public function init() { $acl = new Zend_Acl(); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_USER, OpenSKOS_Db_Table_Users::USER_ROLE_GUEST); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, OpenSKOS_Db_Table_Users::USER_ROLE_USER); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR); $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR); $acl->addResource('website'); $acl->addResource('editor'); $acl->addResource('editor.concepts', 'editor'); $acl->addResource('editor.concept-schemes', 'editor'); $acl->addResource('editor.institution', 'editor'); $acl->addResource('editor.collections', 'editor'); $acl->addResource('editor.delete-all-concepts-in-collection', 'editor'); $acl->addResource('editor.users', 'editor'); $acl->addResource('editor.jobs', 'editor'); $acl->addResource('editor.manage-search-profiles', 'editor'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST, 'website', 'view'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor', 'view'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor.concepts', 'view'); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, 'editor.concepts', array('propose')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concepts', array('full-create', 'edit', 'delete', 'bulk-status-edit')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concept-schemes', array('index', 'create', 'edit', 'delete', 'manage-icons')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.institution', null); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.collections', array('index', 'manage')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.users', array('index', 'manage')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.jobs', array('index', 'manage')); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.manage-search-profiles', null); $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, 'editor.delete-all-concepts-in-collection', null); Zend_Registry::set(self::REGISTRY_KEY, $acl); //store the ACL for the view: Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); }
public function init() { //set timeout $this->_sessionAdmin = new Zend_Session_Namespace(Zend_Auth_Storage_Session::NAMESPACE_DEFAULT); $this->_sessionAdmin->setExpirationSeconds(30 * 60); //load acl $aclLoader = HCMS_Acl_Loader::getInstance(); $aclLoader->load(); if (!Zend_Auth::getInstance()->hasIdentity()) { $this->_admin = null; } else { $this->_admin = Zend_Auth::getInstance()->getIdentity(); $aclLoader->setCurrentRoleCode($aclLoader->getRoleCode($this->_admin->get_role_id())); } $this->view->admin = $this->_admin; if ($this->_checkAuth) { $this->_checkAuthorization(); } $this->_redirect_to_ssl(); $this->_checkIP(); //set ACL object for Zend_Navigation Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($aclLoader->getAcl()); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($aclLoader->getCurrentRoleCode()); $this->_initVersionInfo(); $this->_module = new Application_Model_Module(); if (Application_Model_ModuleMapper::getInstance()->findByCode($this->getRequest()->getModuleName(), $this->_module)) { $this->view->moduleSettings = $this->_module->get_settings(); } parent::init(); }
/** * Prepares the environment before running a test * */ protected function setUp() { $cwd = __DIR__; // read navigation config $this->_files = $cwd . '/_files'; $config = new \Zend\Config\Xml($this->_files . '/navigation.xml'); // setup containers from config $this->_nav1 = new Navigation\Navigation($config->get('nav_test1')); $this->_nav2 = new Navigation\Navigation($config->get('nav_test2')); // setup view $view = new \Zend\View\PhpRenderer(); $view->resolver()->addPath($cwd . '/_files/mvc/views'); // setup front $front = Controller\Front::getInstance(); $this->_oldControllerDir = $front->getControllerDirectory('test'); $front->setControllerDirectory($cwd . '/_files/mvc/controllers'); // create helper $this->_helper = new $this->_helperName; $this->_helper->setView($view); // set nav1 in helper as default $this->_helper->setContainer($this->_nav1); }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { $navContainer = null; $viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer'); $viewRenderer->initView(); $view = $viewRenderer->view; $module = $request->getModuleName(); if ($module == "admin") { $navContainerConfig = new Zend_Config_Xml(APPLICATION_PATH . '/modules/admin/navigation.xml', 'nav'); $navContainer = new Zend_Navigation($navContainerConfig); // Load the xml navigation menu // check if the database configuration has been set if (Shineisp_Main::isReady()) { // Adding the configuration menu items $configuration = SettingsGroups::getlist(); $submenu = $navContainer->findOneByLabel('Configuration'); foreach ($configuration as $id => $item) { $pages[] = array('label' => $item, 'uri' => '/admin/settings/index/groupid/' . $id, 'resource' => 'admin:settings'); } $submenu->addPages($pages); } // Attach the Zend ACL to the Navigation menu $auth = Zend_Auth::getInstance(); if ($auth) { $acl = $auth->getStorage()->read(); if (is_object($acl)) { Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole("administrator"); } } } elseif ($module == "default") { $navContainerConfig = new Zend_Config_Xml(APPLICATION_PATH . '/modules/default/navigation.xml', 'nav'); $navContainer = new Zend_Navigation($navContainerConfig); // Load the xml navigation menu // Attach the Zend ACL to the Navigation menu $auth = Zend_Auth::getInstance(); if ($auth) { $acl = $auth->getStorage()->read(); if (is_object($acl)) { Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole("guest"); } } } if ($navContainer) { foreach ($navContainer->getPages() as $page) { foreach ($page->getPages() as $subpage) { foreach ($subpage->getPages() as $subsubpage) { $uri = $subsubpage->getHref(); if ($uri === $request->getRequestUri()) { $subsubpage->setActive(true); } } } } $view->navigation($navContainer); } }
public static function init() { $aclProvider = new Application_Security_AclProvider(); $acl = $aclProvider->getAcls(); $aclProvider->getLogger()->debug('ACL: bootrapping'); Zend_Registry::set('Opus_Acl', $acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(Application_Security_AclProvider::ACTIVE_ROLE); }
/** * used for handling top-level navigation * @return Zend_Navigation */ protected function _initNavigation() { $this->bootstrap('layout'); $layout = $this->getResource('layout'); $view = $layout->getView(); $config = new Zend_Config_Xml(APPLICATION_PATH . '/configs/navigation.xml', 'nav'); $container = new Zend_Navigation($config); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl(new My_Acl()); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(My_Acl_Roles::GUEST); $view->navigation($container); }
/** * 在路由结束之后,载入权限分配表。 * * @see Zend_Controller_Request_Abstract::routeShutdown() * @param Zend_Controller_Plugin_Abstract $request * @return void */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { $user = Zend_Registry::get('user'); $role = ZtChart_Model_Acl_Loader::hash($user->getRoleId()); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); ZtChart_Model_Acl_Loader::getInstance()->load($this->_acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->_acl); // 如果拥有全部游戏,则设置为NULL。 if (($gameTypes = $user->getRole()->getGameTypes(true)) == array_keys(ZtChart_Model_GameType::getGames())) { $gameTypes = null; } ZtChart_Model_Assemble_Backend_Abstract::setAllowedGameTypes($gameTypes); }
protected function _initAcl() { $options = $this->getOptions(); $config = $options['acl']['roles']; if (isset($config)) { $auth = Zend_Auth::getInstance(); $role = $auth->hasIdentity() && !empty($auth->getIdentity()->role) ? $auth->getIdentity()->role : 'guest'; $acl = new ZFExt_Acl(); $acl->_configureNavigationAccess(); // привязываем Acl к Navigation Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); } return $acl; }
/** * Инициализация базовых настроек * @return void */ public function init() { parent::init(); $this->_baseUrl = $this->getFrontController()->getBaseUrl(); $auth = Auth::getInstance(); $acl = new Acl(); $auth->setAcl($acl); $this->view->doctype('XHTML1_TRANSITIONAL'); $this->view->headTitle()->setSeparator(' :: '); $this->view->headTitle('HR'); $this->view->addHelperPath('Zend/Dojo/View/Helper/', 'Zend_Dojo_View_Helper'); // $this->view->addHelperPath('../application/views/helpers/', 'Helper'); $this->view->addHelperPath(APPLICATION_PATH . '/views/helpers/', 'Helper'); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole('guest'); $this->_setNavigation(); }
