/**
* (non-PHPdoc)
* @see Zend_Application_Resource_ResourceAbstract#init()
*/
public function init()
{
$this->_acl = new Zend_Acl();
// static roles
$this->_acl->addRole(new Zend_Acl_Role('all'));
$this->_acl->addRole(new Zend_Acl_Role('anonymous'), 'all');
$this->_acl->addRole(new Zend_Acl_Role('identified'), 'all');
// dinamic roles
foreach ($this->_roles as $roleName) {
if (!$this->_acl->hasRole($roleName)) {
$this->_acl->addRole(new Zend_Acl_Role($roleName), 'identified');
}
}
// var_dump($this->_resources);exit;
// rules
foreach ($this->_resources as $module => $grants) {
$module = strtolower($module);
$this->_acl->add(new Zend_Acl_Resource($module));
foreach ($grants as $controller => $grant) {
$controller = strtolower($controller);
foreach ($grant as $action => $roles) {
$resource = $controller . self::RESOURCE_SEPARATOR . $action;
foreach (explode(',', $roles) as $role) {
if (!empty($role)) {
$this->_acl->allow(trim($role), $module, $resource);
}
}
}
}
}
Zend_Registry::set('acl', $this->_acl);
return $this->_acl;
}
protected function _initAlc()
{
// Создаём объект Zend_Acl
$acl = new Zend_Acl();
//$acl->removeAll();
// указываем, что у нас есть ресурсы
//$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('auth'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->addResource(new Zend_Acl_Resource('models-generator'));
$acl->addResource(new Zend_Acl_Resource('slugify'));
$acl->addResource(new Zend_Acl_Resource('sefurl'));
$acl->addResource(new Zend_Acl_Resource('search-index'));
$acl->addResource(new Zend_Acl_Resource('test'));
$acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('cache-manager'));
$acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
$acl->addResource(new Zend_Acl_Resource('products-draft'));
// далее переходим к созданию ролей, которых у нас 2:
// гость (неавторизированный пользователь)
$acl->addRole('guest');
// администратор, который наследует доступ от гостя
$acl->addRole('admin', 'guest');
$acl->deny();
//$acl->allow('guest', array('default', 'catalog', 'error'));
$acl->allow('guest', 'auth');
$acl->allow('admin');
// получаем экземпляр главного контроллера
$fc = Zend_Controller_Front::getInstance();
// регистрируем плагин с названием AclUtils, в который передаём
// на ACL и экземпляр Zend_Auth
$fc->registerPlugin(new Plugin_AclUtils($acl, Zend_Auth::getInstance()));
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(Model_Role::GUEST));
$acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST);
$acl->addResource(new Zend_Acl_Resource('admin'));
$acl->addResource(new Zend_Acl_Resource('blog'));
$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->allow(Model_Role::GUEST, 'blog');
$acl->allow(Model_Role::GUEST, 'error');
$acl->allow(Model_Role::GUEST, 'index');
$acl->allow(Model_Role::GUEST, 'admin', array('login'));
$acl->allow(Model_Role::ADMIN, 'admin');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$user = new Model_User($auth->getIdentity());
$role = $user->role_id;
} else {
$role = Model_Role::GUEST;
}
$resource = $request->getControllerName();
$privilege = $request->getActionName();
if (!$acl->isAllowed($role, $resource, $privilege)) {
$this->_request->setControllerName('admin')->setActionName('login');
$this->_response->setRedirect('/admin/login/');
}
}
public function __construct()
{
$acl = new Zend_Acl();
// добавляем роли
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
// добавляем ресурсы
$acl->add(new Zend_Acl_Resource('sites'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('logs'));
$acl->add(new Zend_Acl_Resource('auth'));
$acl->add(new Zend_Acl_Resource('maps'));
$acl->add(new Zend_Acl_Resource('best'));
$acl->add(new Zend_Acl_Resource('news'));
