public function __construct()
{
$resourcesModel = new Z_Model_Resources();
$resources = $resourcesModel->fetchAll()->toArray();
$resourceById = array();
foreach ($resources as $resource) {
$resourceById[$resource['id']] = $resource['resourceId'];
}
$res_added = false;
while (!$res_added) {
$res_added = true;
foreach ($resources as $resource) {
$parentResourceId = array_key_exists($resource['parentid'], $resourceById) ? $resourceById[$resource['parentid']] : NULL;
if ($parentResourceId == NULL || $this->has($parentResourceId)) {
if (!$this->has($resource['resourceId'])) {
$this->addResource($resource['resourceId'], $parentResourceId);
}
} else {
$res_added = false;
}
}
}
$rolesModel = new Z_Model_Roles();
$roles = $rolesModel->fetchAll()->toArray();
// !!!
foreach ($roles as $role) {
$this->addRoleParents($role);
// !!!
if (!$this->_getRoleRegistry()->has($role['roleId'])) {
$this->addRole($role['roleId'], $rolesModel->getParentsArray($role['id']));
}
}
$privilegesModel = new Z_Model_Privileges();
$rulesModel = new Z_Model_Rules();
$rules = $rulesModel->getAllRules();
foreach ($rules as $rule) {
if (empty($rule['roleId'])) {
$rule['roleId'] = null;
}
if (empty($rule['resourceId'])) {
$rule['resourceId'] = null;
}
$privileges = $privilegesModel->getRulePrivileges($rule['id']);
foreach ($privileges as $privilege) {
if (empty($privilege)) {
$privilege = null;
}
if ('allow' === $rule['rule']) {
$this->allow($rule['roleId'], $rule['resourceId'], $privilege);
} elseif ('deny' === $rule['rule']) {
$this->deny($rule['roleId'], $rule['resourceId'], $privilege);
} else {
require_once 'Zend/Acl/Exception.php';
throw new Zend_Acl_Exception("Unsupported rule type; must be either '" . self::TYPE_ALLOW . "' or '" . self::TYPE_DENY . "'");
}
}
}
}
public function denyAction()
{
$resources = new Z_Model_Resources();
$privileges = new Z_Model_Privileges();
$resource = $resources->fetchRow(array('resourceId=?' => 'admin_' . $this->_getParam('controller')));
$privilege = $privileges->fetchRow(array('name=?' => $this->_getParam('action')));
Z_FlashMessenger::addMessage('Доступ к действию данного модуля запрещен.');
if (Z_Auth::getInstance()->getUser()->getRole() == 'guest') {
$this->ajaxGo($this->view->url(array('controller' => 'z_user', 'action' => 'login')));
$this->ajaxGo($this->view->url(array('controller' => 'z_menu', 'action' => 'index')));
$this->ajaxGo($this->view->url(array('controller' => 'index', 'action' => 'index')));
} else {
if ($privilege) {
Z_FlashMessenger::addMessage('Действие: ' . ($privilege ? $privilege->title : 'Неизвестно'));
}
if ($resource) {
Z_FlashMessenger::addMessage('Модуль: ' . ($resource ? $resource->title : 'Неизвестно'));
}
}
$this->disableRenderView();
}