private function buildAclList()
 {
     $acl = new AclList();
     $acl->setDefaultAction(Acl::DENY);
     /*==========  Add roles to ACL  ==========*/
     $roles = [self::GUEST, self::USER, self::ADMIN];
     foreach ($roles as $role) {
         $acl->addRole($role);
     }
     /*==========  Add resources to ACL  ==========*/
     $resources = [self::GUEST => ['index' => ['*'], 'signup' => ['*'], 'signin' => ['*'], 'error' => ['*'], 'profile' => ['newPassword'], 'language' => ['*']], self::USER => ['profile' => ['*'], 'logout' => ['*']], self::ADMIN => ['usermanagement' => ['*']]];
     foreach ($resources as $area) {
         foreach ($area as $controller => $action) {
             $acl->addResource($controller, $action);
         }
     }
     /*==========  Add appropriate permissions  ==========*/
     foreach ($roles as $role) {
         foreach ($resources[self::GUEST] as $controller => $action) {
             $acl->allow($role, $controller, $action);
         }
     }
     foreach ($resources[self::USER] as $controller => $action) {
         $acl->allow(self::USER, $controller, $action);
         $acl->allow(self::ADMIN, $controller, $action);
     }
     foreach ($resources[self::ADMIN] as $controller => $action) {
         $acl->allow(self::ADMIN, $controller, $action);
     }
     return $acl;
 }
Exemple #2
0
 public function aclAction()
 {
     echo 'this is acl test!<br>';
     $acl = new AclList();
     $acl->setDefaultAction(Acl::DENY);
     // 创建角色
     // The first parameter is the name, the second parameter is an optional description.
     $roleAdmins = new Role("Administrators");
     $roleEditors = new Role("Editors");
     // 添加 "Guests" 角色到ACL
     $acl->addRole($roleAdmins);
     $acl->addRole($roleEditors);
     // 添加"Designers"到ACL, 仅使用此字符串。
     //$acl->addRole("Designers");
     // 定义 "Customers" 资源
     $customersResource = new Resource("Customers");
     $acl->addResource($customersResource, "search");
     $acl->addResource($customersResource, array("create", "update"));
     // 设置角色对资源的访问级别
     $acl->allow("Administrators", "Customers", "search");
     $acl->allow("Administrators", "Customers", "create");
     $acl->deny("Editors", "Customers", "update");
     var_dump($acl);
     exit;
     // 查询角色是否有访问权限
     var_dump($acl->isAllowed("Administrators", "Customers", "search"));
     exit;
 }
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::ALLOW);
         //Register roles
         //			$roles = array(
         //				'users'  => new Role('Users'),
         //				'guests' => new Role('Guests')
         //			);
         //			foreach ($roles as $role) {
         //				$acl->addRole($role);
         //			}
         //
         //			//Private area resources
         //			$privateResources = array(
         //				'companies'    => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'),
         //				'products'     => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'),
         //				'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'),
         //				'invoices'     => array('index', 'profile')
         //			);
         //			foreach ($privateResources as $resource => $actions) {
         //				$acl->addResource(new Resource($resource), $actions);
         //			}
         //
         //			//Public area resources
         //			$publicResources = array(
         //				'index'      => array('index'),
         //				'about'      => array('index'),
         //				'register'   => array('index'),
         //				'errors'     => array('show401', 'show404', 'show500'),
         //				'session'    => array('index', 'register', 'start', 'end'),
         //				'contact'    => array('index', 'send')
         //			);
         //			foreach ($publicResources as $resource => $actions) {
         //				$acl->addResource(new Resource($resource), $actions);
         //			}
         //
         //			//Grant access to public areas to both users and guests
         //			foreach ($roles as $role) {
         //				foreach ($publicResources as $resource => $actions) {
         //					foreach ($actions as $action){
         //						$acl->allow($role->getName(), $resource, $action);
         //					}
         //				}
         //			}
         //
         //			//Grant access to private area to role Users
         //			foreach ($privateResources as $resource => $actions) {
         //				foreach ($actions as $action){
         //					$acl->allow('Users', $resource, $action);
         //				}
         //			}
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
Exemple #4
0
 public function register()
 {
     $acl = new PhalconMemoryAdapter();
     $acl->setDefaultAction(PhalconACL::DENY);
     foreach (config()->acl->roles as $role) {