// если нет роли то все запрещаем
$acl->deny();
// админу по умолчанию разрешено все
$acl->allow('admin', null);
// гостю только контроллер с экшеном для входа
$acl->allow('guest', 'auth', array('index', 'check'));
$acl->allow('guest', 'maps', array('cronmaps'));
$acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect'));
// если надо запретить экшены в разрешенном контроллере
/*$acl->deny('user', 'users', array(
'login', 'registration'
));
*
*/
Zend_Registry::set('acl', $acl);
}
public function __construct()
{
$acl = new Zend_Acl();
//ролі
$acl->addRole(new Zend_Acl_Role('guest'));
//user наслідує усі параметри guest
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'));
//ресурси - доступні контролери
$acl->add(new Zend_Acl_Resource('users'));
$acl->add(new Zend_Acl_Resource('index'));
//дозвіл
$acl->deny();
//заборонити доступ всім
$acl->allow('admin', null);
//дозволити доступ admin-у до всього
//users це resource - контролер
// далі $privilege - екшн
$acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
$acl->allow('guest', 'index');
$acl->allow('user', 'users', array('logout'));
$acl->deny('user', 'users', array('login', 'registration'));
//глобальний доступ до змінної
//щоб використати у видах
Zend_Registry::set('acl', $acl);
/*
//isAllowed() - чи має доступ $role до $resourse і $privilege
//$resource - контролер
//$privilege - екшн
if($acl->isAllowed($role, $resource, $privilege)){
} */
}
protected function _setupPrivileges()
{
$menu = new Application_Model_DbTable_MenuPermissaoPerfil();
$listaPermissao = $menu->listaPermissaoPapel();
//Zend_Registry::get('logger')->log($listaPermissao, Zend_Log::INFO);
//$this->_acl->allow( 'guest', 'index', array('logout', 'login','index','edit-alterar-perfil','ajuda','lista-centro-custo','edit-centro-custo','add-centro-custo','delete-centro-custo','lista-compra','add-compra','edit-compra','delete-compra','add-projeto','add-servico','add-plano-acao','add-contato','add-noticia','edit-noticia','delete-noticia','lista-projeto','lista-tipo-projeto','edit-tipo-projeto','delete-tipo-projeto','lista-status-projeto','edit-status-projeto','delete-status-projeto') )
// ->allow( 'guest', 'error', array('error', 'forbidden') );
// $this->_acl->allow( 'user', 'index', array('index','logout','lista-remessa','view-remessa','add-projeto') );
//$this->_acl->allow( 'negocio', 'index', array('index', 'ranking-executivo-negocio','lista-fotos-evento','logout') );
//$this->_acl->allow( 'gerente', 'index', array('index', 'ranking-gerente','lista-fotos-evento','logout') );
// $this->_acl->allow( 'produtor', 'index', array('index','lista-fotos-evento','logout','observacao-evento') );
//$this->_acl->allow( 'produtor', 'upload', array('media','uploadjqAction','uploadjq','lista-videos','videos') );
//$this->_acl->allow( 'admin', 'index' );
//$this->_acl->allow( 'admin', 'upload' );
//$this->_acl->allow( 'Operador', 'index', array('index', 'add-pcp') );
//$this->_acl->allow( 'Operador', 'index', array('add-pcp','index') );
$arrayPermissao = array();
$arrayPerfil = array();
foreach ($listaPermissao as $value) {
//$this->_acl->addRole( new Zend_Acl_Role($value['nome']) );
$arrayPermissao[] = $value["NM_PAGINA"];
$arrayPerfil[] = $value["nome"];
$this->_acl->allow($value["nome"], 'index', array($value["NM_PAGINA"], 'index', 'logout', 'error', 'forbidden'));
}
//Zend_Registry::get('logger')->log($arrayPermissao, Zend_Log::INFO);
//Zend_Registry::get('logger')->log($arrayPerfil, Zend_Log::INFO);
//Zend_Registry::get('logger')->log(array('add-pcp','index'), Zend_Log::INFO);
}
/** The constuctor for the class
* @access public
* @param Zend_Acl $aclData
* @param $roleName string
