/** * (non-PHPdoc) * @see Zend_Application_Resource_ResourceAbstract#init() */ public function init() { $this->_acl = new Zend_Acl(); // static roles $this->_acl->addRole(new Zend_Acl_Role('all')); $this->_acl->addRole(new Zend_Acl_Role('anonymous'), 'all'); $this->_acl->addRole(new Zend_Acl_Role('identified'), 'all'); // dinamic roles foreach ($this->_roles as $roleName) { if (!$this->_acl->hasRole($roleName)) { $this->_acl->addRole(new Zend_Acl_Role($roleName), 'identified'); } } // var_dump($this->_resources);exit; // rules foreach ($this->_resources as $module => $grants) { $module = strtolower($module); $this->_acl->add(new Zend_Acl_Resource($module)); foreach ($grants as $controller => $grant) { $controller = strtolower($controller); foreach ($grant as $action => $roles) { $resource = $controller . self::RESOURCE_SEPARATOR . $action; foreach (explode(',', $roles) as $role) { if (!empty($role)) { $this->_acl->allow(trim($role), $module, $resource); } } } } } Zend_Registry::set('acl', $this->_acl); return $this->_acl; }
public function __construct() { $acl = new Zend_Acl(); //ролі $acl->addRole(new Zend_Acl_Role('guest')); //user наслідує усі параметри guest $acl->addRole(new Zend_Acl_Role('user'), 'guest'); $acl->addRole(new Zend_Acl_Role('admin')); //ресурси - доступні контролери $acl->add(new Zend_Acl_Resource('users')); $acl->add(new Zend_Acl_Resource('index')); //дозвіл $acl->deny(); //заборонити доступ всім $acl->allow('admin', null); //дозволити доступ admin-у до всього //users це resource - контролер // далі $privilege - екшн $acl->allow('guest', 'users', array('login', 'registration', 'confirm')); $acl->allow('guest', 'index'); $acl->allow('user', 'users', array('logout')); $acl->deny('user', 'users', array('login', 'registration')); //глобальний доступ до змінної //щоб використати у видах Zend_Registry::set('acl', $acl); /* //isAllowed() - чи має доступ $role до $resourse і $privilege //$resource - контролер //$privilege - екшн if($acl->isAllowed($role, $resource, $privilege)){ } */ }
/** The constuctor for the class * @access public * @param Zend_Acl $aclData * @param $roleName string * @return void **/ public function __construct(Zend_Acl $aclData, $roleName = 'public') { $this->_roleName = $roleName; if (NULL !== $aclData) { $this->setAcl($aclData); } $front = Zend_Controller_Front::getInstance(); /** If an error handler hasn't been setup in the front controller, setup one */ if (!$front->getParam('noErrorHandler') && !$front->hasPlugin('Zend_Controller_Plugin_ErrorHandler')) { // Register with stack index of 100 $front->registerPlugin(new Zend_Controller_Plugin_ErrorHandler(), 100); } /** Allow error handler in the acl */ $errorHandler = Zend_Controller_Front::getInstance()->getPlugin('Zend_Controller_Plugin_ErrorHandler'); $defaultErrorModule = $errorHandler->getErrorHandlerModule(); $defaultErrorController = $errorHandler->getErrorHandlerController(); $defaultErrorAction = $errorHandler->getErrorHandlerAction(); if (NULL !== $defaultErrorModule && $defaultErrorModule != 'default') { if (!$this->getAcl()->has($defaultErrorModule)) { require_once 'Zend/Acl/Resource.php'; $this->_acl->add(new Zend_Acl_Resource($defaultErrorModule)); $this->_acl->add(new Zend_Acl_Resource($defaultErrorModule . ':' . $defaultErrorController, $defaultErrorModule)); $this->_acl->allow($this->_roleName, $defaultErrorModule . ':' . $defaultErrorController, $defaultErrorAction); } } else { if (!$this->getAcl()->has($defaultErrorController)) { $this->_acl->add(new Zend_Acl_Resource($defaultErrorController)); } $this->_acl->allow($this->_roleName, $defaultErrorController, $defaultErrorAction); } $this->setDeniedAction('denied', $defaultErrorController, $defaultErrorModule); }