         $acl->addRole(new PhalconRole($role));
     }
     return $acl;
 }
Exemple #5
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         try {
             $acl = new Acl\Adapter\Memory();
             $acl->setDefaultAction(Acl::DENY);
             $acl->addRole('guest');
             //add guests role
             $acl->addRole('user', 'guest');
             //all users and companies get guest permissions
             $acl->addRole('admin', 'user');
             $resources = (require APPLICATION_PATH . '/config/acl/resources.php');
             foreach ($resources as $controller => $actions) {
                 $acl->addResource($controller, $actions);
             }
             $permissions = (require APPLICATION_PATH . '/config/acl/permissions.php');
             foreach ($permissions as $role => $rules) {
                 foreach ($rules as $controller => $action) {
                     $acl->allow($role, $controller, $action);
                 }
             }
             //give admins everything
             $acl->addRole('admin');
             $acl->allow('admin', '*', '*');
             $this->persistent->acl = $acl;
         } catch (\Exception $e) {
             if (APPLICATION_ENV == 'development' || APPLICATION_ENV == 'local_development') {
                 die($e->getMessage() . "<hr><pre>" . print_r($e->getTraceAsString(), true) . "</pre>");
             }
         }
     }
     return $this->persistent->acl;
 }
 public function __construct()
 {
     parent::__construct();
     $roles = array('users' => new \Phalcon\Acl\Role('Users'), 'guests' => new \Phalcon\Acl\Role('Guests'));
     foreach ($roles as $role) {
         $this->addRole($role);
     }
     //Private area resources
     $privateResources = array();
     foreach ($privateResources as $resource => $actions) {
         $this->addResource(new \Phalcon\Acl\Resource($resource), $actions);
     }
     //Public area resources
     $publicResources = array('index/index' => array('index'), 'index/error' => array('error404', 'error500'), 'admin/index' => array('index', 'login', 'logout'));
     foreach ($publicResources as $resource => $actions) {
         $this->addResource(new \Phalcon\Acl\Resource($resource), $actions);
     }
     //Grant access to public areas to both users and guests
     foreach ($roles as $role) {
         foreach ($publicResources as $resource => $actions) {
             $this->allow($role->getName(), $resource, '*');
         }
     }
     //Grant access to private area to role Users
     foreach ($privateResources as $resource => $actions) {
         foreach ($actions as $action) {
             $this->allow('Users', $resource, $action);
         }
     }
 }
Exemple #7
0
 public function __construct()
 {
     parent::__construct();
     $this->setDefaultAction(\Phalcon\Acl::DENY);
     $roles = array('admin' => new \Phalcon\Acl\Role('admin', 'Администратор'), 'guest' => new \Phalcon\Acl\Role('guest', 'Неавторизированный посетитель. Простое посещение'), 'member' => new \Phalcon\Acl\Role('member', 'Авторизированный посетитель'));
     foreach ($roles as $role) {
         $this->addRole($role);
     }
     $privateResources = array('admin/admin-user', 'cms/configuration', 'cms/translate', 'widget/admin', 'projects/admin', 'systems/admin', 'video/admin', 'file-manager/index', 'page/admin', 'publication/admin', 'slider/admin', 'seo/robots');
     foreach ($privateResources as $resource) {
         $this->addResource(new \Phalcon\Acl\Resource($resource));
     }
     $publicResources = array('admin/index', 'index/index', 'index/error', 'projects/index', 'systems/index', 'page/index', 'video/index', 'publication/index');
     foreach ($publicResources as $resource) {
         $this->addResource(new \Phalcon\Acl\Resource($resource));
     }
     foreach ($roles as $role) {
         foreach ($publicResources as $resource) {
             $this->allow($role->getName(), $resource, '*');
         }
     }
     foreach ($privateResources as $resource) {
         $this->allow('admin', $resource, '*');
     }
 }
 /**
  * @return AdapterInterface
  */
 public function getAcl()
 {
     /**
      * @todo remove
      */
     $this->persistent->destroy();
     if (!isset($this->persistent->acl)) {
         $acl_adaptor = new Memory();
         $acl_adaptor->setDefaultAction(Acl::DENY);
         $acl_helper = new Helper($acl_adaptor, $this->public_resources, $this->private_resources);
         /**
          * The acl is stored in session, APC would be useful here too
          */
         $this->persistent->acl = $acl_helper->initialize()->getAcl();
     }
     return $this->persistent->acl;
 }
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     //throw new \Exception("something");