* @return void
**/
public function __construct(Zend_Acl $aclData, $roleName = 'public')
{
$this->_roleName = $roleName;
if (NULL !== $aclData) {
$this->setAcl($aclData);
}
$front = Zend_Controller_Front::getInstance();
/** If an error handler hasn't been setup in the front controller, setup one */
if (!$front->getParam('noErrorHandler') && !$front->hasPlugin('Zend_Controller_Plugin_ErrorHandler')) {
// Register with stack index of 100
$front->registerPlugin(new Zend_Controller_Plugin_ErrorHandler(), 100);
}
/** Allow error handler in the acl */
$errorHandler = Zend_Controller_Front::getInstance()->getPlugin('Zend_Controller_Plugin_ErrorHandler');
$defaultErrorModule = $errorHandler->getErrorHandlerModule();
$defaultErrorController = $errorHandler->getErrorHandlerController();
$defaultErrorAction = $errorHandler->getErrorHandlerAction();
if (NULL !== $defaultErrorModule && $defaultErrorModule != 'default') {
if (!$this->getAcl()->has($defaultErrorModule)) {
require_once 'Zend/Acl/Resource.php';
$this->_acl->add(new Zend_Acl_Resource($defaultErrorModule));
$this->_acl->add(new Zend_Acl_Resource($defaultErrorModule . ':' . $defaultErrorController, $defaultErrorModule));
$this->_acl->allow($this->_roleName, $defaultErrorModule . ':' . $defaultErrorController, $defaultErrorAction);
}
} else {
if (!$this->getAcl()->has($defaultErrorController)) {
$this->_acl->add(new Zend_Acl_Resource($defaultErrorController));
}
$this->_acl->allow($this->_roleName, $defaultErrorController, $defaultErrorAction);
}
$this->setDeniedAction('denied', $defaultErrorController, $defaultErrorModule);
}
/**
* Get an ACL object for this post.
*
* For now this is generic for all posts, but in the future may be post
* specific
*
* @return Zend_Acl
*/
public function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole('guest')->addRole('user', 'guest')->addRole('admin');
// Guests can view and comment
$acl->allow('guest', null, array('view', 'comment'));
// Admin can do anything
$acl->allow('admin');
return $acl;
}
protected function _setupPrivileges()
{
$userAllowedResources = $this->ca->getupPrivileges($this->id_role);
foreach ($userAllowedResources as $controller => $Actions) {
$arrayAllowedActions = array();
foreach ($Actions as $Action) {
echo $this->role . ' - ' . $controller . ' - ' . $Action . '<br>';
$arrayAllowedActions[] = $Action;
}
$this->_acl->allow($this->role, $controller, $arrayAllowedActions);
}
}
public static function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('alien'));
$acl->addRole(new Zend_Acl_Role('guest'), 'alien');
$acl->addRole(new Zend_Acl_Role('member'), 'guest');
$acl->addRole(new Zend_Acl_Role('subadmin'), 'member');
$acl->addRole(new Zend_Acl_Role('admin'), 'subadmin');
$acl->allow('subadmin', null, 'edit');
$acl->allow('subadmin', null, 'delete');
return $acl;
}
public function testShouldAllowAccessForCorrectRole()
{
$request = $this->request->setModuleName('admin')->setControllerName('index')->setActionName('index');
$this->acl->addResource('admin_index');
$this->acl->allow(Acl::ROLE_GUEST, 'admin_index');
$plugin = new Acl($this->acl);
$plugin->setRequest($this->request);
$plugin->preDispatch();
$this->assertEquals('admin', $this->request->getModuleName());
$this->assertEquals('index', $this->request->getControllerName());
$this->assertEquals('index', $this->request->getActionName());
}
public function appendRules(Zend_Acl $acl, $resource = null)
{
$acl->allow('everyone', $resource, 'view')->allow('self', $resource, 'edit')->deny('blocked');
if (Doctrine::getTable('SnsConfig')->get('is_allow_config_public_flag_profile_page')) {
$config = Doctrine::getTable('SnsConfig')->get('is_allow_config_public_flag_profile_page');
