public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$this->_initAcl();
if ($this->_auth->hasIdentity()) {
$ident = $this->_auth->getIdentity();
$date = new Zend_Date();
$ident->last_login = $date->get(DATABASE_DATE_FORMAT);
$ident->save();
}
if ($request->getControllerName() != 'admin' && $request->getModuleName() != 'admin') {
return;
}
// if this is not admin skip the rest
if (!$this->_auth->hasIdentity() && !($request->getControllerName() == 'auth' && $request->getActionName() == 'login' && $request->getModuleName() == 'admin')) {
$redirect = new Zend_Controller_Action_Helper_Redirector();
$redirect->gotoSimple('login', 'auth', 'admin');
}
if ($request->getModuleName() == 'user' && $request->getControllerName() == 'admin' && $request->getActionName() == 'profile') {
return;
}
// the profile is a free resource
$resource = $request->getModuleName() . '_' . $request->getControllerName();
$hasResource = $this->_acl->has($resource);
if ($hasResource && !$this->_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $request->getActionName())) {
throw new FansubCMS_Exception_Denied('The user is not allowd to do this');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if (!Zend_Auth::getInstance()->hasIdentity() && ($request->getControllerName() != 'index' && $request->getControllerName() != 'error')) {
$request->setControllerName('index');
$request->setActionName('index');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$publicPages = array();
$publicPages['controllers'] = array('login');
$publicPages['actions'] = array();
$controllerName = $request->getControllerName();
if ($auth->hasIdentity() || in_array($controllerName, $publicPages['controllers'])) {
return true;
}
throw new WebVista_App_AuthException('You must be authenticated to access the system.');
$roleId = $auth->getIdentity()->roleId;
$acl = WebVista_Acl::getInstance();
if (!$acl->hasRole($roleId)) {
$error = "Sorry, the requested user role '" . $roleId . "' does not exist";
}
if (!$acl->has($request->getModuleName() . '_' . $request->getControllerName())) {
$error = "Sorry, the requested controller '" . $request->getControllerName() . "' does not exist as an ACL resource";
}
if (!$acl->isAllowed($roleId, $request->getModuleName() . '_' . $request->getControllerName(), $request->getActionName())) {
$error = "Sorry, the page you requested does not exist or you do not have access";
}
if (isset($error)) {
throw new WebVista_App_AuthException('You must be authenticated to access the system.');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ('company' == $request->getControllerName()) {
$tsn = $request->tsn ? $request->tsn : $_COOKIE['tsn'];
if ($tsn) {
$token = Token::create($tsn);
$token->update_sync_time();
} else {
$token = Token::create_abstract('123');
}
if ($token->is_logined() == true) {
if ($token->is_expire()) {
$token->destroy();
include_once LIB_PATH . '/view_helper/BuildUrl.php';
$url_builder = new Zend_View_Helper_BuildUrl();
$referer = SearchFilter::slashes($url_builder->buildUrl($request->getActionName(), $request->getControllerName(), $request->getModuleName()));
$login_url = $url_builder->buildUrl('login', 'auth', 'index', array('redirect' => $referer));
$redirector = new Zend_Controller_Action_Helper_Redirector();
$redirector->gotoUrl($login_url);
return;
}
$token->register();
} else {
if ('auth' != $request->getActionName()) {
$token->destroy();
$request->setModuleName('index');
$request->setControllerName('auth');
$request->setActionName('login');
}
}
}
}
protected function _checkSkipAcl(Zend_Controller_Request_Abstract $request, $type)
{
// verificação de requisicao - Caso ajax, verifica se a action é delete, senao, SKIP nele.
