/**
* Query the ACL if the user is allowed to be dispatched to the resource
*
* @param Zend_Controller_Request_Abstract $request
* @throws Zend_Exception if user is not allowed (handled by error controller)
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$resource = $module . '/' . $controller;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity() === TRUE) {
$user = $auth->getIdentity();
} else {
$user = new App_User();
$user->setRole(Zend_Registry::get('acl_default_role_name'), Zend_Registry::get('acl_default_role_id'));
}
$auth->getStorage()->write($user);
/**
* load acl stuff from cache.
* the acl is created, that it doesnot grab the data from the database again
* so, we should have a little bit of performance here
*/
/*
//FIXME: ACL Caching seems be faulty or its the development process
// After changing rules, ACL doesn't match anymore
// Fix: After Changing roles/rules refresh the ACL Cache Object
$cache = Zend_Registry::get('Cache_Acl');
$acl = $cache->load('acl_object');
IF(!$acl) {
$acl = new App_Acl;
}
*/
$acl = new App_Acl();
// FIXME: remove after above is fixed
$acl->buildResourceRules($module, $controller, $action, $user);
// $cache->save($acl, 'acl_object'); // FIXME: enabled again after above problem is fixed
foreach ($user->getRoles() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
/**
* This part is critical (see todo in class docs)
*
* 1. On XML Requests:
* The setbody just adds information to the body. If an php error occure, the
* setBody just prepend the this error to the php error => the return is an Json/html mixed response, unreadable for Ajax Client
* 2. normal HTTP resposen:
* anonymouse rerouting to login page, no reason or any notification to the user
*/
if ($this->getRequest()->isXmlHttpRequest()) {
$this->getResponse()->setBody(Zend_Json_Encoder::encode(array('success' => FALSE, 'error_message' => 'No Right to execute this action')));
} elseif ($controller !== 'error') {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->gotoSimple('login', 'auth', 'noc');
}
}
public function testPaidAccess()
{
$paid = App_Roles::PAID;
$this->assertFalse($this->acl->isAllowed($paid, App_Resources::ADMIN_SECTION));
$this->assertTrue($this->acl->isAllowed($paid, App_Resources::ACCOUNT_PAID));
$this->assertFalse($this->acl->isAllowed($paid, App_Resources::ACCOUNT_FREE));
$this->assertTrue($this->acl->isAllowed($paid, App_Resources::PUBLICPAGE));
}
public static function createResource(App_Acl $acl, $resource)
{
$inherit = null;
$parts = explode('<', $resource);
$parts = array_filter(array_map('trim', $parts));
$resource = $parts[0];
if (!empty($parts[1])) {
$inherit = $parts[1];
}
$acl->addResource($resource, $inherit);
}
/**
* Initialize the ACL resource.
*
* Attempt to read application.ini and find out
* where to get roles from: acl.ini or mongo.
*
* By default, get roles from mongo 'config' collection.
*/
public function init()
{
// Get options from application.ini
$options = $this->getOptions();
if (!empty($options) && $options['location'] == 'ini') {
$acl = App_Acl_Factory::createAclFromFile(APPLICATION_PATH . '/../data/acl/portal.ini');
} else {
$acl = new App_Acl();
}
// Deny everything by default
$acl->deny();
return $acl;
}
/**
* Check if the current user (self::$user) is allowed to
* use the $module/$action
*
* @param string $module
* @param string $action
* @return bool
*/
public function isAllowed($module, $action)
{
$resource = 'webdesktop/' . $module;
// build rules on every call?