} elseif ($resource) {
$config = $resource->getConfig('profile_page_public_flag');
}
if ($config && 4 == $config) {
$acl->allow('anonymous', $resource, 'view');
}
return $acl;
}
public function __construct()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->add(new Zend_Acl_Resource('admin'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->deny();
$acl->allow('admin', null);
$acl->allow('guest', 'admin', array('login'));
$acl->allow('guest', 'index');
Zend_Registry::set('acl', $acl);
}
/**
*
*/
public function buildAcl()
{
if (is_null($this->acl)) {
$this->acl = new Zend_Acl();
}
$this->acl->removeAll();
$permissions = $this->getPermissionList();
$resources = $this->getResourceList();
$resourceParents = $this->getResourceParentList();
$roles = $this->getRoleList();
$roleParents = $this->getRoleParentList();
$rolesTmp = array();
foreach ($roles as $role) {
$roleId = $role['role_id'];
$roleName = $role['role_name'];
$rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array());
$rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId));
}
foreach ($roleParents as $roleParent) {
$roleId = $roleParent['role_id'];
$roleIdParent = $roleParent['role_id_parent'];
$rolesTmp[$roleId]['parents'][] = $roleIdParent;
}
foreach ($rolesTmp as $role) {
$this->acl->addRole($role['name'], $role['parents']);
}
#echo '<pre>';
$resourcesTmp = array();
foreach ($resources as $resource) {
$resourceId = $resource['resource_id'];
$resourceName = $resource['resource_name'];
$resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null);
$resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId);
}
foreach ($resourceParents as $resourceParent) {
$resourceId = $resourceParent['resource_id'];
$resourceIdParent = $resourceParent['resource_id_parent'];
$resourcesTmp[$resourceId]['parent'] = $resourceIdParent;
}
foreach ($resourcesTmp as $resource) {
$this->acl->addResource($resource['name'], $resource['parent']);
}
foreach ($permissions as $permission) {
if (empty($permission['allowed'])) {
$this->acl->deny($permission['role_id'], $permission['resource_id']);
} else {
$this->acl->allow($permission['role_id'], $permission['resource_id']);
}
}
}
/**
* _loadAclRecords
*
* @return void
*/
protected function _loadAclRecords()
{
$records = $this->_mapper->getAllRecords();
foreach ($records as $i) {
if ($i->getResource() && !$this->_acl->has($i->getResource())) {
$this->_acl->addResource($i->getResource());
}
if ($i->getType() == 'allow') {
$this->_acl->allow($i->getRoleId(), $i->getResource() ?: null, $i->getAction() ?: null);
} else {
$this->_acl->deny($i->getRoleId(), $i->getResource() ?: null, $i->getAction() ?: null);
}
}
}
protected function _initAcl()
{
$acl = new Zend_Acl();
// Add groups to the Role registry using Zend_Acl_Role
// Guest does not inherit access controls
$roleGuest = new Zend_Acl_Role('guest');
$acl->addRole($roleGuest);
// Staff inherits from guest
$acl->addRole(new Zend_Acl_Role('staff'), $roleGuest);
// Editor inherits from staff
$acl->addRole(new Zend_Acl_Role('editor'), 'staff');
// Administrator does not inherit access controls
$acl->addRole(new Zend_Acl_Role('administrator'));
// Guest may only view content
$acl->allow($roleGuest, null, 'view');
$acl->allow('staff', null, array('edit', 'submit', 'revise'));
$acl->allow('editor', null, array('publish', 'archive', 'delete'));
$acl->allow('administrator');
/*echo $acl->isAllowed('guest', null, 'view') ?
"allowed" : "denied";
// allowed
echo $acl->isAllowed('staff', null, 'publish') ?
"allowed" : "denied";
// denied
echo $acl->isAllowed('staff', null, 'revise') ?
"allowed" : "denied";
// allowed
echo $acl->isAllowed('editor', null, 'view') ?
