/** * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $options = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getApplication()->getOptions(); $config = new Zend_Config($options); $acl = new My_Acl($config); $role = 'guest'; if (Zend_Auth::getInstance()->hasIdentity()) { $role = 'user'; if (Zend_Auth::getInstance()->hasIdentity()) { return; } else { $login = Zend_Auth::getInstance()->getIdentity(); $user = My_Model::get('Users')->getUserByEmail($login); if ($user->admin == 1) { $role = 'admin'; } } } $controller = $request->getControllerName(); $action = $request->getActionName(); $resource = $controller; $privilege = $action; if (!$acl->has($resource)) { $resource = null; } if (is_null($privilege)) { $privilege = 'index'; } if (!$acl->isAllowed($role, $resource, $privilege)) { // $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); // $flash->addMessage('Access Denied'); $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoSimpleAndExit('login', 'admin'); } }
protected function _buildAcl() { $acl = new My_Acl(); //Add resources $aclResourceMapper = new Users_Model_AclResourceMapper(); foreach ($aclResourceMapper->fetchAll() as $resource) { $resourceName = My_Acl::buildResName($resource->getModule(), $resource->getController(), $resource->getAction()); $acl->addResource(new Zend_Acl_Resource($resourceName)); } //Add roles $usersRoleMapper = new Users_Model_UsersRoleMapper(); foreach ($usersRoleMapper->fetchAll() as $role) { $acl->addRole(new Zend_Acl_Role($role->getId())); } //Allow resources for roles $aclAllowMapper = new Users_Model_AclAllowMapper(); foreach ($aclAllowMapper->fetchAll() as $allow) { $resourceName = My_Acl::buildResName($allow->getACLRES_Module(), $allow->getACLRES_Controller(), $allow->getACLRES_Action()); $acl->allow($allow->getUSEROL_Id(), $resourceName); } //Admin can access everything $acl->allow(My_Acl::ADMIN_ROLE_Id, null, null, null); return $acl; }