if ($request->isXmlHttpRequest() && !in_array($request->getActionName(), $this->_arrAjaxNotSkip)) {
return TRUE;
}
$configs = Zend_Registry::get('configs');
$skip = $configs['security']['skip'][$type];
$result = FALSE;
$result = in_array($request->getActionName(), $skip);
foreach ($skip as $routers) {
$route = explode('/', $routers);
switch (count($route)) {
case 1:
// action
$result = in_array($request->getActionName(), $skip);
break;
case 2:
// controller/action
$result = in_array($request->getControllerName() . '/' . $request->getActionName(), $skip);
break;
case 3:
// module/controller/action
$result = in_array($request->getModuleName() . '/' . $request->getControllerName() . '/' . $request->getActionName(), $skip);
break;
}
if ($result) {
return TRUE;
}
}
return $result;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$storage = new Zend_Auth_Storage_Session();
$data = $storage->read();
$role = $data['emprole'];
if ($role == 1) {
$role = 'admin';
}
$request->getModuleName();
$request->getControllerName();
$request->getActionName();
$module = $request->getModuleName();
$resource = $request->getControllerName();
$privilege = $request->getActionName();
$this->id_param = $request->getParam('id');
$allowed = false;
$acl = $this->_getAcl();
$moduleResource = "{$module}:{$resource}";
if ($resource == 'profile') {
$role = 'viewer';
}
if ($resource == 'services') {
$role = 'services';
}
if ($role != '') {
if ($acl->has($moduleResource)) {
$allowed = $acl->isAllowed($role, $moduleResource, $privilege);
}
if (!$allowed) {
$request->setControllerName('error');
$request->setActionName('error');
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = "";
$action = "";
$module = "";
/* if($request->getControllerName() == "index" ){
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
else if ( !$this->_auth->hasIdentity() ) {
}*/
if (!$this->_isAuthorized($request->getControllerName(), $request->getActionName())) {
if (!$this->_auth->hasIdentity()) {
if (!in_array($request->getControllerName(), $this->_moRedirect) && !Application_Model_Redirect::hasRequestUri()) {
Application_Model_Redirect::saveRequestUri("/" . $request->getControllerName() . "/" . $request->getActionName());
}
$controller = $this->_notLoggedRoute['controller'];
$action = $this->_notLoggedRoute['action'];
$module = $this->_notLoggedRoute['module'];
} else {
$controller = $this->_forbiddenRoute['controller'];
$action = $this->_forbiddenRoute['action'];
$module = $this->_forbiddenRoute['module'];
}
} else {
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
$request->setControllerName($controller);
$request->setActionName($action);
$request->setModuleName($module);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$loginController = 'authentication';
$loginAction = 'login';
$auth = Zend_Auth::getInstance();
// If user is not logged in and is not requesting login page
// - redirect to login page.
if (!$auth->hasIdentity() && $request->getControllerName() != $loginController && $request->getActionName() != $loginAction) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit($loginAction, $loginController);
}
// User is logged in or on login page.
if ($auth->hasIdentity()) {
// Is logged in
// Let's check the credential
$acl = new Tynex_Models_TynexAcl();
$identity = $auth->getIdentity();
// role is a column in the user table (database)
$isAllowed = $acl->isAllowed($identity->role, $request->getControllerName(), $request->getActionName());
if (!$isAllowed) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoUrlAndExit('/');
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if (!in_array($request->getModuleName(), array('qg', 'painel'))) {
return;
}
$controller = "";
$action = "";
$module = "";
if (!$this->_auth->hasIdentity()) {
$controller = $this->_notLoggedRoute['controller'];
$action = $this->_notLoggedRoute['action'];
$module = $request->getModuleName();
} else {
if (!$this->_isAuthorized($request->getModuleName(), $request->getControllerName(), $request->getActionName())) {
$controller = $this->_forbiddenRoute['controller'];
$action = $this->_forbiddenRoute['action'];
$module = $request->getModuleName();
} else {
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
}
$request->setControllerName($controller);
$request->setActionName($action);
$request->setModuleName($module);
}
function hasAccessUrl(Zend_Controller_Request_Abstract $request)