"allowed" : "denied";
// allowed because of inheritance from guest
echo $acl->isAllowed('editor', null, 'update') ?
"allowed" : "denied";
// denied because no allow rule for 'update'
echo $acl->isAllowed('administrator', null, 'view') ?
"allowed" : "denied";
// allowed because administrator is allowed all privileges
echo $acl->isAllowed('administrator') ?
"allowed" : "denied";
// allowed because administrator is allowed all privileges
echo $acl->isAllowed('administrator', null, 'update') ?
"allowed" : "denied";
// allowed because administrator is allowed all privileges*/
}
public function setUp()
{
$acl = new Zend_Acl();
// Add resources and roles
$acl->addResource('profile');
$acl->addRole('admin');
$acl->addRole('user');
// Deny everything by default
$acl->deny();
// Admins can create and edit users but normal users are only
// allowed to edit their own profile
$acl->allow('admin', 'profile', array('create', 'read', 'update'));
$acl->allow('user', 'profile', array('read', 'update'), new App_Acl_Assert_SameUser());
$this->_acl = $acl;
}
public function checkAccess(Zend_Controller_Request_Abstract $request)
{
$resource = new User_Model_Acl_Resource();
$resource->getPrivileges($request);
if (!$resource->privileges || !$resource->resource_id) {
//error in getting resource privileges or nobody is allowed access, deny access and redirect to forbidden
return false;
}
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource($resource->resource_id));
foreach ($resource->privileges as $key => $privilege) {
if (!$acl->hasRole($privilege["role_id"])) {
$acl->addRole(new Zend_Acl_Role($privilege["role_id"]));
$acl->allow($privilege["role_id"], $resource->resource_id);
}
}
$authorization = Zend_Auth::getInstance();
if ($authorization->hasIdentity()) {
$user = $authorization->getIdentity();
if ($acl->hasRole($user['role_id']) && $acl->isAllowed($user['role_id'], $resource->resource_id)) {
//role has access
return true;
}
//user role does not have access to this resource
return false;
} else {
$aclrole = new User_Model_Acl_Role();
$aclrole->getDefaultRole();
if (!$aclrole->default_role || !$acl->hasRole($aclrole->default_role) || !$acl->isAllowed($aclrole->default_role, $resource->resource_id)) {
//redirect to login
return false;
}
}
return true;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$acl = new Zend_Acl();
$acl->addResource("page");
$acl->addResource("forum");
$acl->addResource("catalog");
$acl->addRole("administrator");
$acl->addRole("moderator");
$acl->allow("administrator");
$acl->deny("moderator");
$acl->allow("moderator", "forum", array("answer", "edit-own"));
Zend_Registry::set('acl', $acl);
if (!Zend_Auth::getInstance()->hasIdentity()) {
$request->setControllerName('index')->setActionName('login');
}
}
/**
* Метод загружающий правила ACL
* из хранилища правил в объект Zend_Acl
*
* @throws Excore_Acl_Rules_Exception
* @return void
*/
protected function _loadRules()
{
$rules = $this->_rules->getAll();
foreach ($rules as $rule) {
if (!in_array($rule['type'], $this->_ruleTypes)) {
throw new Excore_Acl_Rules_Exception("Rule type `{$rule['type']}` is invalid rule type for current settings");
}
if (!$this->_acl->hasRole(new Zend_Acl_Role($rule['roleId']))) {
throw new Excore_Acl_Rules_Exception("Role `{$rule['roleId']}` found in rules storage, but was not in roles storage");
}
if (!$this->_acl->has(new Zend_Acl_Resource($rule['resourceId']))) {
throw new Excore_Acl_Rules_Exception("Resource `{$rule['resourceId']}` found in rules storage, but was not in resources storage");
}
$assert = $rule['assert'];
if ($assert !== null) {
$assert = new $assert();
}
switch ($rule['type']) {