/** * Инициализация пользовательской сессии * * @return array */ public function init() { $this->_bootstrap->bootstrap('Usersession'); $this->_bootstrap->bootstrap('View'); $acl = new Zend_Acl(); $role = $this->_bootstrap->Usersession->UserData['roleid']; $acl->addRole(new Zend_Acl_Role($role)); $db = $this->_bootstrap->Db; $select = $db->select()->from('pw_mvc_resources', new Zend_Db_Expr('DISTINCT module,controller')); foreach ($db->fetchAll($select) as $row) { $acl->add(new Zend_Acl_Resource(join(':', $row))); } foreach ($this->_bootstrap->Usersession->UserData['acl']['mvc'] as $modulename => $moduledata) { foreach ($moduledata as $controllername => $controllerdata) { $acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata)); } } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); $navigation = $this->_bootstrap->View->navigation(); $dir = APPLICATION_PATH . '/configs/navigation/'; if (is_dir($dir)) { $handle = opendir($dir); while ($module = readdir($handle)) { if (is_dir($dir . $module) && !in_array($module, array('.', '..'))) { $files = opendir($dir . $module); while ($file = readdir($files)) { if (preg_match('#^([^\\.]+)\\.xml$#iu', $file, $fileinfo)) { $container = new Zend_Navigation(new Zend_Config_Xml($dir . $module . '/' . $file)); $this->_containers[$module][$fileinfo[1]] = array('menu' => $navigation->menu($container)->render(), 'breadcrumbs' => $navigation->breadcrumbs($container)->render()); } } closedir($files); } } closedir($handle); } $this->_bootstrap->View->assign('Navigation', $this->_containers); return $this->_containers; }
/** * Prepares the environment before running a test * */ protected function setUp() { $cwd = dirname(__FILE__); // read navigation config $this->_files = $cwd . '/_files'; $config = new Zend_Config_Xml($this->_files . '/navigation.xml'); // setup containers from config $this->_nav1 = new Zend_Navigation($config->get('nav_test1')); $this->_nav2 = new Zend_Navigation($config->get('nav_test2')); // setup view $view = new Zend_View(); $view->setScriptPath($cwd . '/_files/mvc/views'); // setup front $front = Zend_Controller_Front::getInstance(); $this->_oldControllerDir = $front->getControllerDirectory('test'); $front->setControllerDirectory($cwd . '/_files/mvc/controllers'); // create helper $this->_helper = new $this->_helperName(); $this->_helper->setView($view); // set nav1 in helper as default $this->_helper->setContainer($this->_nav1); }
/** * Inicializacja navigation * Dlatego jest to na configu że standardowy resource nie obsluguje menu * w osobnym pliku. */ protected function navigation() { $section = 'navigation'; // if(Zend_Auth::getInstance()->getIdentity()->jednostka['type'] == 5) { // $section = 'administration'; // } $navigationConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/navigation.ini', $section); $navigation = new Zend_Navigation($navigationConfig); $this->getResource('view')->navigation($navigation); Zend_Registry::set(Zend_Application_Resource_Navigation::DEFAULT_REGISTRY_KEY, $navigation); $acl = $this->getResource('acl'); $authNamespace = new Zend_Session_Namespace('Zend_Auth'); //sprawdzanie czy użytkownik ma ustawionego ws klienta if ($authNamespace->storage->ws_client_id == null && $authNamespace->storage->profile_id != null) { //pobieranie stron na których jest wymagany klient $pages = $navigation->findBy('clientrequired', true, true); foreach ($pages as $page) { //blokowanie wyświetlenia menu dla stron do których nie ma dostępu $acl = $acl->deny('profile_' . $authNamespace->storage->profile_id, $page->getResource(), null); } } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole('profile_' . Zend_Auth::getInstance()->getIdentity()->profile_id); }
/** * Sets default ACL role(s) to use when iterating pages if not explicitly * set later with {@link setRole()} * * @param midex $role [optional] role to set. Expects null, * string, or an instance of * {@link Zend_Acl_Role_Interface}. * Default is null, which sets no default * role. * @throws Zend_View_Exception if role is invalid * @return void */ public static function setDefaultRole($role = null) { if (null === $role || is_string($role) || $role instanceof Zend_Acl_Role_Interface) { self::$_defaultRole = $role; } else { #require_once 'Zend/View/Exception.php'; throw new Zend_View_Exception('$role must be null|string|Zend_Acl_Role_Interface'); } }
