Exemple #1
0
    /**
     * Sets up ACL
     *
     * @return Zend_Acl
     */
    protected function _getAcl()
    {
        $acl = new \Zend\Acl\Acl();

        $acl->addRole(new Role\GenericRole('guest'));
        $acl->addRole(new Role\GenericRole('member'), 'guest');
        $acl->addRole(new Role\GenericRole('admin'), 'member');
        $acl->addRole(new Role\GenericRole('special'), 'member');

        $acl->addResource(new Resource\GenericResource('guest_foo'));
        $acl->addResource(new Resource\GenericResource('member_foo'), 'guest_foo');
        $acl->addResource(new Resource\GenericResource('admin_foo', 'member_foo'));
        $acl->addResource(new Resource\GenericResource('special_foo'), 'member_foo');

        $acl->allow('guest', 'guest_foo');
        $acl->allow('member', 'member_foo');
        $acl->allow('admin', 'admin_foo');
        $acl->allow('special', 'special_foo');
        $acl->allow('special', 'admin_foo', 'read');

        return array('acl' => $acl, 'role' => 'special');
    }
Exemple #2
0
 /**
  * Check if the ACL allows accessing the function or method
  *
  * @param string|object $object Object or class being accessed
  * @param string $function Function or method being accessed
  * @return unknown_type
  */
 protected function _checkAcl($object, $function)
 {
     if (!$this->_acl) {
         return true;
     }
     if ($object) {
         $isObject = is_object($object);
         $class = $isObject ? get_class($object) : $object;
         if (!$this->_acl->hasResource($class)) {
             $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
         }
         if (method_exists($object, 'initAcl')) {
             // if initAcl returns false, no ACL check
             if ($isObject && $object->initAcl($this->_acl)) {
                 return true;
             } elseif ($class::initAcl($this->_acl)) {
                 return true;
             }
         }
     } else {
         $class = null;
     }
     $auth = $this->getAuthService();
     if ($auth->hasIdentity()) {
         $role = $auth->getIdentity()->role;
     } else {
         if ($this->_acl->hasRole(Constants::GUEST_ROLE)) {
             $role = Constants::GUEST_ROLE;
         } else {
             throw new Exception\RuntimeException("Unauthenticated access not allowed");
         }
     }
     if ($this->_acl->isAllowed($role, $class, $function)) {
         return true;
     } else {
         throw new Exception\RuntimeException("Access not allowed");
     }
 }
Exemple #3
0
<?php

require_once '../SimplOn/Utilities/Acl/Acl.php';
require_once '../SimplOn/Utilities/Acl/Role.php';
require_once '../SimplOn/Utilities/Acl/Resource.php';
require_once '../SimplOn/Utilities/Acl/Role/GenericRole.php';
require_once '../SimplOn/Utilities/Acl/Resource/GenericResource.php';
require_once '../SimplOn/Utilities/Acl/Role/Registry.php';
$acl = new Zend\Acl\Acl();
$acl->addRole(new Zend\Acl\Role\GenericRole('guest'))->addRole(new Zend\Acl\Role\GenericRole('member'))->addRole(new Zend\Acl\Role\GenericRole('admin'));
$parents = array('guest', 'member', 'admin');
$acl->addRole(new Zend\Acl\Role\GenericRole('someUser'), $parents);
$acl->addResource(new Zend\Acl\Resource\GenericResource('someResource'));
$acl->deny('guest', 'someResource');
$acl->allow('member', 'someResource');
echo $acl->isAllowed('someUser', 'someResource') ? 'allowed' : 'denied';
Exemple #4
0
 /**
  * Check if the ACL allows accessing the function or method
  *
  * @param string|object $object Object or class being accessed
  * @param string $function Function or method being accessed
  * @return unknown_type
  */
 protected function _checkAcl($object, $function)
 {
     if (!$this->_acl) {
         return true;
     }
     if ($object) {
         $class = is_object($object) ? get_class($object) : $object;
         if (!$this->_acl->hasResource($class)) {
             $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
         }
         $call = array($object, "initAcl");
         if (is_callable($call) && !call_user_func($call, $this->_acl)) {
             // if initAcl returns false, no ACL check
             return true;
         }
     } else {
         $class = null;
     }
     $auth = $this->getAuthService();
     if ($auth->hasIdentity()) {
         $role = $auth->getIdentity()->role;
     } else {
         if ($this->_acl->hasRole(Constants::GUEST_ROLE)) {
             $role = Constants::GUEST_ROLE;
         } else {
             throw new Exception("Unauthenticated access not allowed");
         }
     }
     if ($this->_acl->isAllowed($role, $class, $function)) {
         return true;
     } else {
         throw new Exception("Access not allowed");
     }
 }