예제 #1
0
 /**
  * Query the ACL if the user is allowed to be dispatched to the resource
  *
  * @param Zend_Controller_Request_Abstract $request
  * @throws Zend_Exception if user is not allowed (handled by error controller)
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $module = $request->getModuleName();
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $resource = $module . '/' . $controller;
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity() === TRUE) {
         $user = $auth->getIdentity();
     } else {
         $user = new App_User();
         $user->setRole(Zend_Registry::get('acl_default_role_name'), Zend_Registry::get('acl_default_role_id'));
     }
     $auth->getStorage()->write($user);
     /**
      * load acl stuff from cache.
      * the acl is created, that it doesnot grab the data from the database again
      * so, we should have a little bit of performance here
      */
     /*
             //FIXME: ACL Caching seems be faulty or its the development process
             //       After changing rules, ACL doesn't match anymore
             //       Fix: After Changing roles/rules refresh the ACL Cache Object
             $cache = Zend_Registry::get('Cache_Acl');
             $acl   = $cache->load('acl_object');
             IF(!$acl) {
        $acl = new App_Acl;
             }
     */
     $acl = new App_Acl();
     // FIXME: remove after above is fixed
     $acl->buildResourceRules($module, $controller, $action, $user);
     // $cache->save($acl, 'acl_object'); // FIXME: enabled again after above problem is fixed
     foreach ($user->getRoles() as $roleId => $roleName) {
         if ($acl->isAllowed($roleId, $resource, $action)) {
             return TRUE;
         }
         foreach ($acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
             if ($acl->isAllowed($roleId, $resource, $action)) {
                 return TRUE;
             }
         }
     }
     /**
      * This part is critical (see todo in class docs)
      *
      * 1. On XML Requests:
      *      The setbody just adds information to the body. If an php error occure, the
      *      setBody just prepend the this error to the php error => the return is an Json/html mixed response, unreadable for Ajax Client
      * 2. normal HTTP resposen:
      *      anonymouse rerouting to login page, no reason or any notification to the user
      */
     if ($this->getRequest()->isXmlHttpRequest()) {
         $this->getResponse()->setBody(Zend_Json_Encoder::encode(array('success' => FALSE, 'error_message' => 'No Right to execute this action')));
     } elseif ($controller !== 'error') {
         $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
         $redirector->gotoSimple('login', 'auth', 'noc');
     }
 }
예제 #2
0
 /**
  * Check if the current user (self::$user) is allowed to
  * use the $module/$action
  *
  * @param string $module
  * @param string $action
  * @return bool
  */
 public function isAllowed($module, $action)
 {
     $resource = 'webdesktop/' . $module;
     // build rules on every call?
     $this->acl->buildResourceRules('webdesktop', $module, $action, $this->user, TRUE);
     $cache = Zend_Registry::get('Cache_Acl');
     $cache->save($this->acl, 'acl_object');
     foreach ($this->user->getRoles() as $roleId => $roleName) {
         if ($this->acl->isAllowed($roleId, $resource, $action)) {
             return TRUE;
         }
         foreach ($this->acl->getRole($roleId)->getParentRole() as $roleId => $roleName) {
             if ($this->acl->isAllowed($roleId, $resource, $action)) {
                 return TRUE;
             }
         }
     }
     return FALSE;
 }