/** * Hook into action controller initialization * * @return void */ public function init() { // add resource for this controller $controller = $this->getAction()->getRequest()->getControllerName(); if (!$this->_acl->has($controller)) { $this->_acl->add(new Zend_Acl_Resource($controller)); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { try { $module = $request->getModuleName(); if ($module == 'admin') { $moduleList = new Zend_Session_Namespace('moduleList'); $userInfo = new Zend_Session_Namespace('userInfo'); $module = $moduleList->module; $allowed_module = $userInfo->module_list; //generating all resources $acl = new Zend_Acl(); //generating user permission $acl->addRole(new Zend_Acl_Role('admin')); $acl->addRole(new Zend_Acl_Role('anonymous')); $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('ajax')); $acl->allow('admin', 'index'); $acl->allow('admin', 'ajax'); if (!empty($module)) { foreach ($module as $value) { if (!$acl->has($value['controller'])) { $acl->add(new Zend_Acl_Resource($value['controller'])); } if (in_array($value['id'], $allowed_module)) { if ($value['action'] != null) { $acl->allow('admin', $value['controller'], $value['action']); } else { $acl->allow('admin', $value['controller']); } } } } //allowing anonymous user to get into the login page $acl->allow('anonymous', 'index', 'index'); $acl->allow('anonymous', 'index', 'login'); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $role = 'admin'; } else { $role = 'anonymous'; } $controller = $request->controller; $action = $request->action; if (!$acl->isAllowed($role, $controller, $action)) { $request->setModuleName('admin'); $request->setControllerName('error'); $request->setActionName('acl'); $request->setParam('type', 1); } } } catch (Zend_Acl_Exception $e) { $request->setModuleName('admin'); $request->setControllerName('error'); $request->setActionName('acl'); $request->setParam('type', 2); } }
public function __construct() { $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('admin')); $acl->add(new Zend_Acl_Resource('admin')); $acl->add(new Zend_Acl_Resource('index')); $acl->deny(); $acl->allow('admin', null); $acl->allow('guest', 'admin', array('login')); $acl->allow('guest', 'index'); Zend_Registry::set('acl', $acl); }
/** * Setup the ACL * * @return void */ protected function _setupAcl() { if (!$this->_acl->has($this)) { $this->_acl->add($this); $this->_setupPrivileges(); } }
public function checkAccess(Zend_Controller_Request_Abstract $request) { $resource = new User_Model_Acl_Resource(); $resource->getPrivileges($request); if (!$resource->privileges || !$resource->resource_id) { //error in getting resource privileges or nobody is allowed access, deny access and redirect to forbidden return false; } $acl = new Zend_Acl(); $acl->add(new Zend_Acl_Resource($resource->resource_id)); foreach ($resource->privileges as $key => $privilege) { if (!$acl->hasRole($privilege["role_id"])) { $acl->addRole(new Zend_Acl_Role($privilege["role_id"])); $acl->allow($privilege["role_id"], $resource->resource_id); } } $authorization = Zend_Auth::getInstance(); if ($authorization->hasIdentity()) { $user = $authorization->getIdentity(); if ($acl->hasRole($user['role_id']) && $acl->isAllowed($user['role_id'], $resource->resource_id)) { //role has access return true; } //user role does not have access to this resource return false; } else { $aclrole = new User_Model_Acl_Role(); $aclrole->getDefaultRole(); if (!$aclrole->default_role || !$acl->hasRole($aclrole->default_role) || !$acl->isAllowed($aclrole->default_role, $resource->resource_id)) { //redirect to login return false; } } return true; }
public function setAcl(Zend_Acl $acl) { if (!$acl->has($this->getResourceId())) { $acl->add($this)->deny(Model_Role::GUEST, $this, array('view', 'delete')); } $this->_acl = $acl; }