case $this->_ruleTypes['TYPE_ALLOW']:
$this->_acl->allow(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
break;
case $this->_ruleTypes['TYPE_DENY']:
$this->_acl->deny(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
break;
}
}
}
/**
* @group ZF-9643
*/
public function testRemoveDenyWithNullResourceAppliesToAllResources()
{
$this->_acl->addRole('guest');
$this->_acl->addResource('blogpost');
$this->_acl->addResource('newsletter');
$this->_acl->allow();
$this->_acl->deny('guest', 'blogpost', 'read');
$this->_acl->deny('guest', 'newsletter', 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
$this->_acl->removeDeny('guest', 'newsletter', 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
$this->_acl->removeDeny('guest', null, 'read');
$this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
// ensure deny null/all resources works
$this->_acl->deny('guest', null, 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
}
/**
* @group 4226
*/
public function testAllowNullPermissionAfterResourcesExistShouldAllowAllPermissionsForRole()
{
$this->_acl->addRole('admin');
$this->_acl->addResource('newsletter');
$this->_acl->allow('admin');
$this->assertTrue($this->_acl->isAllowed('admin'));
}
protected function _getAcl()
{
$acl = false;
if (Zend_Registry::isRegistered('cache')) {
$cache = Zend_Registry::get('cache');
$acl = $cache->load('acl');
}
if (!$acl) {
$acl = new Zend_Acl();
$role = new Auth_Model_DbTable_Role();
$resource = new Auth_Model_DbTable_Resource();
$roleResource = new Auth_Model_DbTable_RoleResource();
$roles = $role->fetchAll("name <> 'Todos'");
$resources = $resource->getDistinctModules();
$relations = $roleResource->fetchAllRelations();
$acl->addRole('Todos');
foreach ($roles as $role) {
$acl->addRole($role['name'], 'Todos');
}
foreach ($resources as $resource) {
$acl->addResource($resource['module']);
}
foreach ($relations as $relation) {
$acl->allow($relation['name'], $relation['module'], $relation['privilege']);
}
if (Zend_Registry::isRegistered('cache')) {
$cache->save($acl, 'acl');
}
}
Zend_Registry::set('acl', $acl);
return $acl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// получаем имя текущего ресурса
$resource = $request->getControllerName();
// получаем имя action
$action = $request->getActionName();
$auth = Zend_Auth::getInstance();
$username = Zend_Auth::getInstance()->getIdentity()->username;
// Создаём объект Zend_Acl
$acl = new Zend_Acl();
// Добавляем ресурсы сайта
$acl->addResource('index')->addResource('access')->addResource('catalog')->addResource('history')->addResource('outlets')->addResource('warehouse')->addResource('repairs')->addResource('sales')->addResource('service')->addResource('statistic')->addResource('documentation')->addResource('reports')->addResource('setup')->addResource('error');
// далее переходим к созданию ролей, которых у нас 3:
$acl->addRole('guest');
// гость (неавторизированный пользователь)
$acl->addRole('client');
// гость (авторизированный пользователь)
$acl->addRole('admin');
// гость (авторизированный пользователь)
// разрешаем гостю просматривать ресурс index
$acl->allow('guest', 'access', array('login'))->allow('guest', 'error');
$allow = new Application_Model_DbTable_Allow();
$allow_data = $allow->fetchAll($allow->select()->where("username = '******'"))->toArray();