$this->acl->buildResourceRules('webdesktop', $module, $action, $this->user, TRUE);
$cache = Zend_Registry::get('Cache_Acl');
$cache->save($this->acl, 'acl_object');
foreach ($this->user->getRoles() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($this->acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
return FALSE;
}
public function flatAcl(App_Acl $acl, $ns)
{
\App::log()->notice("Creating new permission map for namespace '{$ns}'...");
$roles = $acl->getRoles();
$resPrivs = $acl->getAllPrivileges();
$resourcesResult = array();
$permissionResult = array();
foreach ($roles as $role) {
// Divide roles into role-orgType
$aRole = array_map('strrev', explode('-', strrev($role), 2));
if (count($aRole) != 2) {
\App::log()->notice("Ignoring role {$role}...");
continue;
}
list($thisOrgType, $roleName) = $aRole;
if ($roleName == 'org' || !in_array($thisOrgType, array('super', 'master', 'provider', 'customer', 'aggregator', 'enduser'))) {
\App::log()->notice("Ignoring role {$role}...");
continue;
}
\App::log()->notice("Creating permission map for {$role}...");
$allowed = $acl->getAllowedMapForRole($role);
foreach ($resPrivs as $resource => $privs) {
\App::log()->notice("Creating resource '{$resource}' for {$role}...");
foreach ($privs as $priv) {
$isAllowed = in_array($priv, isset($allowed[$resource]) ? $allowed[$resource] : array());
if (!$isAllowed) {
continue;
}
// Getting an App_Acl_Assert_Combine instance!
$as = $acl->getAssert($role, $resource, $priv);
$asserts = $as ? $as->getAsserts() : array();
if (!in_array($resource, $resourcesResult)) {
$resourcesResult[] = $resource;
}
\App_Util_Array::setItem($permissionResult, $role . '.' . $resource . '.' . $priv, $asserts);
}
\App::log()->notice("Resource created!");
}
\App::log()->notice("Permission map for {$role} created!");
}
return array('resources' => $resourcesResult, 'permissions' => $permissionResult);
}
public function getuserinfoAction()
{
if(Zend_Auth::getInstance()->getIdentity())
$role = Zend_Auth::getInstance()->getIdentity()->status;
$acl = new App_Acl();
if(!$acl->isAllowed($role, App_Resources::PAYSUSERINFO))
$this->getHelper('Redirector')->gotoSimpleAndExit('index', 'error', '');
$this->_helper->viewRenderer->setNoRender ();
$this->_helper->getHelper('layout')->disableLayout ();
if ($this->getRequest()->isPost()) {
$contract = $this->_getParam('login');
$userinfo = new Application_Model_DbTable_Hna();
$info = $userinfo->getUserInfo($contract);
$userpays = new Application_Model_DbTable_Pays();
$pays = $userpays->getUserPays($info['user_id']);
if($info['user_id']) {
echo "{ 'user_id' : '" . $info['user_id'] . "'," .
" 'surname' : '" . $info['surname'] . "'," .
" 'firstname' : '" . $info['firstname'] . "'," .
" 'lastname' : '" . $info['lastname'] . "'," .
" 'connect' : " . $pays['connect'] . "," .
" 'm1' : " . $pays['1'] . "," .
" 'm2' : " . $pays['2'] . "," .
" 'm3' : " . $pays['3'] . "," .
" 'm4' : " . $pays['4'] . "," .
" 'm5' : " . $pays['5'] . "," .
" 'm6' : " . $pays['6'] . "," .
" 'm7' : " . $pays['7'] . "," .
" 'm8' : " . $pays['8'] . "," .
" 'm9' : " . $pays['9'] . "," .
" 'm10' : " . $pays['10'] . "," .
" 'm11' : " . $pays['11'] . "," .
" 'm12' : " . $pays['12'] . " }";
} else {
echo "{ 'user_id' : '-1'}";
}
}
}
public function payslistAction() {
if (Zend_Auth::getInstance()->getIdentity())
$role = Zend_Auth::getInstance()->getIdentity()->status;
$acl = new App_Acl();
if (!$acl->isAllowed($role, App_Resources::INDEX))
$this->getHelper('Redirector')->gotoSimpleAndExit('index', 'error', '');
$this->view->title = "HNA - Оплаты";
$this->view->headTitle($this->view->title);
$user = new Application_Model_DbTable_Hna();
$this->view->hna = $user->getPaysList();
}
public static function createRole(App_Acl $acl, $roleName, $roleData = array())
{
$inherit = App_Util_String::cleanCsvParam($roleData, 'inherit');
$acl->addRole($roleName, $inherit);
}