public function getAcl() { Zend_Registry::get('log')->info(__METHOD__); $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role(1)); $acl->add(new Zend_Acl_Resource('As')); $acl->add(new Zend_Acl_Resource('Bs')); $acl->add(new Zend_Acl_Resource('A')); $acl->add(new Zend_Acl_Resource('B')); $acl->allow(1, 'As'); //$acl->allow(1, 'Bs'); $acl->allow(1, 'A', 'edit', new App_Acl_Assert_ResourceAccess()); $acl->allow(1, 'A', 'edit:all'); $acl->allow(1, 'A', 'delete', new App_Acl_Assert_ResourceAccess()); $acl->allow(1, 'A', 'delete:mine'); return $acl; }
/** * @return void */ public function addAllResources() { $query = Doctrine_Query::create()->select('c.name, m.name')->from('Model_Entity_Controller c')->leftJoin('c.Module m')->useQueryCache(Kebab_Cache_Query::isEnable()); $resources = $query->execute(); foreach ($resources as $resource) { parent::add(new Zend_Acl_Resource($resource->Module->name . '_' . $resource->name)); } }
function __construct($class = NULL) { $CI =& get_instance(); $CI->load->library('zend'); $CI->zend->load('Zend/Acl'); $CI->zend->load('Zend/Acl/Role'); $CI->zend->load('Zend/Acl/Resource'); $acl = new Zend_Acl(); //Add the Role $acl->addRole(new Zend_Acl_Role('NU')); $acl->addRole(new Zend_Acl_Role('memUser'), 'member'); //Add Resource $acl->add(new Zend_Acl_Resource('users_login')); $acl->add(new Zend_Acl_Resource('users_profile'), 'users_login'); $acl->allow('member', 'users_login'); $acl->allow('memUser', 'users_profile'); }
/** * @group ZF-8468 */ public function testgetResources() { $this->assertEquals(array(), $this->_acl->getResources()); $this->_acl->add(new Zend_Acl_Resource('someResource')); $this->_acl->add(new Zend_Acl_Resource('someOtherResource')); $expected = array('someResource', 'someOtherResource'); $this->assertEquals($expected, $this->_acl->getResources()); }
public function __construct() { $acl = new Zend_Acl(); // добавляем роли $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('admin')); // добавляем ресурсы $acl->add(new Zend_Acl_Resource('sites')); $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('logs')); $acl->add(new Zend_Acl_Resource('auth')); $acl->add(new Zend_Acl_Resource('maps')); $acl->add(new Zend_Acl_Resource('best')); $acl->add(new Zend_Acl_Resource('news')); // если нет роли то все запрещаем $acl->deny(); // админу по умолчанию разрешено все $acl->allow('admin', null); // гостю только контроллер с экшеном для входа $acl->allow('guest', 'auth', array('index', 'check')); $acl->allow('guest', 'maps', array('cronmaps')); $acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect')); // если надо запретить экшены в разрешенном контроллере /*$acl->deny('user', 'users', array( 'login', 'registration' )); * */ Zend_Registry::set('acl', $acl); }
/** * Get ACL lists * * @return Zend_Acl */ public function getAcl() { if (null === $this->_acl) { $acl = new Zend_Acl(); $acl->add(new Zend_Acl_Resource('admin'))->add(new Zend_Acl_Resource('kap'))->add(new Zend_Acl_Resource('members'))->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('kap'), 'guest')->addRole(new Zend_Acl_Role('admin'), 'kap')->deny()->allow('admin', 'admin')->allow('admin', 'members')->allow('admin', 'kap')->allow('kap', 'kap')->allow('kap', 'members')->allow('guest', 'members', array('index', 'team', 'player', 'turnir', 'old', 'regno')); $this->_acl = $acl; } return $this->_acl; }
/** * Метод загружающий ресурсы ACL * из хранилища ресурсов в объект Zend_Acl * * @return void */ protected function _loadResources() { $resources = $this->_resources->getAll(); foreach ($resources as $resource) { if (!$this->_acl->has(new Zend_Acl_Resource($resource['id']))) { $this->_acl->add(new Zend_Acl_Resource($resource['id'])); } } }