/** * Magic overload: Proxy to other navigation helpers or the container * * Examples of usage from a view script or layout: * <code> * // proxy to Menu helper and render container: * echo $this->navigation()->menu(); * * // proxy to Breadcrumbs helper and set indentation: * $this->navigation()->breadcrumbs()->setIndent(8); * * // proxy to container and find all pages with 'blog' route: * $blogPages = $this->navigation()->findAllByRoute('blog'); * </code> * * @param string $method helper name or method name in * container * @param array $arguments [optional] arguments to pass * @return mixed returns what the proxied call returns * @throws Zend_View_Exception if proxying to a helper, and the * helper is not an instance of the * interface specified in * {@link findHelper()} * @throws Zend_Navigation_Exception if method does not exist in container */ public function __call($method, array $arguments = array()) { // check if call should proxy to another helper if ($helper = $this->findHelper($method, false)) { return call_user_func_array(array($helper, $method), $arguments); } // default behaviour: proxy call to container return parent::__call($method, $arguments); }
/** * Magic overload: Proxy calls to {@link findRelation()} or container * * Examples of finder calls: * <code> * // METHOD // SAME AS * $h->findRelNext($page); // $h->findRelation($page, 'rel', 'next') * $h->findRevSection($page); // $h->findRelation($page, 'rev', 'section'); * $h->findRelFoo($page); // $h->findRelation($page, 'rel', 'foo'); * </code> * * @param string $method method name * @param array $arguments method arguments * @throws Zend_Navigation_Exception if method does not exist in container */ public function __call($method, array $arguments = array()) { if (@preg_match('/find(Rel|Rev)(.+)/', $method, $match)) { return $this->findRelation($arguments[0], strtolower($match[1]), strtolower($match[2])); } return parent::__call($method, $arguments); }
public function processAcl(Zend_Controller_Request_Abstract $Request) { // Request Info $sModule = $Request->getModuleName(); $sController = $Request->getControllerName(); $role = $this->getIdentityRole(); // Resource $resource = $sModule . ':' . $sController; if (!$this->checkAuth($role, $resource)) { $this->addError('noAccess'); return $this->_redirectToLogin($Request); } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->getAcl()); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); }
/** * Строит MVC-менюшки * * @param object $navigation - Zend_View_Helper_Navigation * @param string $module - Название модуля * @param string $filename - Имя xml-файла с деревом разделов * * @return array */ function getMvcMenus($navigation, $module = "default", $filename = "menu") { if (!file_exists($this->paths["applct"] . "/modules/" . $module . "/" . $filename . ".xml")) { return false; } $roles = array_values($this->UserData["roles"]); $role = $roles[0]; $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role($role)); $sql = "SELECT DISTINCT module,controller FROM pw_mvc_resources"; foreach ($this->db->fetchAll($sql) as $row) { $acl->add(new Zend_Acl_Resource($row["module"] . ":" . $row["controller"])); } foreach ($this->UserData["acl"]["mvc"] as $modulename => $moduledata) { foreach ($moduledata as $controllername => $controllerdata) { $acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata)); } } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); $file = $this->paths["applct"] . "modules/" . $module . "/" . $filename . ".xml"; $this->UserSession->mvcMenuContainers[$module][$filename] = $container = new Zend_Navigation(new Zend_Config_Xml($file)); // Верхнее навигационное меню $menu = $navigation->menu($container); $menu = $menu->setMinDepth(null)->setMaxDepth(null); $topmenu = Phorm_Filter_Utf2Win::filter($menu->render()); // Пользовательское меню $current = $container->findBy("action", "users"); $menu = $navigation->menu($current); $menu = $menu->setMinDepth(null)->setMaxDepth(null); $usermenu = Phorm_Filter_Utf2Win::filter($menu->render()); // Подразделы (сестры или детки) $current = $container->findBy("active", true); $menu = $navigation->menu($current); $menu = $menu->setMinDepth(0)->setMaxDepth(0); $branchmenu = Phorm_Filter_Utf2Win::filter($menu->render()); if ($branchmenu == "" && method_exists($current, "getParent")) { $menu = $navigation->menu($current->getParent()); $menu = $menu->setMinDepth(0)->setMaxDepth(0); $branchmenu = Phorm_Filter_Utf2Win::filter($menu->render()); } // Хлебные крошки $menu = $navigation->breadcrumbs($container)->setSeparator(" / "); $breadcrumbs = Phorm_Filter_Utf2Win::filter($menu->render()); return array("topmenu" => $topmenu, "branchmenu" => $branchmenu, "usermenu" => $usermenu, "breadcrumbs" => $breadcrumbs); }
/** * Predispatch * Checks if the current user identified by roleName has rights to the requested url (module/controller/action) * If not, it will call denyAccess to be redirected to errorPage * * @return void **/ public function preDispatch(Zend_Controller_Request_Abstract $request) { $controller = strtolower($request->getControllerName()); if (in_array($controller, array("api", "auth", "locale"))) { $this->setRoleName("G"); } elseif (!Zend_Auth::getInstance()->hasIdentity()) { if ($controller !== 'login') { if ($request->isXmlHttpRequest()) { $url = 'http://' . $request->getHttpHost() . '/login'; $json = Zend_Json::encode(array('auth' => false, 'url' => $url)); // Prepare response $this->getResponse()->setHttpResponseCode(401)->setBody($json)->sendResponse(); //redirectAndExit() cleans up, sends the headers and stops the script Zend_Controller_Action_HelperBroker::getStaticHelper('redirector')->redirectAndExit(); } else { $r = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); $r->gotoSimpleAndExit('index', 'login', $request->getModuleName()); } } } else { $userInfo = Zend_Auth::getInstance()->getStorage()->read(); $this->setRoleName($userInfo->type); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->_acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($this->_roleName); $resourceName = ''; if ($request->getModuleName() != 'default') { $resourceName .= strtolower($request->getModuleName()) . ':'; } $resourceName .= $controller; /** Check if the controller/action can be accessed by the current user */ if (!$this->getAcl()->has($resourceName) || !$this->getAcl()->isAllowed($this->_roleName, $resourceName, $request->getActionName())) { /** Redirect to access denied page */ $this->denyAccess(); } } }
/** * Initialisiert Zend_Acl für die Authorization in OPUS. * * TODO use Application_Security_AclProvider */ protected function _initAuthz() { $this->bootstrap('Logging', 'Navigation', 'view'); $config = $this->getResource('configuration'); if (isset($config->security) && $config->security == 1) { Application_Security_AclProvider::init(); } else { Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl(null); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(null); } }
public function preDispatch() { $request = $this->getRequest(); if (Axis_Area::isFrontend()) { if (!Axis::getCustomerId() && $this->getActionController() instanceof Axis_Account_Controller_Abstract) { $request->setModuleName('Axis_Account')->setControllerName('auth')->setActionName('index')->setDispatched(false); } return; } if (!Axis_Area::isBackend()) { return; } $auth = Zend_Auth::getInstance(); $auth->setStorage(new Zend_Auth_Storage_Session('admin')); if (in_array($request->getControllerName(), array('auth', 'forgot')) && 'Axis_Admin' === $request->getModuleName()) { return; } if (!$auth->hasIdentity()) { if ($request->isXmlHttpRequest()) { Axis::message()->addError(Axis::translate('admin')->__('Your session has been expired. Please relogin')); $jsonHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('json'); $jsonHelper->sendFailure(); return; } $request->setModuleName('Axis_Admin')->setControllerName('auth')->setActionName('index')->setDispatched(false); return; } $user = Axis::single('admin/user')->find($auth->getIdentity())->current(); if (!