/**
* Query the ACL if the user is allowed to be dispatched to the resource
*
* @param Zend_Controller_Request_Abstract $request
* @throws Zend_Exception if user is not allowed (handled by error controller)
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$resource = $module . '/' . $controller;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity() === TRUE) {
$user = $auth->getIdentity();
} else {
$user = new App_User();
$user->setRole(Zend_Registry::get('acl_default_role_name'), Zend_Registry::get('acl_default_role_id'));
}
$auth->getStorage()->write($user);
/**
* load acl stuff from cache.
* the acl is created, that it doesnot grab the data from the database again
* so, we should have a little bit of performance here
*/
/*
//FIXME: ACL Caching seems be faulty or its the development process
// After changing rules, ACL doesn't match anymore
// Fix: After Changing roles/rules refresh the ACL Cache Object
$cache = Zend_Registry::get('Cache_Acl');
$acl = $cache->load('acl_object');
IF(!$acl) {
$acl = new App_Acl;
}
*/
$acl = new App_Acl();
// FIXME: remove after above is fixed
$acl->buildResourceRules($module, $controller, $action, $user);
// $cache->save($acl, 'acl_object'); // FIXME: enabled again after above problem is fixed
foreach ($user->getRoles() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
/**
* This part is critical (see todo in class docs)
*
* 1. On XML Requests:
* The setbody just adds information to the body. If an php error occure, the
* setBody just prepend the this error to the php error => the return is an Json/html mixed response, unreadable for Ajax Client
* 2. normal HTTP resposen:
* anonymouse rerouting to login page, no reason or any notification to the user
*/
if ($this->getRequest()->isXmlHttpRequest()) {
$this->getResponse()->setBody(Zend_Json_Encoder::encode(array('success' => FALSE, 'error_message' => 'No Right to execute this action')));
} elseif ($controller !== 'error') {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->gotoSimple('login', 'auth', 'noc');
}
}
/**
* Check if the current user (self::$user) is allowed to
* use the $module/$action
*
* @param string $module
* @param string $action
* @return bool
*/
public function isAllowed($module, $action)
{
$resource = 'webdesktop/' . $module;
// build rules on every call?
$this->acl->buildResourceRules('webdesktop', $module, $action, $this->user, TRUE);
$cache = Zend_Registry::get('Cache_Acl');
$cache->save($this->acl, 'acl_object');
foreach ($this->user->getRoles() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
foreach ($this->acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
if ($this->acl->isAllowed($roleId, $resource, $action)) {
return TRUE;
}
}
}
return FALSE;
}
/**
* Get the user style to run the webdesktop
*
* @return array
*/
public function getUserStyle()
{
$dbThemes = new Webdesktop_Model_DbTable_Themes();
$dbWallpaper = new Webdesktop_Model_DbTable_Wallpapers();
$theme = $dbThemes->find($this->user->get('themeid'));
$wp = $dbWallpaper->find($this->user->get('wpid'));
$result = array('backgroundcolor' => $this->user->get('bgcolor'), 'fontcolor' => $this->user->get('fgcolor'), 'transparency' => $this->user->get('transparency'), 'theme' => array('id' => $theme->current()->sth_id, 'name' => $theme->current()->sth_name, 'src' => $theme->current()->sth_file), 'wallpaper' => array('id' => $wp->current()->swp_id, 'name' => $wp->current()->swp_name, 'file' => sprintf('%s%s', $this->config->path->wallpapers, $wp->current()->swp_file), 'position' => $this->user->get('wppos')));
return $result;
}
/**
* Get roles bound to a role
*
* @param App_User $user
* @return array
* @access public
*/
public function getUserBoundRoles(App_User $user)
{
$roles = array();
foreach ($user->getRoles() as $id => $name) {
if ($this->hasRole($id)) {
$roles[$id] = $name;
if ($this->getRole($id)->hasParentRole()) {
foreach ($this->getRole($id)->getParentRoles() as $parent) {
$pId = $parent->getRoleId();
$pName = $parent->getName();
$roles[$pId] = $pName;
}
}
}
}
return $roles;
}
// 2008-10-26 SLH Moved from snippets/appMainLoop.php
// ========================================================================
if (!defined('APP_TOPDIR')) {
throw new Exception('APP_TOPDIR not defined');
}
// ========================================================================
//
// Supported services
//
// ------------------------------------------------------------------------
// work out what page was requested
$oRequest = new App_Request();
// create an object to track our response
$oResponse = new App_Response();
// work out who has requested the page
$oUser = App_User::newUser($oRequest, App_Request::$userDB);
// work out what the controller class is
$oController = App_Controller::newController($oRequest, $oResponse, $oUser);
// work out how the page should be displayed
// unlike website apps, this app uses themes to determine what
// format the result should be returned as
$oTheme = App_Theme::newTheme($oRequest, $oUser);
// at this point ...
//
// $oRequest
// contains all the information about what the user wants to do
//
// $oResponse
// contains all the object to hold the data we will return
//
// $oController