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('guests' => new Role('Guests'), 'users' => new Role('Users'), 'admins' => new Role('Admins'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Public area resources  - READ ONLY
         $publicResources = array('index' => array('index'), 'user' => array('list', 'get', 'details', 'search'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('signup', 'login', 'logout'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //User area resources  -- READ ONLY
         $userResourses = array('user' => array('index', 'search'));
         foreach ($userResourses as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant acess to private area to role Users
         foreach ($userResourses as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //Admins Resourses    -- ALLOW ALLs
         $adminResourses = array('user' => array('index', 'edit', 'delete', 'update', 'create', 'search', 'save', 'remove'));
         foreach ($adminResourses as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to private area to role Admins
         foreach ($adminResourses as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Admins', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     if (!$this->persistent->get('acl')) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         // Register roles
         $roles = ['users' => new Role('Users', 'Member privileges, granted after sign in.'), 'guests' => new Role('Guests', 'Anyone browsing the site who is not signed in is considered to be a "Guest".')];
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         if ($this->resource instanceof ResourceInterface) {
             foreach ($this->resource->getAllResources() as $resource => $actions) {
                 $acl->addResource(new Resource($resource), $actions);
             }
             // Grant access to public areas to both users and guests
             foreach ($roles as $role) {
                 foreach ($this->resource->getPublicResources() as $resource => $actions) {
                     foreach ($actions as $action) {
                         $acl->allow($role->getName(), $resource, $action);
                     }
                 }
             }
             // Grant access to private area to role Users
             foreach ($this->resource->getPrivateResources() as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow('Users', $resource, $action);
                 }
             }
         }
         // The acl is stored in session, APC would be useful here too
         $this->persistent->set('acl', $acl);
     }
     return $this->persistent->get('acl');
 }
Exemple #11
0
 public function getAcl()
 {
     if ($this->acl) {
         return $this->acl;
     }
     $cache = $this->getCache();
     if ($cache && ($data = $cache->get('acl'))) {
         return $this->acl = $data;
     }
     $acl = new MemoryAcl();
     $acl->setDefaultAction(Acl::DENY);
     $roles = Entities\Roles::find();
     foreach ($roles as $role) {
         $roleName = $role->name ? $role->name : $role->roleKey;
         $acl->addRole($role->roleKey, $role->roleKey);
     }
     $resources = Entities\Resources::find();
     foreach ($resources as $resource) {
         $acl->addResource($resource->resourceKey);
     }
     $operations = Entities\Operations::find();
     foreach ($operations as $operation) {
         $acl->addResourceAccess($operation->resourceKey, $operation->operationKey);
         if ($operation->roles) {
             foreach ($operation->roles as $role) {
                 $acl->allow($role->roleKey, $operation->resourceKey, $operation->operationKey);
             }
         }
     }
     if ($cache) {
         $cache->save('acl', $acl);
     }
     return $this->acl = $acl;
 }
 public function _getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Memory();
         $acl->setDefaultAction(Acl::ALLOW);
         //Register roles
         $roles = array('admin' => new Acl\Role('Administrator'), 'manager' => new Acl\Role('Manager'), 'staff' => new Acl\Role('Staff'));
         $acl->addRole($roles['staff']);
         $acl->addRole($roles['manager']);
         $acl->addRole($roles['admin']);
         // admin inherits staff
         // resources that sales are denied
         $staffResources = array("reports" => array("index"));
         // add resources for sales
         foreach ($staffResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
             foreach ($actions as $action) {
                 $acl->deny($roles['staff']->getName(), $resource, $action);
             }
             // $acl->allow($roles['staff']->getName(), $resource, '*');
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 /**
  * Access Control List
