/** * Sync action for resource controller */ public function syncAction() { $translate = Zend_Registry::get('Zend_Translate'); try { $mdlResource = new Acl_Model_Resource(); $registeredList = $mdlResource->getRegisteredList(); #print_r($registeredList); #die(); $resourcesAvailable = array(); $sxe = new SimpleXMLElement(APPLICATION_PATH . '/../.zfproject.xml', null, true); foreach ($sxe->projectDirectory->applicationDirectory->modulesDirectory->moduleDirectory as $module) { #echo "<h1>Modulo:".$module['moduleName']."</h1>"; foreach ($module->controllersDirectory->controllerFile as $controller) { #echo "<h2>controlador: ".$controller['controllerName']."<h2>"; foreach ($controller->actionMethod as $action) { #echo "<h3>action: ".$action['actionName']."<h3>"; $resourcesAvailable[] = $module['moduleName'] . '-' . $controller['controllerName'] . '-' . $action['actionName']; } } } foreach ($resourcesAvailable as $rsa) { $isRegistered = false; foreach ($registeredList as $rsRegistered) { $rsTemp = $rsRegistered->module . '-' . $rsRegistered->controller . '-' . $rsRegistered->actioncontroller; if (strcasecmp($rsa, $rsTemp) == 0) { $isRegistered = true; } } if (!$isRegistered) { $arrResource = explode('-', $rsa); $resource = $mdlResource->createRow(); $resource->module = $arrResource[0]; $resource->controller = $arrResource[1]; $resource->actioncontroller = $arrResource[2]; $resource->save(); } } /* @var $cache Zend_Cache_Backend_File */ $cache = Zend_Registry::get('cacheACL'); $mdlRole = new Acl_Model_Role(); $roles = $mdlRole->getRoles(); foreach ($roles as $role) { if ($cache->test('cacheACL_' . $role->id)) { $cache->remove('cacheACL_' . $role->id); } } $this->_helper->flashMessenger->addMessage(array('type' => 'info', 'header' => '', 'message' => $translate->translate("ACL_RESOURCES_SYNCD"))); return $this->_helper->redirector("list", "resource", "acl"); } catch (Exception $e) { $this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $e->getMessage())); return $this->_helper->redirector("list", "resource", "acl"); } return; }
/** * PreDispatch method for ACL Plugin. It checks if current user has privileges for resources requested * @see Zend_Controller_Plugin_Abstract::preDispatch() * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { try { $frontendOptions = array('lifetime' => 43200, 'automatic_serialization' => true); $backendOptions = array('cache_dir' => APPLICATION_CACHE_PATH); $cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions); // fetch the current user $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $identity = $auth->getIdentity(); $objRole->id = $identity->role_id; // get an instance of Zend_Session_Namespace used by Zend_Auth #$authns = new Zend_Session_Namespace($auth->getStorage()->getNamespace()); // set an expiration on the Zend_Auth namespace where identity is held #$authns->setExpirationSeconds(60 * 30); // expire auth storage after 30 min } else { $objRole->id = 3; # guess } $cacheACL = false; if ($cache->load('cacheACL_' . $objRole->id) && $cache->test('cacheACL_' . $objRole->id)) { $cacheACL = $cache->load('cacheACL_' . $objRole->id); } if ($cacheACL == false) { // set up acl $acl = new Zend_Acl(); $mdlRole = new Acl_Model_Role(); $mdlResource = new Acl_Model_Resource(); $mdlPermission = new Acl_Model_Permission(); #$role = $mdlRole->createRow(); $acl->addRole(new Zend_Acl_Role($objRole->id)); $role = $mdlRole->find($objRole->id)->current(); #var_dump($role, $objRole->id); #die(); if ($role == null) { throw new Zend_Exception('Role not found'); } $select = $mdlRole->select()->order('priority DESC')->limit(1); $childRole = $role->findDependentRowset('Acl_Model_Role', null, $select)->current(); $resources = $mdlResource->getRegisteredList(); #if ( !$resources ) throw new Zend_Exception('Resources not available'); if ($resources->count() > 0) { foreach ($resources as $resource) { $resourceTemp = strtolower($resource->module . ':' . $resource->controller); if (!$acl->has(new Zend_Acl_Resource($resourceTemp))) { $acl->addResource(new Zend_Acl_Resource($resourceTemp)); } } } else { throw new Zend_Exception('Resources not available'); } if ($resources->count() > 0) { foreach ($resources as $resource) { $resourceTemp = strtolower($resource->module . ':' . $resource->controller); $childPrivilege = $childRole ? $mdlPermission->getByResource($resource, $childRole) : null; $rolePrivilege = $mdlPermission->getByResource($resource, $role); if ($objRole->id < 2) { $acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller); } elseif (!$childRole && !$rolePrivilege || strcasecmp($rolePrivilege->privilege, 'deny') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'deny') == 0 && !$rolePrivilege) { $acl->deny($objRole->id, $resourceTemp, $resource->actioncontroller); } elseif (strcasecmp($rolePrivilege->privilege, 'allow') == 0 || $childPrivilege && strcasecmp($childPrivilege->privilege, 'allow') == 0 && !$rolePrivilege) { $acl->allow($objRole->id, $resourceTemp, $resource->actioncontroller); } } # foreach ( $resources as $resource ) } # if ( $resources->count() > 0 ) $cache->save($acl, 'cacheACL_' . $objRole->id); Zend_Registry::set('ZendACL', $acl); } else { Zend_Registry::set('ZendACL', $cacheACL); } Zend_Registry::set('cacheACL', $cache); } catch (Exception $e) { try { $writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugins.log'); $logger = new Zend_Log($writer); $logger->log($e->getMessage(), Zend_Log::ERR); } catch (Exception $e) { } } }