public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ($request->getParam('sid') !== null && $request->getParam('PHPSESSID') === null) {
$request->setParam('PHPSESSID', $request->getParam('sid'));
}
if ($request->getParam('PHPSESSID') === null) {
$module = strtolower($request->getModuleName());
$controller = strtolower($request->getControllerName());
$action = strtolower($request->getActionName());
$route = $module . '/' . $controller . '/' . $action;
if (!in_array($route, $this->_whitelist)) {
if (is_null($this->_auth)) {
$auth = Zend_Auth::getInstance();
$auth->setStorage(new Zend_Auth_Storage_Session($this->getStorage()));
$this->_auth = $auth;
}
if (!$this->_auth->hasIdentity()) {
$errorHandler = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS);
$errorHandler->type = 'EXCEPTION_NOT_ALLOWED';
$errorHandler->exception = new Zend_Controller_Action_Exception('No credentials available');
$errorHandler->request = clone $request;
$request->setParam('error_handler', $errorHandler)->setModuleName($this->getErrorHandlerModule())->setControllerName($this->getErrorHandlerController())->setActionName($this->getErrorHandlerAction());
} else {
$this->_auth->getIdentity()->connect();
$this->_auth->getIdentity()->refresh();
}
}
}
}
/**
* Check, if user is logged in
*
* @param no parameters
* @return bool logged in status
*/
public function isLoggedIn()
{
if ($this->_zendAuth === null) {
$this->_zendAuth = Zend_Auth::getInstance();
}
return $this->_zendAuth->hasIdentity();
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = "";
$action = "";
$module = "";
/* if($request->getControllerName() == "index" ){
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
else if ( !$this->_auth->hasIdentity() ) {
}*/
if (!$this->_isAuthorized($request->getControllerName(), $request->getActionName())) {
if (!$this->_auth->hasIdentity()) {
if (!in_array($request->getControllerName(), $this->_moRedirect) && !Application_Model_Redirect::hasRequestUri()) {
Application_Model_Redirect::saveRequestUri("/" . $request->getControllerName() . "/" . $request->getActionName());
}
$controller = $this->_notLoggedRoute['controller'];
$action = $this->_notLoggedRoute['action'];
$module = $this->_notLoggedRoute['module'];
} else {
$controller = $this->_forbiddenRoute['controller'];
$action = $this->_forbiddenRoute['action'];
$module = $this->_forbiddenRoute['module'];
}
} else {
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
$request->setControllerName($controller);
$request->setActionName($action);
$request->setModuleName($module);
}
public function indexAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$this->_redirect($this->_returnLogin);
}
$formLogin = new Backend_Form_Login();
$formLogin->setAction($this->view->baseUrl() . $this->_returnLogin);
if ($this->getRequest()->isPost()) {
if (!$formLogin->isValid($this->_request->getPost())) {
$formLogin->populate($this->_request->getPost());
$this->view->formLogin = $formLogin;
} else {
$username = $this->getRequest()->getParam('username', '');
$password = $this->getRequest()->getParam('password', '');
$this->authenticate($username, $password);
if ($this->_auth->hasIdentity()) {
$this->_redirect("/{$this->_module}");
} else {
$this->_redirect($this->_returnLogin);
}
}
}
$this->view->formLogin = $formLogin;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = "";
$action = "";
$module = "";
if ($this->_isProtectedResource($request)) {
if (!$this->_auth->hasIdentity()) {
$controller = $this->_notLoggedRoute['controller'];
$action = $this->_notLoggedRoute['action'];
$module = $this->_notLoggedRoute['module'];
} else {
if (!$this->_isAuthorized($request->getControllerName(), $request->getActionName())) {
$controller = $this->_forbiddenRoute['controller'];
$action = $this->_forbiddenRoute['action'];
$module = $this->_forbiddenRoute['module'];
} else {
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
}
$request->setControllerName($controller);
$request->setActionName($action);
$request->setModuleName($module);
}
}
/**
* Hook into action controller preDispatch() workflow
*
* @return void
*/
public function preDispatch()
{
$role = Zend_Registry::get('config')->acl->defaultRole;
if ($this->_auth->hasIdentity()) {
$user = $this->_auth->getIdentity();
if (is_object($user) && !empty($user->role)) {