  */
 public function acl()
 {
     $acl = new Memory();
     $acl->setDefaultAction(Acl::DENY);
     $roles = array('guests', 'users');
     $resources = array('users' => array('auth' => array('guests'), 'create' => array('guests'), 'logout' => array('users')), 'posts' => array('create' => array('users'), 'mine' => array('users'), 'all' => array('users')));
     foreach ($roles as $role) {
         $acl->addRole(new Role($role));
     }
     foreach ($resources as $resource => $actions) {
         $acl->addResource(new Resource($resource), array_keys($actions));
         foreach ($actions as $action => $roles) {
             foreach ($roles as $role) {
                 $acl->allow($role, $resource, $action);
             }
         }
     }
     return $acl;
 }
 public function __construct()
 {
     parent::__construct();
     $this->setDefaultAction(\Phalcon\Acl::DENY);
     /**
      * Full list of Roles
      */
     $roles = [];
     $roles['guest'] = new \Phalcon\Acl\Role('guest', 'Guest');
     $roles['member'] = new \Phalcon\Acl\Role('member', 'Member');
     $roles['journalist'] = new \Phalcon\Acl\Role('journalist', 'Journalist');
     $roles['editor'] = new \Phalcon\Acl\Role('editor', 'Journalist');
     $roles['admin'] = new \Phalcon\Acl\Role('admin', 'Admin');
     /**
      * Frontend roles
      */
     $this->addRole($roles['guest']);
     $this->addRole($roles['member'], $roles['guest']);
     /**
      * Backend roles
      */
     $this->addRole($roles['journalist']);
     $this->addRole($roles['editor'], $roles['journalist']);
     $this->addRole($roles['admin']);
     /**
      * Include resources permissions list from file /app/config/acl.php
      */
     $resources = (include APPLICATION_PATH . '/config/acl.php');
     foreach ($resources as $roles_resources) {
         foreach ($roles_resources as $resource => $actions) {
             $registerActions = '*';
             if (is_array($actions)) {
                 $registerActions = $actions;
             }
             $this->addResource(new \Phalcon\Acl\Resource($resource), $registerActions);
         }
     }
     /**
      * Make unlimited access for admin role
      */
     $this->allow('admin', '*', '*');
     /**
      * Set roles permissions
      */
     foreach ($roles as $k => $role) {
         $user_resource = $resources[$k];
         foreach ($user_resource as $roles_resources => $method) {
             if ($method == '*') {
                 $this->allow($k, $roles_resources, '*');
             } else {
                 $this->allow($k, $roles_resources, $method);
             }
         }
     }
 }
 private function getAcl($namespace)
 {
     // Create a new instantion of ACL
     $acl = new AclList();
     $acl->setDefaultAction(Acl::DENY);
     // Get groups for later use
     $groups = Groups::find();
     // Get all available resources and add them to the acl resources
     foreach ($this->getAvailableResources($namespace) as $resource => $actions) {
         $acl->addResource(new Resource($resource), $actions);
     }
     // Add groups to ACL roles
     foreach ($groups as $group) {
         $acl->addRole($group->name);
     }
     // Allow groups to use resources assigned to them
     foreach ($groups as $group) {
         foreach ($this->getPermissions($group->group_id) as $permission) {
             foreach ($this->getAllowedResources($permission->permission_id, $namespace) as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($group->name, $resource, $action);
                 }
             }
         }
     }
     // Return ACL list
     return $acl;
 }
Exemple #16
0
 public function rebuild()
 {
     $acl = new AclMemory();
     $acl->setDefaultAction(\Phalcon\Acl::DENY);
     $profiles = Profiles::find('active = "Y"');
     foreach ($profiles as $profile) {
         $acl->addRole(new AclRole($profile->name));
     }
     foreach ($this->privateResource as $resource => $actions) {
         $acl->addResource(new AclResource($resource), $actions);
     }
     //数据库中查找到profiles表中的角色, 在找对应permissions表中的权限.
     foreach ($profiles as $profile) {
         foreach ($profile->getPermissions() as $permission) {
             $acl->allow($profile->name, $permission->resource, $permission->action);
         }
         //所有的角色都可以访问 users
         $acl->allow($profile->name, 'users', 'changePassword');
     }
     if (touch(APP_DIR . $this->filePath) && is_writable(APP_DIR . $this->filePath)) {
         file_put_contents(APP_DIR . $this->filePath, serialize($acl));
     } else {
         $this->flash->error('The user does not have write permissions to create the ACL list at ' . APP_DIR . $this->filePath);
     }
     return $acl;
 }
Exemple #17
0
 /**
  * Get acl system.