/** * Get ACL lists * * @return Zend_Acl */ public function getAcl() { if (null === $this->_acl) { $acl = new Zend_Acl(); $this->_loadAclClasses(); $acl->add(new Zend_Acl_Resource('page'))->addRole(new Brightfame_Acl_Role_Guest())->addRole(new Brightfame_Acl_Role_Member(), 'guest')->addRole(new Brightfame_Acl_Role_Administrator(), 'member')->deny()->allow('guest', 'page', array('view'))->allow('member', 'page', array('comment'))->allow('administrator', 'page', array('add', 'edit', 'delete', 'buildindex')); $this->_acl = $acl; } return $this->_acl; }
public function testGetSelectAclIntegration() { // Test ItemTable::getSelect() when the ACL is not available. $this->assertEquals("SELECT items.* FROM omeka_items AS items", (string) $this->table->getSelect()); // Test ItemTable::getSelect() when the ACL is available. $acl = new Zend_Acl(); $acl->add(new Zend_Acl_Resource('Items')); $acl->deny(null, 'Items', 'showNotPublic'); Zend_Registry::get('bootstrap')->getContainer()->acl = $acl; $this->assertContains("WHERE (items.public = 1)", (string) $this->table->getSelect()); }
/** * Deny access to this role for a particular permissible object (or globally) * * @param string permission to deny * @param QFrame_Permissible (optional) permissible object to deny access to */ public function deny($permission, QFrame_Permissible $permissible = null) { $resource = $permissible === null ? "GLOBAL" : $permissible->getPermissionID(); if (!$this->acl->hasRole($permission)) { $this->acl->addRole(new Zend_Acl_Role($permission)); } if (!$this->acl->has($resource)) { $this->acl->add(new Zend_Acl_Resource($resource)); } $this->acl->deny($permission, $resource); }
public function __construct() { $acl = new Zend_Acl(); //roles $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('user'), 'guest'); $acl->addRole(new Zend_Acl_Role('admin')); //resources $acl->add(new Zend_Acl_Resource('users')); $acl->add(new Zend_Acl_Resource('index')); //permissions $acl->deny(); $acl->allow('admin', null); //Guest rights $acl->allow('guest', 'users', array('login', 'registration', 'confirm')); $acl->allow('guest', 'index'); //User rights $acl->allow('user', 'users', array('logout')); $acl->deny('user', 'users', array('login', 'registration')); Zend_Registry::set('acl', $acl); }
public static function initAcl() { self::$_auth = Lms_MultiAuth::getInstance(); $cookieManager = new Lms_CookieManager(self::$_config['auth']['cookie']['key']); $authStorage = new Lms_Auth_Storage_Cookie($cookieManager, self::$_config['auth']['cookie']); self::$_auth->setStorage($authStorage); self::$_acl = new Zend_Acl(); self::$_acl->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('user'), 'guest')->addRole(new Zend_Acl_Role('moder'), 'user')->addRole(new Zend_Acl_Role('admin')); self::$_acl->add(new Zend_Acl_Resource('film'))->add(new Zend_Acl_Resource('comment'))->add(new Zend_Acl_Resource('bookmark'))->add(new Zend_Acl_Resource('rating'))->add(new Zend_Acl_Resource('user')); self::$_acl->allow('admin')->allow('moder', array('film', 'comment'))->allow('user', array('bookmark', 'rating', 'user'))->allow('user', array('comment'), 'post')->allow('guest', array('film'), 'view'); Lms_User::setAcl(self::$_acl); self::$_user = Lms_User::getUser(); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { // set up acl $acl = new Zend_Acl(); // add the roles $acl->addRole(new Zend_Acl_Role('guest')); $acl->addRole(new Zend_Acl_Role('user'), 'guest'); $acl->addRole(new Zend_Acl_Role('administrator'), 'user'); // add the resources $acl->add(new Zend_Acl_Resource('index')); $acl->add(new Zend_Acl_Resource('error')); $acl->add(new Zend_Acl_Resource('page')); $acl->add(new Zend_Acl_Resource('menu')); $acl->add(new Zend_Acl_Resource('menuitem')); $acl->add(new Zend_Acl_Resource('user')); $acl->add(new Zend_Acl_Resource('search')); $acl->add(new Zend_Acl_Resource('feed')); // set up the access rules $acl->allow(null, array('index', 'error')); // a guest can