PHP Application_Model_PrivilegeMapperの例

コード例 #1

ファイル: RoleResourcePrivilegeCreate.php プロジェクト: alclin/zend_framework

 public function init()
 {
     parent::init();
     $role_mapper = new Application_Model_RoleMapper();
     $roles = $role_mapper->fetchAll();
     $resource_mapper = new Application_Model_ResourceMapper();
     $resources = $resource_mapper->fetchAll();
     $privilege_mapper = new Application_Model_PrivilegeMapper();
     $privileges = $privilege_mapper->fetchAll();
     $multi_options = array('' => 'Select option');
     if ($roles) {
         foreach ($roles as $row) {
             $multi_options[$row->getId()] = $row->getRole();
         }
     }
     $this->addElement('select', 'role_id', array('required' => true, 'label' => 'Role:', 'MultiOptions' => $multi_options));
     $multi_options = array('' => 'Select option');
     if ($resources) {
         foreach ($resources as $row) {
             $multi_options[$row->getId()] = $row->getResource();
         }
     }
     $this->addElement('select', 'resource_id', array('label' => 'Resource:', 'MultiOptions' => $multi_options));
     $multi_options = array('' => 'Select option');
     if ($privileges) {
         foreach ($privileges as $row) {
             $multi_options[$row->getId()] = $row->getPrivilege();
         }
     }
     $this->addElement('select', 'privilege_id', array('label' => 'Privilege:', 'MultiOptions' => $multi_options));
     $this->addElement('submit', 'submit', array('ignore' => true, 'label' => 'Add Role-Resource-Privilege'));
 }

コード例 #2

ファイル: Bootstrap_0.php プロジェクト: alclin/zend_framework

 public function _initAcl()
 {
     if (!Zend_Registry::isRegistered('init_acl')) {
         $acl = new Zend_Acl();
         // add roles
         $role_mapper = new Application_Model_RoleMapper();
         $roles = $role_mapper->fetchAll();
         foreach ($roles as $row) {
             if ($row->getInherited_role_id() != null) {
                 $inherited_role = $role_mapper->find($row->getInherited_role_id());
                 if ($inherited_role) {
                     // inheritor inherits all of the rules of inherited
                     $acl->addRole(new Zend_Acl_Role($row->getRole()), $inherited_role->getRole());
                 } else {
                     $acl->addRole(new Zend_Acl_Role($row->getRole()));
                 }
             } else {
                 $acl->addRole(new Zend_Acl_Role($row->getRole()));
             }
         }
         // add resources
         $resource_mapper = new Application_Model_ResourceMapper();
         $resources = $resource_mapper->fetchAll();
         foreach ($resources as $row) {
             $acl->addResource(new Zend_Acl_Resource($row->getResource()));
         }
         // Add roles-resource, role-privilege, and role-resource-privilege combinations
         $role_resource_privilege_mapper = new Application_Model_RoleResourcePrivilegeMapper();
         $privilege_mapper = new Application_Model_PrivilegeMapper();
         $role_resource_privileges = $role_resource_privilege_mapper->fetchAll();
         foreach ($role_resource_privileges as $row) {
             $role = $role_mapper->find($row->getRole_id());
             $resource = $resource_mapper->find($row->getResource_id());
             $privilege = $privilege_mapper->find($row->getPrivilege_id());
             $resource = $resource ? $resource->getResource() : null;
             $privilege = $privilege ? $privilege->getPrivilege() : null;
             $acl->allow($role->getRole(), $resource, $privilege);
         }
         Zend_Registry::set('acl', $acl);
         Zend_Registry::set('init_acl', true);
     }
 }