$allow_array = array('documentation' => array($allow_data[0]['doc_index'], $allow_data[0]['doc_file'], $allow_data[0]['doc_delete']), 'catalog' => array($allow_data[0]['cat_index'], $allow_data[0]['cat_add'], $allow_data[0]['cat_edit'], $allow_data[0]['cat_delete'], $allow_data[0]['cat_exl']), 'history' => array($allow_data[0]['his_index']), 'reports' => array($allow_data[0]['rep_index']), 'statistic' => array($allow_data[0]['stat_index']), 'sales' => array($allow_data[0]['sal_index'], $allow_data[0]['sal_add'], $allow_data[0]['sal_edit'], $allow_data[0]['sal_delete'], $allow_data[0]['sal_toexcel']), 'repairs' => array($allow_data[0]['rps_index'], $allow_data[0]['rps_add'], $allow_data[0]['rps_edit'], $allow_data[0]['rps_delete'], $allow_data[0]['rps_toexcel'], $allow_data[0]['rps_toexcelmounth'], $allow_data[0]['rps_statistic']), 'warehouse' => array($allow_data[0]['war_index'], $allow_data[0]['war_add'], $allow_data[0]['war_edit'], $allow_data[0]['war_delete'], $allow_data[0]['war_toexcel'], $allow_data[0]['war_history'], $allow_data[0]['war_load'], $allow_data[0]['war_unload']), 'service' => array($allow_data[0]['ser_index'], $allow_data[0]['ser_add'], $allow_data[0]['ser_edit'], $allow_data[0]['ser_delete'], $allow_data[0]['ser_toexcel'], $allow_data[0]['ser_invoice']), 'setup' => array($allow_data[0]['set_index'], $allow_data[0]['set_names'], $allow_data[0]['set_addname'], $allow_data[0]['set_editname'], $allow_data[0]['set_deletename'], $allow_data[0]['set_types'], $allow_data[0]['set_addtype'], $allow_data[0]['set_edittype'], $allow_data[0]['set_deletetype'], $allow_data[0]['set_owners'], $allow_data[0]['set_addowner'], $allow_data[0]['set_editowner'], $allow_data[0]['set_deleteowner'], $allow_data[0]['set_users'], $allow_data[0]['set_adduser'], $allow_data[0]['set_edituser'], $allow_data[0]['set_deleteuser'], $allow_data[0]['set_status'], $allow_data[0]['set_addstatus'], $allow_data[0]['set_editstatus'], $allow_data[0]['set_deletestatus'], $allow_data[0]['set_prices'], $allow_data[0]['set_addprices'], $allow_data[0]['set_editprices'], $allow_data[0]['set_deleteprices'], $allow_data[0]['set_access'], $allow_data[0]['set_addaccess'], $allow_data[0]['set_editaccess'], $allow_data[0]['set_deleteaccess']));
$acl->allow('client', 'error')->allow('client', 'access', array('logout'))->allow('client', 'index', array('index'))->allow('client', 'history', $allow_array['history'])->allow('client', 'documentation', $allow_array['documentation'])->allow('client', 'reports', $allow_array['reports'])->allow('client', 'statistic', $allow_array['statistic'])->allow('client', 'catalog', $allow_array['catalog'])->allow('client', 'sales', $allow_array['sales'])->allow('client', 'repairs', $allow_array['repairs'])->allow('client', 'warehouse', $allow_array['warehouse'])->allow('client', 'service', $allow_array['service'])->allow('client', 'setup', $allow_array['setup']);
$acl->allow('admin', 'error')->allow('admin', 'access', array('logout'))->allow('admin', 'index', array('index'))->allow('admin', 'history', array('index'))->allow('admin', 'outlets', array('index', 'autofind', 'save'))->allow('admin', 'documentation', array('index', 'file', 'delete'))->allow('admin', 'reports', array('index'))->allow('admin', 'statistic', array('index'))->allow('admin', 'catalog', array('index', 'toexcel', 'add', 'edit', 'delete'))->allow('admin', 'sales', array('index', 'toexcel', 'add', 'edit', 'delete'))->allow('admin', 'service', array('index', 'toexcel', 'invoice', 'add', 'edit', 'delete'))->allow('admin', 'repairs', array('index', 'statistic', 'toexcel', 'toexcelmonth', 'add', 'edit', 'delete'))->allow('admin', 'warehouse', array('index', 'add', 'edit', 'delete', 'unload', 'load', 'history', 'toexcel'))->allow('admin', 'setup', array('index', 'names', 'addname', 'editname', 'deletename', 'types', 'addtype', 'edittype', 'deletetype', 'owners', 'addowner', 'editowner', 'deleteowner', 'users', 'adduser', 'edituser', 'deleteuser', 'status', 'addstatus', 'editstatus', 'deletestatus', 'access', 'addaccess', 'editaccess', 'deleteaccess', 'prices', 'addprices', 'editprices', 'deleteprices'));