only read content and login $acl->allow('guest', 'page', array('index', 'open')); $acl->allow('guest', 'menu', array('render')); $acl->allow('guest', 'user', array('login')); $acl->allow('guest', 'search', array('index', 'search')); $acl->allow('guest', 'feed'); // cms users can also work with content $acl->allow('user', 'page', array('list', 'create', 'edit', 'delete')); // administrators can do anything $acl->allow('administrator', null); // fetch the current user $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $identity = $auth->getIdentity(); $role = strtolower($identity->role); } else { $role = 'guest'; } $controller = $request->controller; $action = $request->action; if (!$acl->isAllowed($role, $controller, $action)) { if ($role == 'guest') { $request->setControllerName('user'); $request->setActionName('login'); } else { $request->setControllerName('error'); $request->setActionName('noauth'); } } }
/** * check if specific roles are allowed to perform specific action on resource * @param $roles (array)roles array * @param $permissionName (integer)permission identifier * @param $object (integer)object identifier * @param $defaultDeniedMessage (boolean)should add a default access denied message to flash messanger * @return boolean */ static function isAllowed($roles, $permissionName, $object = null, $defaultDeniedMessage = true) { $cache = Zend_Registry::get('cache_files'); $acl = new Zend_Acl(); #adding all the roles that user has $tmpRoles = array(); foreach ($roles as $role) { $acl->addRole(new Zend_Acl_Role($role->id)); array_push($tmpRoles, $role->id); } $select = self::getAclTable()->select()->where('role IN (?)', $tmpRoles); #fetching permissions for specific object from database #if no object is passed then we test for object 1 - faking site "section" permission if (!$object) { $object = 1; } $select->where('object = ?', (int) $object); #resource for test $acl->add(new Zend_Acl_Resource($object)); #caching $permsAvailable = $cache->load(md5(UNIQUE_HASH . $select->__toString())); if ($permsAvailable === false) { $permsAvailable = array(); #TODO is there a more efficient way to do it instead of casting to array and then casting to object ? $aclResources = self::getAclTable()->fetchAll($select)->toArray(); foreach ($aclResources as $aclResource) { array_push($permsAvailable, (object) $aclResource); } $cache->save($permsAvailable, md5(UNIQUE_HASH . $select->__toString()), array('acl', 'user_data')); } #setting up permissions for roles if ($permsAvailable) { foreach ($permsAvailable as $perm) { $acl->allow($perm->role, $perm->object, $perm->permission); } } #admin has access to everything #admin group has id of 2 in db if (in_array(2, $tmpRoles)) { $acl->allow(2); } #setting a role that will be used for testing and will inherit all the priviledges from parent roles $acl->addRole(new Zend_Acl_Role('testedRole'), $tmpRoles); #query acl $result = $acl->isAllowed('testedRole', $object, $permissionName); if (!$result && $defaultDeniedMessage) { $messages = Zend_Controller_Action_HelperBroker::getStaticHelper('Messages'); $messages->errors = 'e_permission_too_low'; } return $result; }
public function kontrolAction() { $post = $this->getRequest()->getPost(); $db = Zend_Db_Table::getDefaultAdapter(); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName("tbl_login")->setIdentityColumn("kullanici_adi")->setCredentialColumn("parola")->setIdentity($post['kullanici_adi'])->setCredential($post['parola']); $session = new Zend_Session_Namespace('userSession'); $auth = Zend_Auth::getInstance(); try { $result = $auth->authenticate($authAdapter); $veri = $authAdapter->getResultRowObject(); if (!