public function preDispatch(MvcEvent $event)
{
/** @var SessionManager $session */
$session = $event->getTarget()->getServiceLocator()->get('Zend\\Session\\SessionManager');
$oldSessionId = $this->getSessionIdFromRequest($event->getRequest());
if ($oldSessionId) {
$session->setId($oldSessionId);
}
$container = new Container('initialized');
if ($container->offsetGet('init') === null) {
$session->regenerateId();
$container->offsetSet('init', 1);
}
$auth = $this->getAuthPlugin();
$acl = $this->getAcl();
if ($auth->hasIdentity()) {
$acl->setUserId($auth->getIdentity());
}
/** @var AbstractActionController|SecureControllerInterface $controller */
$controller = $event->getTarget();
if ($controller instanceof SecureControllerInterface && !$acl->isAllowed($controller->getPrivileges())) {
/** @var \Zend\Http\PhpEnvironment\Response $response */
$response = $controller->getResponse();
$response->setStatusCode(403);
$response->setReasonPhrase("Permission denied");
$model = new ApiModel($response);
$model->setSessionId($this->getSessionId());
$event->setViewModel($model);
$event->stopPropagation(true);
}
}