{
$acl = $this->getAcl();
$url1 = $request->getModuleName() . '::*';
$url2 = $request->getModuleName() . '::' . $request->getControllerName() . '::*';
$url3 = $request->getModuleName() . '::' . $request->getControllerName() . '::' . $request->getActionName();
return $acl->has($url1) && $acl->isAllowed($this->getRole(), $url1) || $acl->has($url2) && $acl->isAllowed($this->getRole(), $url2) || $acl->has($url3) && $acl->isAllowed($this->getRole(), $url3);
}
public static function getModulesIdsByRequest(Zend_Controller_Request_Abstract $request)
{
$map = self::getMapModules();
if (isset($map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()])) {
return $map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()];
} else {
return false;
}
}
/**
* @param $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$id = Zend_Auth::getInstance()->getIdentity();
if (empty($id)) {
// If it is not the login action of the authentication controller then forward to the login form
if (!($request->getControllerName() === 'authentication' || $request->getControllerName() === 'favicon.ico' || $request->getControllerName() === 'error' || $request->getControllerName() === 'index')) {
$this->_response->setRedirect('/login');
}
}
}
/**
*
* @access protected
* @return void
*/
protected function _includeCssController()
{
$ds = '/';
//DIRECTORY_SEPARATOR;
$file = 'public' . $ds . 'styles' . $ds . $this->_request->getModuleName() . $ds . $this->_request->getControllerName() . '.css';
if (file_exists(APPLICATION_PATH . $ds . '..' . $ds . $file)) {
$view = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('view');
$view->headLink()->appendStylesheet($view->baseUrl($file));
}
}
public function preDispatch(\Zend_Controller_Request_Abstract $request)
{
if ($request->getControllerName() == "login" || $request->getControllerName() == "privilegese" || $request->getControllerName() == "index" || $request->getControllerName() == "error" || $request->getControllerName() == "document") {
return;
}
$hasPrivilege = self::hasPrivilige($request);
if ($hasPrivilege == false) {
$request->setControllerName("privileges");
$request->setActionName("index");
}
}
public function getInstance(Zend_Controller_Request_Abstract $request)
{
if (!is_null($request->getModuleName())) {
$controller = $this->_loadCommand($request->getControllerName(), $request->getModuleName());
return $controller;
} elseif (!is_null($request->getControllerName())) {
$controller = $this->_loadCommand($request->getControllerName());
return $controller;
} else {
return $this->_loadCommand($this->getDefaultControllerName());
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if (preg_match('/(.*)\\.popup$/', $request->getControllerName(), $matches)) {
Zend_Layout::getMvcInstance()->setInflectorTarget('../../views/scripts/:script.popup.:suffix');
$request->setControllerName($matches[1]);
} else {
if (preg_match('/(.*)\\.raw$/', $request->getControllerName(), $matches)) {
Zend_Layout::getMvcInstance()->setInflectorTarget('../../views/scripts/:script.raw.:suffix');
$request->setControllerName($matches[1]);
}
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
/* Redirect to the upgrade controller if an upgrade is neccessary */
if (Phprojekt_Auth::isLoggedIn() && ($request->getModuleName() != 'Core' || $request->getControllerName() != 'Upgrade') && ($request->getControllerName() != 'Login' || $request->getActionName() != 'logout')) {
$migration = new Phprojekt_Migration($this->_extensions);
if ($migration->needsUpgrade()) {
$this->_request->setModuleName('Core');
$this->_request->setControllerName('Upgrade');
$this->_request->setActionName('index');
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$this->layout = Zend_Layout::getMvcInstance();
$auth = Zend_Auth::getInstance();
$authorizedModules = array("painel");
if ($request->getModuleName() == 'default') {
$this->layout->setLayout("layout.default");
} elseif ($request->getControllerName() == "error") {
$this->layout->setLayout("layout.default");
} else {
if ($request->getControllerName() == "login") {
$this->layout->setLayout("layout.login");
} else {
if ($auth->hasIdentity()) {
if ($auth->getIdentity()->sessao == "admin") {
$this->layout->setLayout("layout.painel");
} else {
$auth->clearIdentity();
header("location: /painel/login");
exit;
}
} else {
header("location: /painel/login");
exit;
}
}
}
/*
if($request->getModuleName() == 'default'){