$role = $user->role;
}
}
$request = $this->_action->getRequest();
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
$this->_controllerName = $controller;
$resource = $controller;
$privilege = $action;
if (!$this->_acl->has($resource)) {
$resource = null;
}
if ($resource == 'error' && $privilege == 'error') {
return;
}
if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
$request->setModuleName('default')->setControllerName('auth')->setActionName('noaccess');
$request->setDispatched(false);
return;
}
}
/** Get the person's identity
* @access public
* @return boolean
*/
public function getPerson()
{
if ($this->_auth->hasIdentity()) {
return $this->_auth->getIdentity();
} else {
return false;
}
}
protected function _isAuthorized($resource, $action)
{
$user = $this->_auth->hasIdentity() ? $this->_auth->getIdentity() : 'guest';
if (!$this->_acl->has($resource) || !$this->_acl->isAllowed($user, $resource, $action)) {
return false;
}
return true;
}
public function logoutAction()
{
$this->getHelper('contextSwitch')->addActionContext('logout', 'json')->initContext();
if ($this->auth->hasIdentity()) {
$this->auth->clearIdentity();
}
$this->view->response = 'OK';
}
/**
* Get current user
*
* @return Newscoop\Entity\User
*/
public function getCurrentUser()
{
if ($this->currentUser === NULL) {
if ($this->auth->hasIdentity()) {
$this->currentUser = $this->getRepository()->find($this->auth->getIdentity());
}
}
return $this->currentUser;
}
/**
*
* @return boolean
*/
protected function _checkAuth()
{
if (!$this->_auth->hasIdentity() && 'auth' !== $this->_request->getControllerName() && 'cron' !== $this->_request->getModuleName()) {
return false;
}
if (!empty($this->_session->client) && 'external' !== $this->_request->getModuleName()) {
return false;
}
return true;
}
/** Get the user's role
* @access public
* @return string
*/
public function getRole()
{
if ($this->_auth->hasIdentity()) {
$user = $this->_auth->getIdentity();
$role = $user->role;
} else {
$role = 'public';
}
return $role;
}
/**
* Gets content panel for the Debugbar
*
* @return string
*/
public function getPanel()
{
if ($this->_auth->hasIdentity()) {
$html = '<h4>Current Identity</h4>';
$html .= $this->_cleanData($this->_auth->getIdentity());
return $html;
}
return '';
}
/**
* Construtor do Plugin
*
* @param $acl Zend_Acl
* @param $auth Zend_Auth
*/
public function __construct($dbAdapter)
{
// Carrega todas as ACl's
$this->acl = new Acl_Global($dbAdapter);
// Recupera a informacao de autenticacao
$this->auth = Zend_Auth::getInstance();
// Adiciona o role padrao de visitante
if (!$this->auth->hasIdentity()) {
$authStorage = $this->auth->getStorage();
$authStorage->write(array('usuario' => 'visitante', 'role' => 'visitante'));
}
}
/**
* Initialize the controller
* sets basic info such as baseUrl
*
* @return void
*/
public function init()
{
parent::init();
$this->view->baseUrl = $this->_request->getBaseUrl();
if ($this->_authCheckRequired == true) {
$this->_generateAuthAdapter();
if (!$this->_auth->hasIdentity()) {
$this->_helper->redirector->gotoRoute(array('controller' => 'login', 'action' => 'index'));
}
}
$this->view->styles = array('reset.css', 'main.css', 'jquery-ui.css');
$this->view->scripts = array('jquery.js', 'jquery-ui.js');
}
/**
*
* @access public
* @param Zend_Controller_Request_Abstract $request
* @return mixed
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$this->_request = $request;
switch (true) {
case $this->_checkRoute('auth', 'default'):
case $this->_checkRoute('recovery', 'default'):
return true;
break;
case !$this->_auth->hasIdentity():
$this->_routeNoAuth();
break;
}
}
/**
* Gets content panel for the Debugbar
*
* @return string
*/
public function getPanel()
{
$username = '******';
$role = 'Unknown Role';
if ($this->_auth->hasIdentity()) {
foreach ($this->_auth->getIdentity() as $property => $value) {
$this->message->addRow(array((string) $property, (string) $value));
}
} else {
// $this->message->setMessage('Not authorized');
}
return '';
}
/**
* Called before an action is dispatched by Zend_Controller_Dispatcher.
*
* This callback allows for proxy or filter behavior. By altering the
* request and resetting its dispatched flag (via
* {@link Zend_Controller_Request_Abstract::setDispatched() setDispatched(false)}),
* the current action may be skipped.
