public function protectPage(MvcEvent $event) { $match = $event->getRouteMatch(); if (!$match) { // we cannot do anything without a resolved route return; } $controller = $match->getParam('controller'); $action = $match->getParam('action'); $namespace = $match->getParam('__NAMESPACE__'); $parts = explode('\\', $namespace); $moduleNamespace = $parts[0]; $services = $event->getApplication()->getServiceManager(); $config = $services->get('config'); $auth = $services->get('auth'); $acl = $services->get('acl'); // get the role of the current user $currentUser = $services->get('user'); $role = $currentUser->getRole(); // This is how we add default acl and role to the navigation view helpers \Zend\View\Helper\Navigation\AbstractHelper::setDefaultAcl($acl); \Zend\View\Helper\Navigation\AbstractHelper::setDefaultRole($role); // check if the current module wants to use the ACL $aclModules = $config['acl']['modules']; if (!empty($aclModules) && !in_array($moduleNamespace, $aclModules)) { return; } // Get the short name of the controller and use it as resource name // Example: User\Controller\Course -> course $resourceAliases = $config['acl']['resource_aliases']; if (isset($resourceAliases[$controller])) { $resource = $resourceAliases[$controller]; } else { $resource = strtolower(substr($controller, strrpos($controller, '\\') + 1)); } // If a resource is not in the ACL add it if (!$acl->hasResource($resource)) { $acl->addResource($resource); } try { if ($acl->isAllowed($role, $resource, $action)) { return; } } catch (AclException $ex) { // @todo: log in the warning log the missing resource } // If the role is not allowed access to the resource we have to redirect the // current user to the log in page. $e = new EventManager('user'); $e->trigger('deny', $this, array('match' => $match, 'role' => $role, 'acl' => $acl)); // Set the response code to HTTP 403: Forbidden $response = $event->getResponse(); $response->setStatusCode(403); // and redirect the current user to the denied action $match->setParam('controller', 'User\\Controller\\Account'); $match->setParam('action', 'denied'); }
/** * {@inheritdoc} */ public function onBootstrap(EventInterface $e) { /** @var ApplicationInterface $app */ $app = $e->getTarget(); $serviceManager = $app->getServiceManager(); $app->getEventManager()->attach([MvcEvent::EVENT_DISPATCH, MvcEvent::EVENT_DISPATCH_ERROR], function () use($serviceManager) { /** @var Authorize $auth */ $auth = $serviceManager->get('BjyAuthorize\\Service\\Authorize'); AbstractHelper::setDefaultAcl($auth->getAcl()); AbstractHelper::setDefaultRole($auth->getIdentity()); }); }
public function setDefaultAclAndRole(MvcEvent $e) { $request = $e->getRequest(); if ($request instanceof \Zend\Console\Request) { return; } $role = \Access\Permissions\Acl\AclBuilder::ROLE_GUEST; if ($this->getAuthService()->hasIdentity()) { $role = $this->getAuthService()->getIdentity()->getRole(); } \Zend\View\Helper\Navigation\AbstractHelper::setDefaultAcl($this->getAcl()); \Zend\View\Helper\Navigation\AbstractHelper::setDefaultRole($role); }
public function onBootstrap(MvcEvent $e) { $eventManager = $e->getApplication()->getEventManager(); $eventManager->attach(new RegisterListener()); $sm = $e->getApplication()->getServiceManager(); $config = $sm->get('Config'); // Add ACL information to the Navigation view helper $authorize = $sm->get('BjyAuthorizeServiceAuthorize'); $acl = $authorize->getAcl(); $role = $authorize->getIdentity(); ZendViewHelperNavigation::setDefaultAcl($acl); ZendViewHelperNavigation::setDefaultRole($role); $this->initSession($config['User']['session']); $this->onLogOut($e); }
public function testSetDefaultRoleThrowsExceptionWhenGivenAnArbitraryObject() { try { Navigation\AbstractHelper::setDefaultRole(new \stdClass()); $this->fail('An invalid argument was given, but a ' . 'Zend_View_Exception was not thrown'); } catch (View\Exception\ExceptionInterface $e) { $this->assertContains('$role must be', $e->getMessage()); } }
/** * Registriert die Module aus der DB mit Zend/Auth * Setzt die Rechte der Gruppen * * @param $sm */ public function __construct($sm) { $authSessionStorage = new Session('AUTH_IDENTITY'); parent::__construct($authSessionStorage); $em = $sm->get('Doctrine\\ORM\\EntityManager'); $acl = new ZendAcl(); // add roles foreach ($em->getRepository('Auth\\Entity\\Role')->findBy(array(), array('parentId' => 'ASC')) as $role) { if ($role->parent) { $parentName = $role->parent->name; } else { $parentName = null; } $acl->addRole(new GenericRole($role->name), $parentName); } // add resources + action foreach ($em->getRepository('Auth\\Entity\\Resource')->findBy(array(), array('modul' => 'DESC')) as $resource) { $ressouceName = $resource->modul; if ($resource->action) { $ressouceName .= '/' . $resource->action; } if ($resource->subAction) { $ressouceName .= '/' . $resource->subAction; } $acl->addResource(new GenericResource($ressouceName)); } unset($ressouceName); // deny all $acl->deny(null); // add permissions foreach ($em->getRepository('Auth\\Entity\\Permission')->findAll() as $permission) { // allow $permissionName = $permission->resource->modul; if ($permission->resource->action) { $permissionName .= '/' . $permission->resource->action; } if ($permission->resource->subAction) { $permissionName .= '/' . $permission->resource->subAction; } $acl->allow($permission->gruppe->name, $permissionName); } // register identity if (!$this->hasIdentity()) { // register as gast $benutzer = new Benutzer(); $benutzer->setUsername('Unbekannter User'); $benutzer->setId(0); $benutzer->setLoggedIn(false); $gruppe = new Role(); $gruppe->id = 2; $gruppe->name = 'Gast'; $gruppe->supervisor = 0; $benutzer->setGruppe($gruppe); if (!$benutzer) { throw new \Exception('Gastbenutzer mit der ID -1 nicht vorhanden - bitte direkt in der Datenbank anlegen'); } $this->getStorage()->write($benutzer); } // register acl in navigation \Zend\View\Helper\Navigation\AbstractHelper::setDefaultAcl($acl); \Zend\View\Helper\Navigation\AbstractHelper::setDefaultRole($this->getIdentity()->getGruppe()->name); $this->acl = $acl; $this->sm = $sm; $this->em = $em; return $this; }
/** * Implements Zend_Navigation helper components. */ protected function navigationHelper() { NavigationHelper::setDefaultAcl($this->getAcl()); NavigationHelper::setDefaultRole($this->getRole()); }