role);
}
// Resources for all users
$publicResources = array('default' => array('index', 'getCsrfToken', 'terms', 'privacy', 'changeLanguage'), 'errors' => array('notSupportedError', 'resourceNotFound', 'internalServerError'), 'accounts' => array('signIn', 'doSignIn', 'signUp', 'doSignUp', 'verifyEmail', 'signOut', 'user', 'getIssues', 'resetPassword', 'doForgotPassword', 'doResetPassword'), 'products' => array('index', 'getProducts', 'product', 'getIssues', 'newIssue', 'issue', 'getIssueReplies'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Resources for users logged in
$loggedInResources = array('products' => array('createIssue', 'createIssueReply'), 'dashboard' => array('index', 'profile', 'changePassword', 'updateProfile', 'products', 'getProducts', 'getProduct', 'createProduct', 'editProduct', 'receivedIssues', 'getReceivedIssues', 'submittedIssues', 'getSubmittedIssues'));
foreach ($loggedInResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Resources for administrators only
$administrationResources = array('administration' => array('index', 'users', 'user', 'products', 'product', 'issues', 'issue'));
foreach ($administrationResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// Grant access to public areas to both guests, users and administrators
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Grant acess to dashboard area to role users and administrators
foreach ($loggedInResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('user', $resource, $action);
$acl->allow('administrator', $resource, $action);
}
}
// Grant acess to administration area to role administrators
foreach ($administrationResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('administrator', $resource, $action);
}
}
// The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
//Creamos la lista de accesos
$acl = new AclList();
//Por defecto la lista deniega el acceso
$acl->setDefaultAction(Acl::DENY);
//Creamos los diferentes roles
$roles = array('users' => new Role('Users'), 'guest' => new Role('Guest'));
//Los añadirmos a la lista
foreach ($roles as $role) {
$acl->addRole($role);
}
//Indicamos las areas privadas
$privateResources = array('trabajo' => array('index'), 'trabajopadre' => array('index'), 'trabajoprofe' => array('index'), 'trabajoadmin' => array('index'), 'entidad' => array('index', 'operacionalumno'));
//Añadimos las alreas
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Indicamos las areas publicas
$publicResources = array('index' => array('index'), 'about' => array('index'), 'blog' => array('index'), 'contact' => array('index'), 'usuario' => array('login', 'end'), 'errors' => array('show401', 'show404', 'show500'));
//Añadimos las alreas
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Damos acceso a las areas publicas
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Damos acceso a las areas privadas
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//Asignamos la lista de accesos a objeto persistente
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users', 'Utilisateur authentifier avec un compte actif'), 'guests' => new Role('Guests', 'Utilisateur non authentifier'));
//var_dump($roles);die();
foreach ($roles as $role) {
$acl->addRole($role);
}
//Not camelCase autorized in define Ressource
//Private area resources
$privateResources = array('lang' => array('index', 'test'), 'contact' => array('index', 'form', 'new', 'edit', 'save', 'create', 'delete'), 'index' => array('listMembers'), 'listemenu' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'notFound' => array('index', 'debugEnv'), 'session' => array('index', 'start'), 'inscription' => array('index'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//var_dump($acl);die();
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
//var_dump($this->persistent->acl);die();
return $this->persistent->acl;
}
/**
*
* @return \Phalcon\Acl\Adapter\Memory
*/
public function getAcl()
{
// setup acl at first time
if (!isset($this->persistent->acl)) {
// create acl list for type of user
$acl = new AclList();
// deny is default acl
$acl->setDefaultAction(Acl::DENY);
// Create 2 roler for two user type: guest and user
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
// private resource area
$privateResources = array('users' => array('index', 'search', 'edit', 'delete'), 'companies' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
// add private area
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// public area
$publicResource = array('index' => array('index'), 'about' => array('index'), 'register' => array('index', 'regis'), 'session' => array('index', 'register', 'start', 'end'), 'users' => array('create', 'new'));
// add public area
foreach ($publicResource as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
// grant all user have access to get public area
foreach ($roles as $role) {
foreach ($publicResource as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// grant for only user have access to private area
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
private function _getAcl()
{
// Create an empty ACL
$acl = new AclList();
// Set the default action to be DENY access
$acl->setDefaultAction(Acl::DENY);
$roles = array('admin' => new Role('admin'), 'donor' => new Role('donor'), 'none' => new Role('none'));
foreach ($roles as $role) {
$acl->addRole($role);
}
$adminResources = array('admin' => array('index', 'update', 'setup'));
$donorResources = array('donor' => array('index'));
$noneResources = array('index' => array('index'), 'user' => array('login', 'logout'));
$resources = array($adminResources, $donorResources, $noneResources);
foreach ($resources as $resourceList) {
foreach ($resourceList as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
}
foreach ($roles as $role) {
foreach ($noneResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
foreach ($donorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('donor', $resource, $action);
}
}
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('admin', $resource, $action);
}
}
return $acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
//throw new \Exception("something");
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'), 'privatepage' => array('index'), 'todo' => array('index', 'add', 'done', 'restore', 'remove'), 'phones' => array('index', 'reserve', 'getUserName', 'cancelReservation'), 'phoneAdd' => array('index', 'add'), 'phonesProducers' => array('index', 'add'), 'operatingSystems' => array('index', 'add'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'portfolio' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
//throw new \Exception("something");
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('index' => array('export', 'import'), 'people' => array('list', 'new', 'edit', 'create', 'delete', 'update'), 'stickers' => array('add', 'delete', 'create'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array();
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'api' => array('index', 'addCategory', 'addProduct', 'getCategory', 'getProduct', 'getProductByCategory', 'updateCategory', 'updateProduct', 'deleteProduct', 'deleteCategory'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (true) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('user' => array('register', 'list', 'delete'), 'tag' => array('list', 'create', 'delete'), 'content' => array('view', 'add'), 'pic' => array('list', 'create', 'delete', 'changeBrief'), 'search' => array('list', 'create', 'delete', 'userSearchList'), 'feedback' => array('list', 'view'), 'app' => array('list', 'unpass'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'api' => array('index'), 'install' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