*
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// reset role & resource
Zend_Registry::set('Role', 'guest');
Zend_Registry::set('Resource', '');
// check if ErrorHandler wasn't fired
if ($request->getParam('error_handler')) {
return;
}
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$pathInfo = $request->getPathInfo();
$allow = false;
if ($this->_auth->hasIdentity()) {
$userId = $this->_auth->getIdentity();
$roleId = $this->_auth->getRoleId();
$rolesList = $this->_em->find('Roles', $roleId);
$roleName = $rolesList->getRoleName();
$role = new Zend_Acl_Role($roleName);
} else {
$roleName = 'guest';
$role = new Zend_Acl_Role($roleName);
}
$resource = $action == '' ? trim($controller) . '/index' : trim($controller) . '/' . trim($action);
$resource = $module == 'default' ? $resource : $module . "/" . $resource;
// on main page resource might be empty
if ($resource == '') {
$resource = 'index/index';
}
// if resource not exist in db then check permission for controller
if (!$this->_acl->has($resource) && $action != '') {
$resource = trim($controller);
}
// check if user is allowed to see the page
$allow = $this->_acl->isAllowed($role, $resource);
if ($allow == false && $this->_auth->hasIdentity()) {
// user logged in but denied permission
$request->setModuleName('default');
$request->setControllerName('error');
$request->setActionName('forbidden');
/* $this->_response->setHeader('Content-type', 'text/html');
$this->_response->setHttpResponseCode(403);
$this->_response->setBody('<h1>403 - Forbidden</h1>');
$this->_response->sendResponse(); */
}
Zend_Registry::set('Role', $role);
Zend_Registry::set('Resource', $resource);
}
/**
* preDispatch
*
* Funcion que se ejecuta antes de que lo haga el FrontController
*
* @param Zend_Controller_Request_Abstract $request Peticion HTTP realizada
* @return
* @uses Zend_Auth
*
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controllerName = $request->getControllerName();
// Si el usuario esta autentificado
if ($this->_auth->hasIdentity()) {
} else {
// Si el Usuario no esta identificado y no se dirige a la página de Login
if ($controllerName != 'login') {
// Mostramos al usuario el Formulario de Login
$request->setControllerName("login");
$request->setActionName("index");
}
}
}
/**
* Check permissions before dispatch process
*
* @throws Zend_Auth_Adapter_Exception if answering the authentication query is impossible
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$resource = $request->getControllerName();
$action = $request->getActionName();
if ($this->_auth->hasIdentity()) {
$identity = $this->_auth->getStorage()->read();
$role = $identity->role;
} else {
$role = $this->_defaultRole;
}
if ($this->_acl->has($resource) && !$this->_acl->isAllowed($role, $resource, $action)) {
$request->setControllerName('error')->setActionName('deny');
}
}
/**
* Hook into action controller preDispatch() workflow
*
* @return void
*/
public function preDispatch()
{
$role = 'guest';
// die($role);
if ($this->_auth->hasIdentity()) {
$user = $this->_auth->getIdentity();
if (is_object($user)) {
$role = $this->_auth->getIdentity()->role;
}
}
$request = $this->_action->getRequest();
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
// $this->view->getLayout()->setLayout($module);
$this->_controllerName = $controller;
$resource = $controller;
$privilege = $action;
if (!$this->_acl->has($resource)) {
$resource = null;
}
if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
if (!$this->_auth->hasIdentity()) {
$noPermsAction = $this->_acl->getNoAuthAction();
} else {
$noPermsAction = $this->_acl->getNoAclAction();
}
$request->setModuleName($noPermsAction['module']);
$request->setControllerName($noPermsAction['controller']);
$request->setActionName($noPermsAction['action']);
$request->setDispatched(false);
}
}
/**
* Hook into action controller preDispatch() workflow
*
* @return void
*/
public function preDispatch()
{
$role = 'public';
if ($this->_auth->hasIdentity()) {
$user = $this->_auth->getIdentity();
if (is_object($user)) {
$role = $this->_auth->getIdentity()->role;
}
}
$request = $this->_action->getRequest();
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
$this->_controllerName = $controller;
$resource = $controller;
$privilege = $action;
if (!$this->_acl->has($resource)) {
$resource = null;
}
if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
$request->setModuleName('default');
$request->setControllerName('error');
$request->setActionName('error');
$request->setDispatched(false);
}
/**
if (!$this->_acl->isAllowed($role, $resource, $privilege)){
throw new Pas_Exception_NotAuthorised('Not authorised');
}
***/
}
/**
* Check that the user has an identity (is logged in) and that they have
* sufficient access to the resource (page) requested.