// получаем доступ к хранилищу данных Zend,
// и достаём роль пользователя
$identity = $auth->getStorage()->read();
//var_dump($auth->getStorage()->read());
//die;
// если в хранилище ничего нет, то значит мы имеем дело с гостем
if (empty($identity->role)) {
$identity = new stdClass();
// for php 5.4
$identity->role = 'guest';
}
// если пользователь не допущен до данного ресурса или не зарегистрирован
// то отсылаем его на страницу авторизации
if (Zend_Auth::getInstance()->hasIdentity()) {
if (!$acl->isAllowed($identity->role, $resource, $action)) {
$request->setControllerName('error')->setActionName('noaccess');
}
} else {
$request->setControllerName('access')->setActionName('login');
}
}
public function getAcl()
{
Zend_Registry::get('log')->info(__METHOD__);
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(1));
$acl->add(new Zend_Acl_Resource('As'));
$acl->add(new Zend_Acl_Resource('Bs'));
$acl->add(new Zend_Acl_Resource('A'));
$acl->add(new Zend_Acl_Resource('B'));
$acl->allow(1, 'As');
//$acl->allow(1, 'Bs');
$acl->allow(1, 'A', 'edit', new App_Acl_Assert_ResourceAccess());
$acl->allow(1, 'A', 'edit:all');
$acl->allow(1, 'A', 'delete', new App_Acl_Assert_ResourceAccess());
$acl->allow(1, 'A', 'delete:mine');
return $acl;
}
function __construct($class = NULL)
{
$CI =& get_instance();
$CI->load->library('zend');
$CI->zend->load('Zend/Acl');
$CI->zend->load('Zend/Acl/Role');
$CI->zend->load('Zend/Acl/Resource');
$acl = new Zend_Acl();
//Add the Role
$acl->addRole(new Zend_Acl_Role('NU'));
$acl->addRole(new Zend_Acl_Role('memUser'), 'member');
//Add Resource
$acl->add(new Zend_Acl_Resource('users_login'));
$acl->add(new Zend_Acl_Resource('users_profile'), 'users_login');
$acl->allow('member', 'users_login');
$acl->allow('memUser', 'users_profile');
}
/**
* Return the acl under test
*
* @return Zend_Acl
*/
protected function getAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'));
$acl->addResource('foo');
$acl->allow('user', 'foo');
return $acl;
}
protected function _initAcl()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_GUEST));
$acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_USER), Core_Role::ROLE_GUEST);
$acl->addResource('default:index');
$acl->allow(Core_Role::ROLE_GUEST, 'default:index', 'index');
$registry = Zend_Registry::getInstance();
$registry->set('acl', $acl);
}
/**
* Obtiene la relacion entre access role y security actions
* @return array
*/
protected function grantPermissions()
{
$allPermissions = $this->accessRoleCatalog->getAllPermissions();
$actions = $this->getSecurityActionsFromDatabase();
foreach ($allPermissions as $idAction => $accessRoles) {
foreach (array_keys($accessRoles) as $idAccessRole) {
$this->acl->allow($idAccessRole, $actions[$idAction]);
}
}
}
protected function _generateAcl()
{
//This would probably be pulled from a registry or something in an application
//hard coded here to an example ACL
//create the acl
$acl = new Zend_Acl();
//create playlist resource
$acl->add(new Zend_Acl_Resource('playlist'));
//Listen can view playlists
$acl->addRole(new Zend_Acl_Role('listener'));
$acl->allow('listener', 'playlist', 'view');
//DJ inherits from listener to view playlists, but can also play playlists
$acl->addRole(new Zend_Acl_Role('dj'), 'listener');
$acl->allow('dj', 'playlist', 'play');
//program manager inherits from DJ to view and play playlists but can also manage playlists
$acl->addRole(new Zend_Acl_Role('program manager'), 'dj');
$acl->allow('program manager', 'playlist', 'manage');
return $acl;
}