$user) { $request->setModuleName('Axis_Admin')->setControllerName('auth')->setActionName('logout')->setDispatched(false); return; } $acl = new Zend_Acl(); // add resources $resources = Axis::model('admin/acl_resource')->toFlatTree(); foreach ($resources as $resource) { $parent = $resource['parent']; try { $acl->addResource($resource['id'], $parent); } catch (Zend_Acl_Exception $e) { Axis::message()->addError($e->getMessage()); } } //add role(s) $role = (string) $user->role_id; $acl->addRole($role); //add permission $rowset = Axis::single('admin/acl_rule')->select('*')->where('role_id = ?', $role)->fetchRowset(); foreach ($rowset as $row) { if (!$acl->has($row->resource_id)) { // $row->delete(); // remove invalid rule continue; } $action = 'deny'; if ('allow' === $row->permission) { $action = 'allow'; } try { $acl->{$action}($row->role_id, $row->resource_id); } catch (Zend_Acl_Exception $e) { Axis::message()->addError($e->getMessage()); } } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); if (in_array($request->getControllerName(), array('error')) && 'Axis_Admin' === $request->getModuleName()) { return; } //get current resource by request $request = $this->getRequest(); $inflector = new Zend_Filter_Inflector(); $resource = $inflector->addRules(array(':module' => array('Word_CamelCaseToDash', new Zend_Filter_Word_UnderscoreToSeparator('/'), 'StringToLower'), ':controller' => array('Word_CamelCaseToDash', 'StringToLower', new Zend_Filter_PregReplace('/admin_/', '')), ':action' => array('Word_CamelCaseToDash', 'StringToLower')))->setTarget('admin/:module/:controller/:action')->filter($request->getParams()); if (!$acl->has($resource) || $acl->isAllowed($role, $resource)) { return; } if ($request->isXmlHttpRequest()) { Axis::message()->addError(Axis::translate('admin')->__('You have no permission for this operation')); $jsonHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('json'); $jsonHelper->sendFailure(); return; } $request->setModuleName('Axis_Admin')->setControllerName('error')->setActionName('access-denied')->setDispatched(false); }
<?php require_once 'Acl_plugin.php'; $ccAcl = new Zend_Acl(); $ccAcl->addRole(new Zend_Acl_Role('G'))->addRole(new Zend_Acl_Role('H'), 'G')->addRole(new Zend_Acl_Role('P'), 'H')->addRole(new Zend_Acl_Role('A'), 'P'); $ccAcl->add(new Zend_Acl_Resource('library'))->add(new Zend_Acl_Resource('index'))->add(new Zend_Acl_Resource('user'))->add(new Zend_Acl_Resource('error'))->add(new Zend_Acl_Resource('login'))->add(new Zend_Acl_Resource('playlist'))->add(new Zend_Acl_Resource('plupload'))->add(new Zend_Acl_Resource('schedule'))->add(new Zend_Acl_Resource('api'))->add(new Zend_Acl_Resource('nowplaying'))->add(new Zend_Acl_Resource('search'))->add(new Zend_Acl_Resource('dashboard'))->add(new Zend_Acl_Resource('preference'))->add(new Zend_Acl_Resource('recorder'))->add(new Zend_Acl_Resource('statistics')); /** Creating permissions */ $ccAcl->allow('G', 'index')->allow('G', 'login')->allow('G', 'error')->allow('G', 'nowplaying')->allow('G', 'api')->allow('G', 'recorder')->allow('G', 'schedule')->allow('G', 'dashboard')->allow('H', 'plupload')->allow('H', 'library')->allow('H', 'search')->allow('H', 'playlist')->allow('A', 'user')->allow('A', 'preference')->allow('A', 'statistics'); $aclPlugin = new Zend_Controller_Plugin_Acl($ccAcl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($ccAcl); $front = Zend_Controller_Front::getInstance(); $front->registerPlugin($aclPlugin);
protected function _initAcl() { $acl = new Acl(); Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(UserMap::getRole()); Zend_Registry::set('Zend_Acl', $acl); return $acl; }
protected function _initAlc() { $auth = Zend_Auth::getInstance(); // Определяем роль пользователя. // Если не авторизирован - значит "гость" $role = $auth->hasIdentity() && !empty($auth->getIdentity()->role) ? $auth->getIdentity()->role : 'guest'; // Создаём объект Zend_Acl $acl = new Zend_Acl(); // указываем, что у нас есть ресурсы $acl->addResource(new Zend_Acl_Resource('error')); $acl->addResource(new Zend_Acl_Resource('auth')); $acl->addResource(new Zend_Acl_Resource('index')); $acl->addResource(new Zend_Acl_Resource('pages')); $acl->addResource(new Zend_Acl_Resource('catalog')); $acl->addResource(new Zend_Acl_Resource('categories')); $acl->addResource(new