$this->layout->setLayout("layout.default");
} else {
if($request->getControllerName() == "login"){
$this->layout->setLayout("layout.login");
}else{
if($auth->hasIdentity()) {
if($auth->getIdentity()->sessao == "admin") {
$this->layout->setLayout("layout.painel");
}else{
$auth->clearIdentity();
header("location: /painel/login");
exit;
}
}else{
header("location: /painel/login");
exit;
}
}
}
*/
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
try {
$this->_statusRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'));
$this->_aclRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'), $request->getQuery());
$this->_workflowRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'));
} catch (Saf_Controller_Front_Plugin_RouteRules_Exception $e) {
Saf_Debug::out('Enforcing Routing Rule: ' . $e->getMessage());
$request->setModuleName($e->getModuleName());
$request->setControllerName($e->getControllerName());
$request->setActionName($e->getActionName());
$request->setParam('resourceStack', $e->getResourceStack());
}
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
if ($request->getModuleName() == 'admin') {
if (!$this->_auth->hasIdentity()) {
if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') {
return true;
}
$this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index/login');
} else {
if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') {
$this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index');
}
}
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
$layout = Zend_Layout::getMvcInstance();
$layoutConfig = Zend_Json::decode(file_get_contents(APPLICATION_PATH . '/configs/layout.json'), true);
$layoutName = 'layout';
if (isset($layoutConfig[$request->getControllerName()])) {
if (is_array($layoutConfig[$request->getControllerName()]) && isset($layoutConfig[$request->getControllerName()][$request->getActionName()])) {
$layoutName = $layoutConfig[$request->getControllerName()][$request->getActionName()];
} else {
$layoutName = $layoutConfig[$request->getControllerName()];
}
}
$layout->setLayout('layouts/' . $layoutName);
parent::routeShutdown($request);
}
/**
* @param Zend_Controller_Request_Abstract $oHttpRequest
*/
public function preDispatch(Zend_Controller_Request_Abstract $oHttpRequest)
{
$sControllerName = $oHttpRequest->getControllerName();
$sActionName = $oHttpRequest->getActionName();
$aRequestedParams = $oHttpRequest->getUserParams();
$sQuery = '';
unset($aRequestedParams['controller']);
unset($aRequestedParams['action']);
// Define user role
if (Zend_Auth::getInstance()->hasIdentity()) {
$aData = Zend_Auth::getInstance()->getStorage()->read();
$sRole = $aData['role'];
} else {
// Default role
$sRole = 'guest';
}
// Check access
if (!$this->_oAcl->isAllowed($sRole, $sControllerName, $sActionName)) {
$oHttpRequest->setParam('referer_controller', $sControllerName);
$oHttpRequest->setParam('referer_action', $sActionName);
$aParams = array();
if (count($aRequestedParams)) {
foreach ($aRequestedParams as $sKey => $sValue) {
$aParams[] = $sKey;
$aParams[] = $sValue;
}
$sQuery = implode('/', $aParams) . '/';
}
$oHttpRequest->setParam('query', $sQuery);
$oHttpRequest->setControllerName('auth')->setActionName('login');
$this->_response->setHttpResponseCode(401);
}
}
/**
* routeShutdown
* 在 路由器 完成请求的路由后被调用
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
/**
* 检测请求的Content-type类型
*/
$pathinfo = $request->getPathInfo();
if (!empty($pathinfo)) {
if ($extension = pathinfo($pathinfo, PATHINFO_EXTENSION)) {
if (preg_match('/^[-a-z0-9]+$/i', $extension)) {
$request->setParam(static::KEY_EXT, strtolower($extension));
}
}
}
/**
* 检测是否支持json响应
*/
if ($request->getParam(static::KEY_EXT) == '') {
$accept = $request->getServer('HTTP_ACCEPT');
if (!empty($accept)) {
if (strpos($accept, 'json') !== false) {
$request->setParam(static::KEY_EXT, 'json');
}
}
}
/**
* 格式化请求目标信息,不允许[-a-zA-Z0-9]以外的字符
*/
$pattern = '/[^-a-zA-Z0-9].*/';
$request->setModuleName(preg_replace($pattern, '', $request->getModuleName()));
$request->setControllerName(preg_replace($pattern, '', $request->getControllerName()));
$request->setActionName(preg_replace($pattern, '', $request->getActionName()));
}
public function postDispatch(Zend_Controller_Request_Abstract $request)
{
$layout = Zend_Layout::getMvcInstance();
// the name "maintenanceMode" is also referred to in the Admin_MaintenanceController,