  *
  * @return AclMemory
  */
 public function getAcl($config)
 {
     $permission = $config->permission->toArray();
     if (!$this->_acl) {
         $cacheData = $this->getDI()->get('cacheData');
         $acl = $cacheData->get(self::CACHE_KEY_ACL);
         if ($acl === null) {
             $acl = new PhAclMemory();
             $acl->setDefaultAction(PhAcl::DENY);
             $groupList = array_keys($permission);
             foreach ($groupList as $groupConst => $groupValue) {
                 // Add Role
                 $acl->addRole(new Role((string) $groupValue));
                 if (isset($permission[$groupValue]) && is_array($permission[$groupValue]) == true) {
                     foreach ($permission[$groupValue] as $group => $controller) {
                         foreach ($controller as $action) {
                             $actionArr = explode('/', $action);
                             $resource = strtolower($group) . '/' . $actionArr[0];
                             // Add Resource
                             $acl->addResource($resource, $actionArr[1]);
                             // Grant role to resource
                             $acl->allow($groupValue, $resource, $actionArr[1]);
                         }
                     }
                 }
             }
             $cacheData->save(self::CACHE_KEY_ACL, $acl, 2592000);
             // 30 days cache.
         }
         $this->_acl = $acl;
     }
     return $this->_acl;
 }
Exemple #18
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         $roles = array('admin' => new Role("Admin"), 'users' => new Role("User"), 'guests' => new Role("Guest"));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         $aclResources = array('admin' => array(), 'user' => array('profile' => array("index", "edit", "view")), 'public' => array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'start', 'end')));
         foreach ($aclResources as $type => $resource) {
             foreach ($resource as $res => $actions) {
                 $acl->addResource(new Resource($res), $actions);
             }
         }
         foreach ($aclResources["public"] as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("Guest", $resource, $action);
                 $acl->allow("User", $resource, $action);
                 $acl->allow("Admin", $resource, $action);
             }
         }
         foreach ($aclResources["user"] as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("User", $resource, $action);
                 $acl->allow("Admin", $resource, $action);
             }
         }
         foreach ($aclResources["admin"] as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("Admin", $resource, $action);
             }
         }
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
Exemple #19
0
 /**
  * Add role to acl.
  *
  * @param string          $role  role
  * @param \Phalcon\Config $rules rules
  *
  * @return $this
  *
  * @throws \Phalcon\Acl\Exception
  */
 protected function addRole($role, \Phalcon\Config $rules)
 {
     // role has inheritance ?
     if ($rules->get('inherit')) {
         // role exists?
         if (!array_key_exists($rules->inherit, $this->roles)) {
             throw new \Phalcon\Acl\Exception(sprintf('Role "%s" cannot inherit non-existent role "%s".
                  Either such role does not exist or it is set to be inherited before it is actually defined.', $role, $rules->inherit));
         }
         $this->acl->addRole($this->roles[$role], $this->roles[$rules->inherit]);
     } else {
         $this->acl->addRole($this->roles[$role]);
     }
     return $this;
 }
Exemple #20
0
 public function createAcl()
 {
     $acl = new AclList();
     $acl->setDefaultAction(\Phalcon\Acl::DENY);
     foreach ($this->resources as $role => $groups) {
         $acl->addRole(new Role($role, ucfirst($role)));
         foreach ($groups as $module => $controllers) {
             foreach ($controllers as $controller => $actions) {
                 $resource = strtolower($module) . '/' . $controller;
                 $acl->addResource(new Resource($resource), $actions);
                 $acl->allow($role, $resource, $actions);
             }
         }
     }
     if (touch(ROOT_URL . $this->filePath) && is_writable(ROOT_URL . $this->filePath)) {
         // Save in File
         file_put_contents(ROOT_URL . $this->filePath, serialize($acl));
         // Save cache in APC
         if (function_exists('apc_store')) {
             apc_store('acl', $acl);
         }
     }
     return $acl;
 }
    protected function _getAcl(){
        if(!isset($this->persistent->acl)){
            $acl=new Acl\Adapter\Memory();
            $acl->setDefaultAction(Acl::DENY);

            $roles=[
                self::GUEST => new Acl\Role(self::GUEST),
                self::USER => new Acl\Role(self::USER),
                self::ADMIN => new Acl\Role(self::ADMIN)
            ];

            foreach($roles as $role){
                $acl->addRole($role);
            }
            //Public Resources
            foreach($this->_publicResources as $resource => $action){
                $acl->addResource(new Acl\Resource($resource),$action);
            }
            //User Resources
            foreach($this->_userResources as $resource => $action){