$result->isValid()) { $session->hataMesaji = 'Hatalı Giriş Yaptınız'; $this->_redirect("/giris/index"); } else { $session = new Zend_Session_Namespace('userSession'); $session->kullanici_id = $veri->id; $grup_kodu = $veri->grup_kodu ? $veri->grup_kodu : "A"; $session->grup_kodu = $grup_kodu; if ($grup_kodu != 'A') { $acl = new Zend_Acl(); $role = new Zend_Acl_Role($grup_kodu); $acl->addRole($role); $tblacl = new TblYetki(); $grupHak = $tblacl->fetchAll("grup_kodu='" . $veri->grup_kodu . "'"); foreach ($grupHak as $gHak) { if (!$acl->has(new Zend_Acl_Resource($gHak->controller))) { $acl->add(new Zend_Acl_Resource($gHak->controller)); } $acl->allow($gHak->grup_kodu, $gHak->controller, $gHak->action); $session->acl = $acl; } } else { $session->hataMesaji = 'Giriş Yaptınız'; $this->_redirect('/admin'); } $session->hataMesaji = 'Giriş Yaptınız'; $this->_redirect("/kullanici/index"); } } catch (Zend_Exception $e) { echo $e->getMessage(); } }
protected function _generateAcl() { //This would probably be pulled from a registry or something in an application //hard coded here to an example ACL //create the acl $acl = new Zend_Acl(); //create playlist resource $acl->add(new Zend_Acl_Resource('playlist')); //Listen can view playlists $acl->addRole(new Zend_Acl_Role('listener')); $acl->allow('listener', 'playlist', 'view'); //DJ inherits from listener to view playlists, but can also play playlists $acl->addRole(new Zend_Acl_Role('dj'), 'listener'); $acl->allow('dj', 'playlist', 'play'); //program manager inherits from DJ to view and play playlists but can also manage playlists $acl->addRole(new Zend_Acl_Role('program manager'), 'dj'); $acl->allow('program manager', 'playlist', 'manage'); return $acl; }
/** * 设置ACL * */ public function setAcl() { //定义角色 $acl = new Zend_Acl(); $roles = $this->getRoles(); foreach ($roles as $value) { $acl->addRole(new Zend_Acl_Role($value['mod_name'] . '.' . $value['role_name'])); } //添加资源 $resources = $this->getResources(); foreach ($resources as $value) { $acl->add(new Zend_Acl_Resource($value['mod_name'] . '.' . $value['res_name'])); } foreach ($this->_getRules() as $rule) { $roleName = "{$rule['mod_name']}.{$rule['role_name']}"; $resName = "{$rule['mod_name']}.{$rule['res_name']}"; $method = $rule['permit'] == 1 ? 'allow' : 'deny'; $acl->{$method}($roleName, $resName, $rule['priv_name']); } return $acl; }
/** * Инициализация пользовательской сессии * * @return array */ public function init() { $this->_bootstrap->bootstrap('Usersession'); $this->_bootstrap->bootstrap('View'); $acl = new Zend_Acl(); $role = $this->_bootstrap->Usersession->UserData['roleid']; $acl->addRole(new Zend_Acl_Role($role)); $db = $this->_bootstrap->Db; $select = $db->select()->from('pw_mvc_resources', new Zend_Db_Expr('DISTINCT module,controller')); foreach ($db->fetchAll($select) as $row) { $acl->add(new Zend_Acl_Resource(join(':', $row))); } foreach ($this->_bootstrap->Usersession->UserData['acl']['mvc'] as $modulename => $moduledata) { foreach ($moduledata as $controllername => $controllerdata) { $acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata)); } } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); $navigation = $this->_bootstrap->View->navigation(); $dir = APPLICATION_PATH . '/configs/navigation/'; if (is_dir($dir)) { $handle = opendir($dir); while ($module = readdir($handle)) { if (is_dir($dir . $module) && !in_array($module, array('.', '..'))) { $files = opendir($dir . $module); while ($file = readdir($files)) { if (preg_match('#^([^\\.]