// so if you change the filename, it needs to be changed there too
$maintenanceModeFileName = 'maintenanceMode';
$register = new Ot_Config_Register();
$identity = Zend_Auth::getInstance()->getIdentity();
$role = empty($identity->role) ? $register->defaultRole->getValue() : $identity->role;
if (isset($identity->masquerading) && $identity->masquerading == true && isset($identity->realAccount) && !is_null($identity->realAccount) && isset($identity->realAccount->role)) {
$role = $identity->realAccount->role;
}
$acl = Zend_Registry::get('acl');
$view = $layout->getView();
$viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer');
if (is_file(APPLICATION_PATH . '/../overrides/' . $maintenanceModeFileName) && (!$request->isXmlHttpRequest() && !$viewRenderer->getNeverRender())) {
if (!$acl->isAllowed($role, 'ot_maintenance', 'index')) {
if (!($request->getModuleName() == 'ot' && $request->getControllerName() == 'login' && $request->getActionName() == 'index')) {
$response = $this->getResponse();
$layout->disableLayout();
$response->setBody($view->maintenanceMode()->publicLayout());
}
} else {
$response = $this->getResponse();
// there's no point in setting text here if it's a redirect
if ($response->isRedirect()) {
$response->setBody('');
} else {
$response->setBody($view->maintenanceMode()->header() . $response->getBody());
}
}
}
}
/**
*
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$options = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getApplication()->getOptions();
$config = new Zend_Config($options);
$acl = new My_Acl($config);
$role = 'guest';
if (Zend_Auth::getInstance()->hasIdentity()) {
$role = 'user';
if (Zend_Auth::getInstance()->hasIdentity()) {
return;
} else {
$login = Zend_Auth::getInstance()->getIdentity();
$user = My_Model::get('Users')->getUserByEmail($login);
if ($user->admin == 1) {
$role = 'admin';
}
}
}
$controller = $request->getControllerName();
$action = $request->getActionName();
$resource = $controller;
$privilege = $action;
if (!$acl->has($resource)) {
$resource = null;
}
if (is_null($privilege)) {
$privilege = 'index';
}
if (!$acl->isAllowed($role, $resource, $privilege)) {
// $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger');
// $flash->addMessage('Access Denied');
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit('login', 'admin');
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
if ('admin' == $request->getModuleName() && 'Login' != $request->getControllerName()) {
// Immediate ACL check to make sure they have identity
$allowUser = defined('DEBUG_MODE') ? true : false;
// blacklist system
$user = $request->getParam('User', null);
if ($user instanceof Showcase_User) {
// OK user has identity, check the roles
//$allowUser = Zend_registry::get('Acl')->isAllowed($user->getRoles(), "CMS User") ? true : false;
$allowUser = $user->isCmsaccess;
}
if (!$allowUser) {
$request->setControllerName('Login')->setModuleName('index')->setActionName('index')->setDispatched(false);
} else {
Showcase_Controller_Action_HelperBroker::addPath(Package::buildPath(SITE_DIR, 'classes', 'Controller', 'Action', 'Helper', 'Admin'), 'Showcase_Controller_Action_Helper_Admin');
// Cretae a new helper path for administrative privileges
//$request->setParam('Admin', Showcase_Admin::getInstance());
// Set the instance of the Admin object
//$request->getParam('View')->assign('admin', $request->getParam('Admin'));
// And inject it into the view so it can help things for Smarty
// Include the CMS JS scripts
//$request->getParam('View')->assign('javaScripts', array('/include/js/admin/js/cms'));
// Check if the user wants to force a manual cache clearance
//if ($request->getParam('flushCache')) {
// Showcase_Content_Cache::flushCache();
//}
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ($request->isXmlHttpRequest()) {
return;
}
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$isAllowed = false;
if (Zend_Auth::getInstance()->hasIdentity()) {
$user = Zend_Auth::getInstance()->getIdentity();
require_once APPLICATION_PATH . '/modules/core/services/Acl.php';
$acl = Core_Services_Acl::getInstance();
if (in_array(strtolower($module . '_' . $controller . '_' . $action), array('default_index_index', 'identity_account_logout'))) {
$isAllowed = true;
} else {
$isAllowed = $acl->isUserOrRoleAllowed($user, $module, $controller, $action);
}
}
if (!$isAllowed) {
if (Zend_Auth::getInstance()->hasIdentity()) {