                $acl->addResource(new Acl\Resource($resource),$action);
            }
            //Admin Resources
            foreach($this->_adminResources as $resource => $action){
                $acl->addResource(new Acl\Resource($resource),$action);
            }
            //Allow all resources to access the Public Resources
            foreach($roles as $role){
                foreach($this->_publicResources as $resource=> $action){
                    $acl->allow($role->getName(), $resource,'*');
                }
            }
            //Allow User and Admin to access the User Resources
            foreach($this->_userResources as $resource => $actions){
                foreach($actions as $action){
                    $acl->allow(self::USER,$resource,$action);
                    $acl->allow(self::ADMIN,$resource,$action);
                }
            }
            //Allow admin to access the Admin Resources
            foreach($this->_adminResources as $resource => $actions){
                foreach($actions as $action){
                    $acl->allow(self::ADMIN,$resource,$action);
                }
            }

            $this->persistent->acl=$acl;
        }

        return $this->persistent->acl;
    }
 /**
  * Get access control list.
  * @return access control list
  */
 private function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('guest' => new Role('guest'), 'user' => new Role('user'), 'administrator' => new Role('administrator'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         // Resources for all users
         $publicResources = array('default' => array('index', 'getCsrfToken', 'terms', 'privacy', 'changeLanguage'), 'errors' => array('notSupportedError', 'resourceNotFound', 'internalServerError'), 'accounts' => array('signIn', 'doSignIn', 'signUp', 'doSignUp', 'verifyEmail', 'signOut', 'user', 'getIssues', 'resetPassword', 'doForgotPassword', 'doResetPassword'), 'products' => array('index', 'getProducts', 'product', 'getIssues', 'newIssue', 'issue', 'getIssueReplies'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         // Resources for users logged in
         $loggedInResources = array('products' => array('createIssue', 'createIssueReply'), 'dashboard' => array('index', 'profile', 'changePassword', 'updateProfile', 'products', 'getProducts', 'getProduct', 'createProduct', 'editProduct', 'receivedIssues', 'getReceivedIssues', 'submittedIssues', 'getSubmittedIssues'));
         foreach ($loggedInResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         // Resources for administrators only
         $administrationResources = array('administration' => array('index', 'users', 'user', 'products', 'product', 'issues', 'issue'));
         foreach ($administrationResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         // Grant access to public areas to both guests, users and administrators
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         // Grant acess to dashboard area to role users and administrators
         foreach ($loggedInResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('user', $resource, $action);
                 $acl->allow('administrator', $resource, $action);
             }
         }
         // Grant acess to administration area to role administrators
         foreach ($administrationResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('administrator', $resource, $action);
             }
         }
         // The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         //Creamos la lista de accesos
         $acl = new AclList();
         //Por defecto la lista deniega el acceso
         $acl->setDefaultAction(Acl::DENY);
         //Creamos los diferentes roles
         $roles = array('users' => new Role('Users'), 'guest' => new Role('Guest'));
         //Los añadirmos a la lista
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Indicamos las areas privadas
         $privateResources = array('trabajo' => array('index'), 'trabajopadre' => array('index'), 'trabajoprofe' => array('index'), 'trabajoadmin' => array('index'), 'entidad' => array('index', 'operacionalumno'));
         //Añadimos las alreas
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Indicamos las areas publicas
         $publicResources = array('index' => array('index'), 'about' => array('index'), 'blog' => array('index'), 'contact' => array('index'), 'usuario' => array('login', 'end'), 'errors' => array('show401', 'show404', 'show500'));
         //Añadimos las alreas
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Damos acceso a las areas publicas
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //Damos acceso a las areas privadas
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //Asignamos la lista de accesos a objeto persistente
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('users' => new Role('Users', 'Utilisateur authentifier avec un compte actif'), 'guests' => new Role('Guests', 'Utilisateur non authentifier'));
         //var_dump($roles);die();
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Not camelCase autorized in define Ressource
         //Private area resources
