public function setUp()
{
// authentication service
$this->authentication = new AuthenticationService;
// authorization service
$this->authorization = new AclAuthorization();
$this->authorization->addRole('guest');
$this->authorization->allow();
// event for mvc and mvc-auth
$routeMatch = new RouteMatch(array());
$request = new HttpRequest();
$response = new HttpResponse();
$application = new Application(null, new ServiceManager(new Config(array('services' => array(
'event_manager' => new EventManager(),
'authentication' => $this->authentication,
'authorization' => $this->authorization,
'request' => $request,
'response' => $response
)))));
$mvcEvent = new MvcEvent();
$mvcEvent->setRequest($request)
->setResponse($response)
->setRouteMatch($routeMatch)
->setApplication($application);
$this->mvcAuthEvent = new MvcAuthEvent($mvcEvent, $this->authentication, $this->authorization);
$this->listener = new DefaultAuthorizationListener($this->authorization);
}
/**
* Sets up permissions for the module
*
* @param \Acl $acl
*/
public static function addSongbookPrivileges($acl)
{
$acl->addRole('songbook - vstup');
$acl->addRole('songbook - vytváření/editace', 'songbook - vstup');
$acl->addRole('songbook - mazání', 'songbook - vytváření/editace');
$acl->addResource("Oddil:Songbook");
$acl->allow("base - člen", "Oddil:Songbook", "display");
$acl->allow("songbook - vstup", "Oddil:Songbook", "default");
$acl->allow("songbook - vytváření/editace", "Oddil:Songbook", ["add", "edit"]);
$acl->allow("songbook - mazání", "Oddil:Songbook", "delete");
}
/**
* Create the form-service
*
* @param \Zend\ServiceManager\ServiceLocatorInterface $serviceLocator
* @return \Zend\Permissions\Acl\Acl
*/
public function createService(ServiceLocatorInterface $serviceLocator)
{
// Configure the locale
$config = $serviceLocator->get('Configuration');
$srvConfig = isset($config['acl']) ? $config['acl'] : array();
$acl = new Acl();
if (!empty($srvConfig['roles'])) {
foreach ((array) $srvConfig['roles'] as $role => $parents) {
$acl->addRole((string) $role, $parents);
}
}
if (!empty($srvConfig['resources'])) {
foreach ((array) $srvConfig['resources'] as $resource => $parent) {
$acl->addResource($resource, $parent);
}
}
if (!empty($srvConfig['allow'])) {
foreach ((array) $srvConfig['allow'] as $allow) {
$acl->allow($allow['role'], $allow['resource'], $allow['privilege']);
}
}
if (!empty($srvConfig['deny'])) {
foreach ((array) $srvConfig['deny'] as $deny) {
$acl->deny($deny['role'], $deny['resource'], $deny['privilege']);
}
}
return $acl;
}
public static function GetFromCached()
{
$mem = Cache::getInstance();
if (!$mem->get("allow")) {
return false;
}
self::$allow = $mem->get("allow");
self::$parents = $mem->get("parents");
self::$Rolelist = $mem->get("role");
}
public function setUp()
{
// authentication service
$this->authentication = new AuthenticationService();
// authorization service
$this->authorization = new AclAuthorization();
$this->authorization->addRole('guest');
$this->authorization->allow();
// event for mvc and mvc-auth
$routeMatch = $this->createRouteMatch([]);
$request = new HttpRequest();
$response = new HttpResponse();
$container = new ServiceManager();
(new Config(['services' => ['EventManager' => new EventManager(), 'Authentication' => $this->authentication, 'Authorization' => $this->authorization, 'Request' => $request, 'Response' => $response]]))->configureServiceManager($container);
$application = $this->applicationFactory($container);
$mvcEvent = new MvcEvent();
$mvcEvent->setRequest($request)->setResponse($response)->setRouteMatch($routeMatch)->setApplication($application);
$this->mvcAuthEvent = new MvcAuthEvent($mvcEvent, $this->authentication, $this->authorization);
$this->listener = new DefaultAuthorizationListener($this->authorization);
}
/**
* Set allow on $acl object
*
* @param Acl $acl
*/
public function set_allow($acl)
{
// allow
foreach ($this->_environments as $environment) {
foreach ($this->_allow as $role => $rights) {
foreach ($rights as $resource => $privileges) {
foreach ($privileges as $privilege) {
if (is_array($privilege)) {
$own = isset($privilege[1]) && $privilege[1] === true ? true : false;
$privilege = $privilege[0];
} else {
$own = false;
}
$acl->allow($role, $resource, $privilege, $own, (string) $environment);
}
}
}
}
}
/**
* Set allow on $acl object
*
* @param Acl $acl
*/
public function set_allow($acl)
{
// allow
foreach ($this->_environments as $environment) {
foreach ($this->_allow as $role => $rights) {
// manager-rights are automatically only for only one website
if ($role == 'manager') {
$role = 'manager_' . $environment;
}
// set allow rights on role
foreach ($rights as $resource => $privileges) {
foreach ($privileges as $privilege) {
if (is_array($privilege)) {
$own = isset($privilege[1]) && $privilege[1] === true ? true : false;
$privilege = $privilege[0];
} else {
$own = false;
}
$acl->allow($role, $resource, $privilege, $own, (string) $environment);
}
}
}
}
}
/**
* @param \Acl $acl
*/
private function addVIPChroniclePermissions($acl)
{
$acl->addRole('vip - vstup');
$acl->addRole('vip - vytváření/editace', 'vip - vstup');
$acl->addRole('vip - popisky', 'vip - vytváření/editace');
$acl->addRole('vip - generování', 'vip - popisky');
$acl->addRole('vip - zobrazování', 'vip - generování');
$acl->addRole('vip - mazání', 'vip - zobrazování');
$acl->addResource(self::MODULE_NAME . ':Admin:Vipchronicle');
$acl->allow('vip - vstup', self::MODULE_NAME . ':Admin:Vipchronicle', 'default');
$acl->allow('vip - vytváření/editace', self::MODULE_NAME . ':Admin:Vipchronicle', 'create');
$acl->allow('vip - vytváření/editace', self::MODULE_NAME . ':Admin:Vipchronicle', 'edit');
$acl->allow('vip - popisky', self::MODULE_NAME . ':Admin:Vipchronicle', 'photos');
$acl->allow('vip - generování', self::MODULE_NAME . ':Admin:Vipchronicle', 'generate');
$acl->allow('vip - zobrazování', self::MODULE_NAME . ':Admin:Vipchronicle', 'show');
$acl->allow('vip - mazání', self::MODULE_NAME . ':Admin:Vipchronicle', 'delete');
}
/**
* Установить acl
* @param Acl $acl
* @return Auth
*/
public function setAcl($acl)
{
if ($this->hasIdentity()) {
$acl->allow('guest', 'autharea', 'signout');
$acl->deny('guest', 'autharea', array('signin', 'signup'));
}
$this->_acl = $acl;
return $this;
}