$forwardAction = 'deny';
} else {
$forwardAction = 'login';
}
$sReturn = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$sReturn = base64_encode($sReturn);
$request->setModuleName('core')->setControllerName('Auth')->setActionName($forwardAction)->setParam('returnUrl', $sReturn)->setDispatched(true);
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
//clear session from search session
//$this->clearSession();
$session_user = new Zend_Session_Namespace('auth');
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$url = $module . "/" . $controller . "/" . $action;
$_url = "";
//have login
if (isset($session_user->arr_acl)) {
$arr_acl = $session_user->arr_acl;
$valid_action = FALSE;
foreach ($arr_acl as $acl) {
if ($module == $acl["module"] && $controller == $acl["controller"]) {
$valid_action = TRUE;
break;
} elseif ($module === "rsvAcl" && $controller === "user" && $action === "change-password") {
//all user level can change password all
$valid_action = TRUE;
break;
} elseif ($module === "rsvAcl" && $session_user->level === "1") {
//user level 1 can access all action in module "rsvAcl"
$valid_action = TRUE;
break;
}
}
//redirect to homepage
if (!$valid_action) {
//just open block below
if ($url !== "default/index/index" && $url !== "default/error/error" && $url !== "default/index/changepassword" && $url !== "default/index/logout") {
$_url = '/';
}
$_have = false;
foreach ($this->_exception_url as $i => $val) {
if ($url === $val) {
$_have = true;
break;
}
}
if (!$_have) {
$_url = '/';
}
} else {
$_url = $this->rewriteUrl($url);
}
} else {
//no login
//redirect to login page
if ($url !== "default/index/index") {
$_url = "/";
}
}
if (!empty($_url)) {
// echo"url here". $_url;exit();
$_url = "/home";
Application_Form_FrmMessage::redirectUrl($_url);
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$isAllowed = false;
$controller = $request->getControllerName();
$action = $request->getActionName();
// Generate the resource name
$resourceName = $controller . '/' . $action;
// Don't block errors
if ($resourceName == 'error/error') {
return;
}
$resources = $this->acl->getResources();
if (!in_array($resourceName, $resources)) {
$request->setControllerName('error')->setActionName('error')->setDispatched(true);
throw new Zend_Controller_Action_Exception('This page does not exist', 404);
return;
}
// Check if user can access this resource or not
$isAllowed = $this->acl->isAllowed(Zend_Registry::get('role'), $resourceName);
// Forward user to access denied or login page if this is guest
if (!$isAllowed) {
if (!Zend_Auth::getInstance()->hasIdentity()) {
$forwardAction = 'login';
} else {
$forwardAction = 'deny';
}
$request->setControllerName('index')->setActionName($forwardAction)->setDispatched(true);
}
}
/**
* Hlavni logika ACL
*
* @param $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$acl = new Zend_Acl();
$identity = $auth->getIdentity();
$acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner');
if ($identity->owner == true) {
$inherit = 'owner';
} elseif ($identity->administrator == true) {
$inherit = 'admin';
} else {
$inherit = 'user';
}
$acl->addRole(new Zend_Acl_Role($identity->email), $inherit);
$projekt = $request->getParam('projekt');
// Zakladni resource
foreach ($this->_resources as $val => $key) {
$acl->add(new Zend_Acl_Resource($key));
}
// Prava pro zakladni resource
$acl->allow('owner');
$acl->deny('admin', 'account');
$acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir'));
$acl->deny('user', 'account');
$acl->deny('user', 'project', $this->_create);
$acl->deny('user', 'people', $this->_create);
$acl->deny('user', 'project', $this->_manage);
$acl->deny('user', 'people', $this->_manage);
if ($request->id == $identity->iduser) {
$acl->allow('user', 'people', $this->_manage);
}
// Resource pro projektovou podsekci
$this->_projectAcl($acl, $identity);
Zend_Registry::set('acl', $acl);
if ($identity->administrator == 1) {
$isAllowed = true;
} elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName());
} elseif (in_array($request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName());
} else {
$isAllowed = false;
}
$error = $request->getParam('error_handler');
if (is_null($error)) {
if (!$isAllowed) {
$module = $this->_noacl['module'];
$controller = $this->_noacl['controller'];
$action = $this->_noacl['action'];
}
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}