Zend_Acl_Resource('products')); $acl->addResource(new Zend_Acl_Resource('manufacture')); $acl->addResource(new Zend_Acl_Resource('manufacture-categories')); $acl->addResource(new Zend_Acl_Resource('pipeline')); $acl->addResource(new Zend_Acl_Resource('pipeline-categories')); $acl->addResource(new Zend_Acl_Resource('pipeline-property')); $acl->addResource(new Zend_Acl_Resource('pipeline-property-value')); $acl->addResource(new Zend_Acl_Resource('oil')); $acl->addResource(new Zend_Acl_Resource('oil-categories')); $acl->addResource(new Zend_Acl_Resource('forum')); $acl->addResource(new Zend_Acl_Resource('media')); $acl->addResource(new Zend_Acl_Resource('media-categories')); $acl->addResource(new Zend_Acl_Resource('home')); $acl->addResource(new Zend_Acl_Resource('about')); $acl->addResource(new Zend_Acl_Resource('contacts')); $acl->addResource(new Zend_Acl_Resource('search')); $acl->addResource(new Zend_Acl_Resource('trash')); $acl->addResource(new Zend_Acl_Resource('utils')); $acl->addResource(new Zend_Acl_Resource('search-index')); $acl->addResource(new Zend_Acl_Resource('cache-manager')); $acl->addResource(new Zend_Acl_Resource('update-image-catalog')); $acl->addResource(new Zend_Acl_Resource('products-draft')); $acl->addResource(new Zend_Acl_Resource('models-generator')); $acl->addResource(new Zend_Acl_Resource('csv-catalog-generator')); $acl->addResource(new Zend_Acl_Resource('xml-catalog-generator')); $acl->addResource(new Zend_Acl_Resource('api')); $acl->addResource(new Zend_Acl_Resource('get')); // далее переходим к созданию ролей, которых у нас 2: // гость (неавторизированный пользователь) $acl->addRole('guest'); // администратор, который наследует доступ от гостя $acl->addRole('manager', 'guest'); // администратор, который наследует доступ от гостя $acl->addRole('admin', 'guest'); $acl->deny(); $acl->allow('guest', array('auth', 'error')); $acl->allow('manager', array('index', 'home', 'contacts', 'about', 'pages', 'categories', 'products', 'manufacture', 'manufacture-categories', 'pipeline', 'pipeline-categories', 'pipeline-property', 'oil', 'oil-categories', 'forum', 'media', 'media-categories', 'search'), array('index', 'list', 'edit', 'json', 'get', 'property', 'modifications', 'modification-edit', 'modification-property-edit', 'category', 'slugify', 'slugify-product-sku', 'property-edit', 'view', 'passport', 'reply', 'articles', 'categories')); $acl->allow('admin'); // получаем экземпляр главного контроллера $fc = Zend_Controller_Front::getInstance(); // регистрируем плагин с названием Acl, в который передаём // на ACL и экземпляр Zend_Auth $fc->registerPlugin(new Plugin_AclAdmin($acl, Zend_Auth::getInstance())); // Цепляем ACL к Zend_Navigation Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role); }
/** * Run plugin on preDispatch * @param Zend_Controller_Request_Abstract $Request * @see Zend/Controller/Plugin/Zend_Controller_Plugin_Abstract::preDispatch() */ public function preDispatch(Zend_Controller_Request_Abstract $Request) { $sController = $Request->getControllerName(); $sModule = $Request->getModuleName(); $sResource = $sModule . $this->getDefaultSeparator() . $sController; // Set current resource $this->setCurrentResource($sResource); if ($this->getAutoWhitelistErrorResource() && $sResource == $this->getErrorResource()) { return; // Error Resource whitelisted } if (!$this->getSecurityManager()->isAuthorized($sResource, $this->getDefaultPrivilege())) { $this->_handleError($Request, self::STR_ACCESSDENIED, $sResource); } else { if ($this->getSecurityManager()->isSessionExpired()) { $this->_handleError($Request, self::STR_SESSIONEXPIRED, $sResource); } } Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($this->getSecurityManager()->getAcl()); Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($this->getSecurityManager()->getActiveUser()); }
public function testSetDefaultRoleThrowsExceptionWhenGivenAnArbitraryObject() { try { Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole(new stdClass()); $this->fail('An invalid argument was given, but a ' . 'Zend_View_Exception was not thrown'); } catch (Zend_View_Exception $e) { $this->assertContains('$role must be', $e->getMessage()); } }