public function protectPage(MvcEvent $event)
{
$match = $event->getRouteMatch();
if (!$match) {
// we cannot do anything without a resolved route
return;
}
$controller = $match->getParam('controller');
$action = $match->getParam('action');
$namespace = $match->getParam('__NAMESPACE__');
$parts = explode('\\', $namespace);
$moduleNamespace = $parts[0];
$services = $event->getApplication()->getServiceManager();
$config = $services->get('config');
$auth = $services->get('auth');
$acl = $services->get('acl');
// get the role of the current user
$currentUser = $services->get('user');
$role = $currentUser->getRole();
// This is how we add default acl and role to the navigation view helpers
\Zend\View\Helper\Navigation\AbstractHelper::setDefaultAcl($acl);
\Zend\View\Helper\Navigation\AbstractHelper::setDefaultRole($role);
// check if the current module wants to use the ACL
$aclModules = $config['acl']['modules'];
if (!empty($aclModules) && !in_array($moduleNamespace, $aclModules)) {
return;
}
// Get the short name of the controller and use it as resource name
// Example: User\Controller\Course -> course
$resourceAliases = $config['acl']['resource_aliases'];
if (isset($resourceAliases[$controller])) {
$resource = $resourceAliases[$controller];
} else {
$resource = strtolower(substr($controller, strrpos($controller, '\\') + 1));
}
// If a resource is not in the ACL add it
if (!$acl->hasResource($resource)) {
$acl->addResource($resource);
}
try {
if ($acl->isAllowed($role, $resource, $action)) {
return;
}
} catch (AclException $ex) {
// @todo: log in the warning log the missing resource
}
// If the role is not allowed access to the resource we have to redirect the
// current user to the log in page.
$e = new EventManager('user');
$e->trigger('deny', $this, array('match' => $match, 'role' => $role, 'acl' => $acl));
// Set the response code to HTTP 403: Forbidden
$response = $event->getResponse();
$response->setStatusCode(403);
// and redirect the current user to the denied action
$match->setParam('controller', 'User\\Controller\\Account');
$match->setParam('action', 'denied');
}
/**
* {@inheritdoc}
*/
public function onBootstrap(EventInterface $e)
{
/** @var ApplicationInterface $app */
$app = $e->getTarget();
$serviceManager = $app->getServiceManager();
$app->getEventManager()->attach([MvcEvent::EVENT_DISPATCH, MvcEvent::EVENT_DISPATCH_ERROR], function () use($serviceManager) {
/** @var Authorize $auth */
$auth = $serviceManager->get('BjyAuthorize\\Service\\Authorize');
AbstractHelper::setDefaultAcl($auth->getAcl());
AbstractHelper::setDefaultRole($auth->getIdentity());
});
}
public function setDefaultAclAndRole(MvcEvent $e)
{
$request = $e->getRequest();
if ($request instanceof \Zend\Console\Request) {
return;
}
$role = \Access\Permissions\Acl\AclBuilder::ROLE_GUEST;
if ($this->getAuthService()->hasIdentity()) {
$role = $this->getAuthService()->getIdentity()->getRole();
}
\Zend\View\Helper\Navigation\AbstractHelper::setDefaultAcl($this->getAcl());
\Zend\View\Helper\Navigation\AbstractHelper::setDefaultRole($role);
}
public function onBootstrap(MvcEvent $e)
{
$eventManager = $e->getApplication()->getEventManager();
$eventManager->attach(new RegisterListener());
$sm = $e->getApplication()->getServiceManager();
$config = $sm->get('Config');
// Add ACL information to the Navigation view helper
$authorize = $sm->get('BjyAuthorizeServiceAuthorize');
$acl = $authorize->getAcl();
$role = $authorize->getIdentity();
ZendViewHelperNavigation::setDefaultAcl($acl);
ZendViewHelperNavigation::setDefaultRole($role);
$this->initSession($config['User']['session']);
$this->onLogOut($e);
}
public function testSetDefaultRoleThrowsExceptionWhenGivenAnArbitraryObject()
{
try {
Navigation\AbstractHelper::setDefaultRole(new \stdClass());
$this->fail('An invalid argument was given, but a ' . 'Zend_View_Exception was not thrown');
} catch (View\Exception\ExceptionInterface $e) {
$this->assertContains('$role must be', $e->getMessage());
}
}
/**
* Registriert die Module aus der DB mit Zend/Auth
* Setzt die Rechte der Gruppen
*
* @param $sm
*/
public function __construct($sm)
{
$authSessionStorage = new Session('AUTH_IDENTITY');
parent::__construct($authSessionStorage);
$em = $sm->get('Doctrine\\ORM\\EntityManager');
$acl = new ZendAcl();
// add roles
foreach ($em->getRepository('Auth\\Entity\\Role')->findBy(array(), array('parentId' => 'ASC')) as $role) {
if ($role->parent) {
$parentName = $role->parent->name;
} else {
$parentName = null;
}
$acl->addRole(new GenericRole($role->name), $parentName);
}
// add resources + action
foreach ($em->getRepository('Auth\\Entity\\Resource')->findBy(array(), array('modul' => 'DESC')) as $resource) {
$ressouceName = $resource->modul;
if ($resource->action) {
$ressouceName .= '/' . $resource->action;
}
if ($resource->subAction) {
$ressouceName .= '/' . $resource->subAction;
}
$acl->addResource(new GenericResource($ressouceName));
}
unset($ressouceName);
// deny all
$acl->deny(null);
// add permissions
foreach ($em->getRepository('Auth\\Entity\\Permission')->findAll() as $permission) {
// allow
$permissionName = $permission->resource->modul;
if ($permission->resource->action) {
$permissionName .= '/' . $permission->resource->action;
}
if ($permission->resource->subAction) {
$permissionName .= '/' . $permission->resource->subAction;
}
$acl->allow($permission->gruppe->name, $permissionName);
}
// register identity
if (!$this->hasIdentity()) {
// register as gast
$benutzer = new Benutzer();
$benutzer->setUsername('Unbekannter User');
$benutzer->setId(0);
$benutzer->setLoggedIn(false);
$gruppe = new Role();
$gruppe->id = 2;
$gruppe->name = 'Gast';
$gruppe->supervisor = 0;
$benutzer->setGruppe($gruppe);
if (!$benutzer) {
throw new \Exception('Gastbenutzer mit der ID -1 nicht vorhanden - bitte direkt in der Datenbank anlegen');
}
$this->getStorage()->write($benutzer);
}
// register acl in navigation
\Zend\View\Helper\Navigation\AbstractHelper::setDefaultAcl($acl);
\Zend\View\Helper\Navigation\AbstractHelper::setDefaultRole($this->getIdentity()->getGruppe()->name);
$this->acl = $acl;
$this->sm = $sm;
$this->em = $em;
return $this;
}
/**
* Implements Zend_Navigation helper components.
*/
protected function navigationHelper()
{
NavigationHelper::setDefaultAcl($this->getAcl());
NavigationHelper::setDefaultRole($this->getRole());
}