コード例 #3

ファイル: ControllerController_0.php プロジェクト: alclin/zend_framework

 public function init()
 {
     $controller_name = strtolower($this->_request->getControllerName());
     $action_name = strtolower($this->_request->getActionName());
     /**
      * Because this controller is a template, it is not meant to be accessed
      * Redirect if someone attempts to access it
      */
     if ($controller_name == 'controller') {
         return $this->_redirect('/');
     }
     // Check if the current controller is a resource that needs permissions to access
     $resource_mapper = new Application_Model_ResourceMapper();
     $resource = $resource_mapper->findByResource($controller_name);
     if ($resource) {
         $resource = $resource[0];
         if (!Zend_Auth::getInstance()->hasIdentity()) {
             return $this->_redirect('/');
         }
         $resource_name = $controller_name;
         $privilege_name = null;
         $privilege_mapper = new Application_Model_PrivilegeMapper();
         $privilege = $privilege_mapper->findByPrivilege($action_name);
         if ($privilege) {
             $privilege = $privilege[0];
             $resource_privilege_mapper = new Application_Model_ResourcePrivilegeMapper();
             $params = array('where' => 'resource_id = ' . $resource->getId() . ' AND privilege_id = ' . $privilege->getId());
             $resource_privilege = $resource_privilege_mapper->select($params);
             if ($resource_privilege) {
                 $privilege_name = $privilege->getPrivilege();
             }
         }
         /**
          * For each of the roles that the user has, check if one of the
          * roles has permission to access the resource
          */
         $acl = Zend_Registry::get('acl');
         $acl_user = Zend_Registry::get('acl_user');
         $allowed = false;
         if (count($acl_user)) {
             foreach ($acl_user as $row) {
                 if ($row->getRole() == 'admin' || $acl->isAllowed($row->getRole(), $resource_name, $privilege_name)) {
                     $allowed = true;
                     break;
                 }
             }
         }
         if (!$allowed) {
             return $this->_redirect('/');
         }
     }
     // record page visit
     $config = new Zend_Config_INI(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
     $this->_store_url = $config->history_url;
     $ignore_controllers = array('index', 'auth', 'history');
     if (Zend_Auth::getInstance()->hasIdentity() && !in_array($controller_name, $ignore_controllers)) {
         $user = new Zend_Session_Namespace('user');
         $user_id = $user->user['id'];
         if ($this->_store_url) {
             $url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
             $data = array('url' => $url, 'user_id' => $user_id, 'created' => date('Y-m-d H:i:s'));
             $history_url_mapper = new Application_Model_HistoryUrlMapper();
             $history_url = new Application_Model_HistoryUrl($data);
             $history_url_mapper->save($history_url);
         } else {
             $controller_mapper = new Application_Model_ControllerMapper();
             $action_mapper = new Application_Model_ActionMapper();
             $controllers = $controller_mapper->findByController($controller_name);
             $actions = $action_mapper->findByAction($action_name);
             if ($controllers && $actions) {
                 $controller = $controllers[0];
                 $action = $actions[0];
                 $controller_id = $controller->getId();
                 $action_id = $action->getId();
                 $data = array('controller_id' => $controller_id, 'action_id' => $action_id, 'user_id' => $user_id, 'created' => date('Y-m-d H:i:s'));
                 $history_mapper = new Application_Model_HistoryMapper();
                 $history = new Application_Model_History($data);
                 $history_mapper->save($history);
             }
         }
     }
 }

コード例 #4

ファイル: Bootstrap.php プロジェクト: alclin/zend_framework

 public function _initAcl()
 {
     if (!Zend_Registry::isRegistered('init_acl')) {
         /**
          *   resource  = controller
          *   privilege = action
          */
         $acl = array('roles' => array(), 'resources' => array(), 'resource-privileges' => array(), 'role-resource-privileges' => array());
         $role_mapper = new Application_Model_RoleMapper();
         $resource_mapper = new Application_Model_ResourceMapper();
         $privilege_mapper = new Application_Model_PrivilegeMapper();
         $resource_privilege_mapper = new Application_Model_ResourcePrivilegeMapper();
         $role_resource_privilege_mapper = new Application_Model_RoleResourcePrivilegeMapper();
         // add roles
         $roles = $role_mapper->fetchAll();
         foreach ($roles as $row) {
             if ($row->getInherited_role_id() != null) {
                 $inherited_role = $role_mapper->find($row->getInherited_role_id());
                 if ($inherited_role) {
                     // inheritor inherits all of the rules of inherited
                     $acl['roles'][$row->getRole()] = array('role' => $row->getRole(), 'parent' => $inherited_role->getRole());
                 } else {
                     $acl['roles'][$row->getRole()] = array('role' => $row->getRole());
                 }
             } else {
                 $acl['roles'][$row->getRole()] = array('role' => $row->getRole());
             }
         }
         // add resources
         $resources = $resource_mapper->fetchAll();
         foreach ($resources as $row) {
             $acl['resources'][] = $row->getResource();
         }
         // add resource-privilege combinations
         $resource_privileges = $resource_privilege_mapper->fetchAll();
         foreach ($resource_privileges as $row) {
             $resource = $resource_mapper->find($row->getResource_id());
             $privilege = $privilege_mapper->find($row->getPrivilege_id());
             if ($resource && $privilege) {
                 $resource = $resource->getResource();
                 $privilege = $privilege->getPrivilege();
                 if (!isset($acl['resource_privileges'][$resource])) {
                     $acl['resource_privileges'][$resource] = array();
                 }
                 $acl['resource_privileges'][$resource][] = $privilege;
             }
         }
         // add role-resource-privilege combinations
         $role_resource_privileges = $role_resource_privilege_mapper->fetchAll();
         foreach ($role_resource_privileges as $row) {
             $role = $role_mapper->find($row->getRole_id());
             if ($role) {
                 $role = $role->getRole();
                 $resource = $resource_mapper->find($row->getResource_id());
                 $privilege = $privilege_mapper->find($row->getPrivilege_id());
                 $resource = $resource ? $resource->getResource() : null;
                 $privilege = $privilege ? $privilege->getPrivilege() : null;
                 if (!isset($acl['role-resource-privileges'][$role])) {
                     $acl['role-resource-privileges'][$role] = array();
                 }
                 $acl['role-resource-privileges'][$role][] = array('resource' => $resource, 'privilege' => $privilege);
             }
         }
         Zend_Registry::set('acl', $acl);
         Zend_Registry::set('init_acl', true);
     }
 }