*
* (non-PHPdoc)
* @see Zend_Controller_Plugin_Abstract::preDispatch()
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// If we are on the error controller, return immediately to prevent
// any database errors happening on error page
if ($request->controller == "error") {
return;
}
// First determine what role we have (admin, member or guest)
if ($this->_auth->hasIdentity()) {
$username = Zend_Auth::getInstance()->getIdentity();
$userMapper = new GD_Model_UsersMapper();
$user = $userMapper->getUserByName($username);
if ($user->isAdmin()) {
$role = 'admin';
} else {
$role = 'member';
}
} else {
$role = 'guest';
}
// Set the initial request - these will be unmodified if access allowed
$controller = $request->controller;
$action = $request->action;
$module = $request->module;
$resource = $controller;
if (!$this->_acl->has($resource)) {
$resource = null;
}
// Use Zend_Acl to check access permissions
if (!$this->_acl->isAllowed($role, $resource, $action)) {
if (!$this->_auth->hasIdentity()) {
$module = $this->_noauth['module'];
$controller = $this->_noauth['controller'];
$action = $this->_noauth['action'];
} else {
$module = $this->_noacl['module'];
$controller = $this->_noacl['controller'];
$action = $this->_noacl['action'];
}
}
// If the module/controller/action has changed, change the request
if ($request->controller != $controller || $request->action != $action || $request->module != $module) {
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}
/**
* Retrieves a role from the current identity
*
* @return null|string
*/
public function getIdentityRole()
{
if (!$this->_auth->hasIdentity()) {
return null;
}
$storage = $this->_auth->getStorage()->read();
return $storage->role;
}
public function getCopyrights()
{
$copyrights = new Copyrights();
$copy = $copyrights->getTypes();
$auth = Zend_Auth::getInstance();
$this->_auth = $auth;
if ($this->_auth->hasIdentity()) {
$user = $this->_auth->getIdentity();
if (is_null($user->fullname)) {
$userCopyright = $user->forename . ' ' . $user->surname;
} else {
$userCopyright = $user->fullname;
}
}
$personal = array($userCopyright => $userCopyright);
return array_merge($copy, $personal);
}
/**
* 判断是否登陆
*
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
if ($this->_auth->hasIdentity()) {
if (false !== ($user = $this->_checkIdentity($this->_auth->getIdentity()->user_name))) {
Zend_Registry::set('user', $user);
} else {
if (!$this->_isAllowedAnonymous($request)) {
$request->setModuleName('default')->setControllerName('index')->setActionName('forbidden');
}
$this->_auth->clearIdentity();
}
} else {
if (!$this->_isAllowedAnonymous($request)) {
// 如果当前请求的Url地址不允许匿名访问,则跳转到登陆页面。
$request->setModuleName('default')->setControllerName('login')->setActionName('index');
}
}
}
/**
* Fetches the current user from the auth object.
*
* @return array Returns a user spec array on success.
* @throws Erfurt_Ac_Exception Throws an exception if no valid user is given.
*/
private function _getUser()
{
if ($this->_auth->hasIdentity()) {
// Identity exists; get it
return $this->_auth->getIdentity();
} else {
require_once 'Erfurt/Ac/Exception.php';
throw new Erfurt_Ac_Exception('No valid user was given.');
}
}
/**
* Gets content panel for the Debug Bar
*
* @return string
*/
public function getPanel()
{
if (!$this->auth->hasIdentity()) {
$html = '<h4>No identity</h4>';
} else {
$html = '<h4>Identity</h4>';
$html .= $this->cleanData($this->auth->getIdentity());
}
return $html;
}
/**
* Get current user
*
* @return Newscoop\Entity\User
*/
public function getCurrentUser()
{
if ($this->currentUser === null) {
if ($this->auth->hasIdentity()) {
$this->currentUser = $this->getRepository()->find($this->auth->getIdentity());
} elseif ($this->security->getToken()) {
if ($this->security->getToken()->getUser()) {
$currentUser = $this->security->getToken()->getUser();
if ($this->security->isGranted('IS_AUTHENTICATED_FULLY') || $this->security->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
$this->currentUser = $currentUser;
} else {
throw new AuthenticationException();
}
} else {
throw new AuthenticationException();
}
}
}
return $this->currentUser;
}
/**
* function preDispatch()
*
* @todo Control request access
* @param Zend_Controller_Request_Abstract $request
* @return null
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// get info of request
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
// get role of current user
if ($this->_auth->hasIdentity()) {
// logined
$identity = $this->_auth->getIdentity();
switch ($identity->Role) {
case 0:
// Super Admin
$role = "SuperAdmin";
break;
case 1:
// Admin
$role = "Admin";
break;
case 2:
// IT
$role = "IT";
break;
case 3:
default:
// User
$role = "User";
break;
}
if ($this->_acl->isAllowed($role, $module . ':' . $controller, $action) == FALSE) {
// Not allowed access
$request->setModuleName('front')->setControllerName('auth')->setActionName('nopermission');
// } else {
// Allowed access
}
} else {
// not login
$role = NULL;
$request->setModuleName('front')->setControllerName('auth')->setActionName('login');
}
}