+)\\.xml$#iu', $file, $fileinfo)) { $container = new Zend_Navigation(new Zend_Config_Xml($dir . $module . '/' . $file)); $this->_containers[$module][$fileinfo[1]] = array('menu' => $navigation->menu($container)->render(), 'breadcrumbs' => $navigation->breadcrumbs($container)->render()); } } closedir($files); } } closedir($handle); } $this->_bootstrap->View->assign('Navigation', $this->_containers); return $this->_containers; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { parent::preDispatch($request); $acl = new Zend_Acl(); //adding Roles $acl->addRole(new Zend_Acl_Role(""))->addRole(new Zend_Acl_Role("guest"), "")->addRole(new Zend_Acl_role("user"), "guest")->addRole(new Zend_Acl_role("admin"), "user"); //Adding Resources $acl->add(new Zend_Acl_Resource("default"))->add(new Zend_Acl_Resource("admin"))->add(new Zend_Acl_Resource("user"))->add(new Zend_Acl_Resource("error")); //set up access a roles $acl->allow(null, array("error", "error")); //set up access a Guest $acl->allow("guest", "default"); //access a user $acl->allow("user", "default"); $acl->allow('user', 'user'); //access of admistrator $acl->allow('admin', null); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $identity = $auth->getIdentity(); $role = strtolower($identity->role); } else { $role = 'guest'; } $module = $request->module; $controller = $request->controller; $action = $request->action; if (!$acl->isAllowed($role, $module, $controller, $action)) { if ($role == 'guest' or $role === "") { $request->setModuleName('default'); $request->setControllerName('usuario'); $request->setActionName('index'); } else { $request->setModuleName('default'); $request->setControllerName("error"); $request->setActionName("noauth"); } } }
/** * pobranie obiektu ACL * * @return Zend_Acl * */ public function _getAcl() { if ($this->_acl !== null) { return $this->_acl; } $cache = Zend_Registry::get('cache'); $cache_name = 'cms_acl_roles'; if ($this->_config->mode != 'staging' && ($this->_acl = $cache->load($cache_name)) !== false) { return $this->_acl; } $acl = new Zend_Acl(); $select = $this->_db->select()->from('cms_privileges')->order('privilege_name'); $result = $this->_db->fetchAll($select); foreach ($result as $privilege) { $privilegeArray[$privilege['privilege_name']] = (int) $privilege['privilege_value']; } $select = $this->_db->select()->from('cms_role')->order('role_name'); $result = $this->_db->fetchAll($select); foreach ($result as $role) { $acl->addRole(new Zend_Acl_Role($role['role_code'])); $module_select = $this->_db->select()->from('cms_role_privileges')->where('role_id = ?', (int) $role['role_id'])->order('module_code'); $module_result = $this->_db->fetchAll($module_select); foreach ($module_result as $resource) { $this->_tmp_resource_acl = (int) $resource['acl']; if (!$acl->has($resource['module_code'])) { // module-privilege == name np. firm-access, firm-edit $acl->add(new Zend_Acl_Resource($resource['module_code'])); } $p = array_keys(array_filter($privilegeArray, array($this, "_getPrivileges"))); $acl->allow($role['role_code'], $resource['module_code'], $p ? $p : array('nop')); } } $cache->save($acl, $cache_name, array('cms', 'cms_acl'), null); $this->_acl = $acl; return $this->_acl; }
/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return unknown_type */ protected function _checkAcl($object, $function) { if (!$this->_acl) { return true; } if ($object) { $class = is_object($object) ? get_class($object) : $object; if (!$this->_acl->has($class)) { require_once 'Zend/Acl/Resource.php'; $this->_acl->add(new Zend_Acl_Resource($class)); } $call = array($object, "initAcl"); if (is_callable($call) && !call_user_func($call, $this->_acl)) { // if initAcl returns false, no ACL check return true; } } else { $class = null; } $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if ($this->_acl->hasRole(Zend_Amf_Constants::GUEST_ROLE)) { $role = Zend_Amf_Constants::GUEST_ROLE; } else { require_once 'Zend/Amf/Server/Exception.php'; throw new Zend_Amf_Server_Exception("Unauthenticated access not allowed"); } } if ($this->_acl->isAllowed($role, $class, $function)) { return true; } else { require_once 'Zend/Amf/Server/Exception.php'; throw new Zend_Amf_Server_Exception("Access not allowed"); } }