         $privateResources = array('lang' => array('index', 'test'), 'contact' => array('index', 'form', 'new', 'edit', 'save', 'create', 'delete'), 'index' => array('listMembers'), 'listemenu' => array('index'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'notFound' => array('index', 'debugEnv'), 'session' => array('index', 'start'), 'inscription' => array('index'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //var_dump($acl);die();
         //Grant access to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     //var_dump($this->persistent->acl);die();
     return $this->persistent->acl;
 }
 /**
  *
  * @return \Phalcon\Acl\Adapter\Memory
  */
 public function getAcl()
 {
     // setup acl at first time
     if (!isset($this->persistent->acl)) {
         // create acl list for type of user
         $acl = new AclList();
         // deny is default acl
         $acl->setDefaultAction(Acl::DENY);
         // Create 2 roler for two user type: guest and user
         $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         // private resource area
         $privateResources = array('users' => array('index', 'search', 'edit', 'delete'), 'companies' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
         // add private area
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         // public area
         $publicResource = array('index' => array('index'), 'about' => array('index'), 'register' => array('index', 'regis'), 'session' => array('index', 'register', 'start', 'end'), 'users' => array('create', 'new'));
         // add public area
         foreach ($publicResource as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         // grant all user have access to get public area
         foreach ($roles as $role) {
             foreach ($publicResource as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         // grant for only user have access to private area
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 private function _getAcl()
 {
     // Create an empty ACL
     $acl = new AclList();
     // Set the default action to be DENY access
     $acl->setDefaultAction(Acl::DENY);
     $roles = array('admin' => new Role('admin'), 'donor' => new Role('donor'), 'none' => new Role('none'));
     foreach ($roles as $role) {
         $acl->addRole($role);
     }
     $adminResources = array('admin' => array('index', 'update', 'setup'));
     $donorResources = array('donor' => array('index'));
     $noneResources = array('index' => array('index'), 'user' => array('login', 'logout'));
     $resources = array($adminResources, $donorResources, $noneResources);
     foreach ($resources as $resourceList) {
         foreach ($resourceList as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
     }
     foreach ($roles as $role) {
         foreach ($noneResources as $resource => $actions) {
             $acl->allow($role->getName(), $resource, '*');
         }
     }
     foreach ($donorResources as $resource => $actions) {
         foreach ($actions as $action) {
             $acl->allow('donor', $resource, $action);
         }
     }
     foreach ($adminResources as $resource => $actions) {
         foreach ($actions as $action) {
             $acl->allow('admin', $resource, $action);
         }
     }
     return $acl;
 }
Exemple #27
0
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     //throw new \Exception("something");
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'), 'privatepage' => array('index'), 'todo' => array('index', 'add', 'done', 'restore', 'remove'), 'phones' => array('index', 'reserve', 'getUserName', 'cancelReservation'), 'phoneAdd' => array('index', 'add'), 'phonesProducers' => array('index', 'add'), 'operatingSystems' => array('index', 'add'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'about' => array('index'), 'portfolio' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
Exemple #28
0
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     //throw new \Exception("something");
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('index' => array('export', 'import'), 'people' => array('list', 'new', 'edit', 'create', 'delete', 'update'), 'stickers' => array('add', 'delete', 'create'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array();
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'api' => array('index', 'addCategory', 'addProduct', 'getCategory', 'getProduct', 'getProductByCategory', 'updateCategory', 'updateProduct', 'deleteProduct', 'deleteCategory'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //Grant access to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
Exemple #30
0
 /**
  * Returns an existing or new access control list
  *
  * @returns AclList
  */
 public function getAcl()
 {
     if (true) {
         $acl = new AclList();
         $acl->setDefaultAction(Acl::DENY);
         //Register roles
         $roles = array('users' => new Role('Users'), 'guests' => new Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('user' => array('register', 'list', 'delete'), 'tag' => array('list', 'create', 'delete'), 'content' => array('view', 'add'), 'pic' => array('list', 'create', 'delete', 'changeBrief'), 'search' => array('list', 'create', 'delete', 'userSearchList'), 'feedback' => array('list', 'view'), 'app' => array('list', 'unpass'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'api' => array('index'), 'install' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //Grant access to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }