/**
* (non-PHPdoc)
* @see Zend_Application_Resource_ResourceAbstract#init()
*/
public function init()
{
$this->_acl = new Zend_Acl();
// static roles
$this->_acl->addRole(new Zend_Acl_Role('all'));
$this->_acl->addRole(new Zend_Acl_Role('anonymous'), 'all');
$this->_acl->addRole(new Zend_Acl_Role('identified'), 'all');
// dinamic roles
foreach ($this->_roles as $roleName) {
if (!$this->_acl->hasRole($roleName)) {
$this->_acl->addRole(new Zend_Acl_Role($roleName), 'identified');
}
}
// var_dump($this->_resources);exit;
// rules
foreach ($this->_resources as $module => $grants) {
$module = strtolower($module);
$this->_acl->add(new Zend_Acl_Resource($module));
foreach ($grants as $controller => $grant) {
$controller = strtolower($controller);
foreach ($grant as $action => $roles) {
$resource = $controller . self::RESOURCE_SEPARATOR . $action;
foreach (explode(',', $roles) as $role) {
if (!empty($role)) {
$this->_acl->allow(trim($role), $module, $resource);
}
}
}
}
}
Zend_Registry::set('acl', $this->_acl);
return $this->_acl;
}
public function __construct()
{
$acl = new Zend_Acl();
//ролі
$acl->addRole(new Zend_Acl_Role('guest'));
//user наслідує усі параметри guest
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'));
//ресурси - доступні контролери
$acl->add(new Zend_Acl_Resource('users'));
$acl->add(new Zend_Acl_Resource('index'));
//дозвіл
$acl->deny();
//заборонити доступ всім
$acl->allow('admin', null);
//дозволити доступ admin-у до всього
//users це resource - контролер
// далі $privilege - екшн
$acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
$acl->allow('guest', 'index');
$acl->allow('user', 'users', array('logout'));
$acl->deny('user', 'users', array('login', 'registration'));
//глобальний доступ до змінної
//щоб використати у видах
Zend_Registry::set('acl', $acl);
/*
//isAllowed() - чи має доступ $role до $resourse і $privilege
//$resource - контролер
//$privilege - екшн
if($acl->isAllowed($role, $resource, $privilege)){
} */
}
/** The constuctor for the class
* @access public
* @param Zend_Acl $aclData
* @param $roleName string
* @return void
**/
public function __construct(Zend_Acl $aclData, $roleName = 'public')
{
$this->_roleName = $roleName;
if (NULL !== $aclData) {
$this->setAcl($aclData);
}
$front = Zend_Controller_Front::getInstance();
/** If an error handler hasn't been setup in the front controller, setup one */
if (!$front->getParam('noErrorHandler') && !$front->hasPlugin('Zend_Controller_Plugin_ErrorHandler')) {
// Register with stack index of 100
$front->registerPlugin(new Zend_Controller_Plugin_ErrorHandler(), 100);
}
/** Allow error handler in the acl */
$errorHandler = Zend_Controller_Front::getInstance()->getPlugin('Zend_Controller_Plugin_ErrorHandler');
$defaultErrorModule = $errorHandler->getErrorHandlerModule();
$defaultErrorController = $errorHandler->getErrorHandlerController();
$defaultErrorAction = $errorHandler->getErrorHandlerAction();
if (NULL !== $defaultErrorModule && $defaultErrorModule != 'default') {
if (!$this->getAcl()->has($defaultErrorModule)) {
require_once 'Zend/Acl/Resource.php';
$this->_acl->add(new Zend_Acl_Resource($defaultErrorModule));
$this->_acl->add(new Zend_Acl_Resource($defaultErrorModule . ':' . $defaultErrorController, $defaultErrorModule));
$this->_acl->allow($this->_roleName, $defaultErrorModule . ':' . $defaultErrorController, $defaultErrorAction);
}
} else {
if (!$this->getAcl()->has($defaultErrorController)) {
$this->_acl->add(new Zend_Acl_Resource($defaultErrorController));
}
$this->_acl->allow($this->_roleName, $defaultErrorController, $defaultErrorAction);
}
$this->setDeniedAction('denied', $defaultErrorController, $defaultErrorModule);
}
/**
* Hook into action controller initialization
*
* @return void
*/
public function init()
{
// add resource for this controller
$controller = $this->getAction()->getRequest()->getControllerName();
if (!$this->_acl->has($controller)) {
$this->_acl->add(new Zend_Acl_Resource($controller));
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
$module = $request->getModuleName();
if ($module == 'admin') {
$moduleList = new Zend_Session_Namespace('moduleList');
$userInfo = new Zend_Session_Namespace('userInfo');
$module = $moduleList->module;
$allowed_module = $userInfo->module_list;
//generating all resources
$acl = new Zend_Acl();
//generating user permission
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->addRole(new Zend_Acl_Role('anonymous'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('ajax'));
$acl->allow('admin', 'index');
$acl->allow('admin', 'ajax');
if (!empty($module)) {
foreach ($module as $value) {
if (!$acl->has($value['controller'])) {
$acl->add(new Zend_Acl_Resource($value['controller']));
}
if (in_array($value['id'], $allowed_module)) {
if ($value['action'] != null) {
$acl->allow('admin', $value['controller'], $value['action']);
} else {
$acl->allow('admin', $value['controller']);
}
}
}
}
//allowing anonymous user to get into the login page
$acl->allow('anonymous', 'index', 'index');
$acl->allow('anonymous', 'index', 'login');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$role = 'admin';
} else {
$role = 'anonymous';
}
$controller = $request->controller;
$action = $request->action;
if (!$acl->isAllowed($role, $controller, $action)) {
$request->setModuleName('admin');
$request->setControllerName('error');
$request->setActionName('acl');
$request->setParam('type', 1);
}
}
} catch (Zend_Acl_Exception $e) {
$request->setModuleName('admin');
$request->setControllerName('error');
$request->setActionName('acl');
$request->setParam('type', 2);
}
}
public function __construct()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->add(new Zend_Acl_Resource('admin'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->deny();
$acl->allow('admin', null);
$acl->allow('guest', 'admin', array('login'));
$acl->allow('guest', 'index');
Zend_Registry::set('acl', $acl);
}
/**
* Setup the ACL
*
* @return void
*/
protected function _setupAcl()
{
if (!$this->_acl->has($this)) {
$this->_acl->add($this);
$this->_setupPrivileges();
}
}
public function checkAccess(Zend_Controller_Request_Abstract $request)
{
$resource = new User_Model_Acl_Resource();
$resource->getPrivileges($request);
if (!$resource->privileges || !$resource->resource_id) {
//error in getting resource privileges or nobody is allowed access, deny access and redirect to forbidden
return false;
}
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource($resource->resource_id));
foreach ($resource->privileges as $key => $privilege) {
if (!$acl->hasRole($privilege["role_id"])) {
$acl->addRole(new Zend_Acl_Role($privilege["role_id"]));
$acl->allow($privilege["role_id"], $resource->resource_id);
}
}
$authorization = Zend_Auth::getInstance();
if ($authorization->hasIdentity()) {
$user = $authorization->getIdentity();
if ($acl->hasRole($user['role_id']) && $acl->isAllowed($user['role_id'], $resource->resource_id)) {
//role has access
return true;
}
//user role does not have access to this resource
return false;
} else {
$aclrole = new User_Model_Acl_Role();
$aclrole->getDefaultRole();
if (!$aclrole->default_role || !$acl->hasRole($aclrole->default_role) || !$acl->isAllowed($aclrole->default_role, $resource->resource_id)) {
//redirect to login
return false;
}
}
return true;
}
public function setAcl(Zend_Acl $acl)
{
if (!$acl->has($this->getResourceId())) {
$acl->add($this)->deny(Model_Role::GUEST, $this, array('view', 'delete'));
}
$this->_acl = $acl;
}
public function getAcl()
{
Zend_Registry::get('log')->info(__METHOD__);
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(1));
$acl->add(new Zend_Acl_Resource('As'));
$acl->add(new Zend_Acl_Resource('Bs'));
$acl->add(new Zend_Acl_Resource('A'));
$acl->add(new Zend_Acl_Resource('B'));
$acl->allow(1, 'As');
//$acl->allow(1, 'Bs');
$acl->allow(1, 'A', 'edit', new App_Acl_Assert_ResourceAccess());
$acl->allow(1, 'A', 'edit:all');
$acl->allow(1, 'A', 'delete', new App_Acl_Assert_ResourceAccess());
$acl->allow(1, 'A', 'delete:mine');
return $acl;
}
/**
* @return void
*/
public function addAllResources()
{
$query = Doctrine_Query::create()->select('c.name, m.name')->from('Model_Entity_Controller c')->leftJoin('c.Module m')->useQueryCache(Kebab_Cache_Query::isEnable());
$resources = $query->execute();
foreach ($resources as $resource) {
parent::add(new Zend_Acl_Resource($resource->Module->name . '_' . $resource->name));
}
}
function __construct($class = NULL)
{
$CI =& get_instance();
$CI->load->library('zend');
$CI->zend->load('Zend/Acl');
$CI->zend->load('Zend/Acl/Role');
$CI->zend->load('Zend/Acl/Resource');
$acl = new Zend_Acl();
//Add the Role
$acl->addRole(new Zend_Acl_Role('NU'));
$acl->addRole(new Zend_Acl_Role('memUser'), 'member');
//Add Resource
$acl->add(new Zend_Acl_Resource('users_login'));
$acl->add(new Zend_Acl_Resource('users_profile'), 'users_login');
$acl->allow('member', 'users_login');
$acl->allow('memUser', 'users_profile');
}
/**
* @group ZF-8468
*/
public function testgetResources()
{
$this->assertEquals(array(), $this->_acl->getResources());
$this->_acl->add(new Zend_Acl_Resource('someResource'));
$this->_acl->add(new Zend_Acl_Resource('someOtherResource'));
$expected = array('someResource', 'someOtherResource');
$this->assertEquals($expected, $this->_acl->getResources());
}
public function __construct()
{
$acl = new Zend_Acl();
// добавляем роли
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
// добавляем ресурсы
$acl->add(new Zend_Acl_Resource('sites'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('logs'));
$acl->add(new Zend_Acl_Resource('auth'));
$acl->add(new Zend_Acl_Resource('maps'));
$acl->add(new Zend_Acl_Resource('best'));
$acl->add(new Zend_Acl_Resource('news'));
// если нет роли то все запрещаем
$acl->deny();
// админу по умолчанию разрешено все
$acl->allow('admin', null);
// гостю только контроллер с экшеном для входа
$acl->allow('guest', 'auth', array('index', 'check'));
$acl->allow('guest', 'maps', array('cronmaps'));
$acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect'));
// если надо запретить экшены в разрешенном контроллере
/*$acl->deny('user', 'users', array(
'login', 'registration'
));
*
*/
Zend_Registry::set('acl', $acl);
}
/**
* Get ACL lists
*
* @return Zend_Acl
*/
public function getAcl()
{
if (null === $this->_acl) {
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource('admin'))->add(new Zend_Acl_Resource('kap'))->add(new Zend_Acl_Resource('members'))->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('kap'), 'guest')->addRole(new Zend_Acl_Role('admin'), 'kap')->deny()->allow('admin', 'admin')->allow('admin', 'members')->allow('admin', 'kap')->allow('kap', 'kap')->allow('kap', 'members')->allow('guest', 'members', array('index', 'team', 'player', 'turnir', 'old', 'regno'));
$this->_acl = $acl;
}
return $this->_acl;
}
/**
* Метод загружающий ресурсы ACL
* из хранилища ресурсов в объект Zend_Acl
*
* @return void
*/
protected function _loadResources()
{
$resources = $this->_resources->getAll();
foreach ($resources as $resource) {
if (!$this->_acl->has(new Zend_Acl_Resource($resource['id']))) {
$this->_acl->add(new Zend_Acl_Resource($resource['id']));
}
}
}
/**
* Get ACL lists
*
* @return Zend_Acl
*/
public function getAcl()
{
if (null === $this->_acl) {
$acl = new Zend_Acl();
$this->_loadAclClasses();
$acl->add(new Zend_Acl_Resource('page'))->addRole(new Brightfame_Acl_Role_Guest())->addRole(new Brightfame_Acl_Role_Member(), 'guest')->addRole(new Brightfame_Acl_Role_Administrator(), 'member')->deny()->allow('guest', 'page', array('view'))->allow('member', 'page', array('comment'))->allow('administrator', 'page', array('add', 'edit', 'delete', 'buildindex'));
$this->_acl = $acl;
}
return $this->_acl;
}
public function testGetSelectAclIntegration()
{
// Test ItemTable::getSelect() when the ACL is not available.
$this->assertEquals("SELECT items.* FROM omeka_items AS items", (string) $this->table->getSelect());
// Test ItemTable::getSelect() when the ACL is available.
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource('Items'));
$acl->deny(null, 'Items', 'showNotPublic');
Zend_Registry::get('bootstrap')->getContainer()->acl = $acl;
$this->assertContains("WHERE (items.public = 1)", (string) $this->table->getSelect());
}
/**
* Deny access to this role for a particular permissible object (or globally)
*
* @param string permission to deny
* @param QFrame_Permissible (optional) permissible object to deny access to
*/
public function deny($permission, QFrame_Permissible $permissible = null)
{
$resource = $permissible === null ? "GLOBAL" : $permissible->getPermissionID();
if (!$this->acl->hasRole($permission)) {
$this->acl->addRole(new Zend_Acl_Role($permission));
}
if (!$this->acl->has($resource)) {
$this->acl->add(new Zend_Acl_Resource($resource));
}
$this->acl->deny($permission, $resource);
}
public function __construct()
{
$acl = new Zend_Acl();
//roles
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'));
//resources
$acl->add(new Zend_Acl_Resource('users'));
$acl->add(new Zend_Acl_Resource('index'));
//permissions
$acl->deny();
$acl->allow('admin', null);
//Guest rights
$acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
$acl->allow('guest', 'index');
//User rights
$acl->allow('user', 'users', array('logout'));
$acl->deny('user', 'users', array('login', 'registration'));
Zend_Registry::set('acl', $acl);
}
public static function initAcl()
{
self::$_auth = Lms_MultiAuth::getInstance();
$cookieManager = new Lms_CookieManager(self::$_config['auth']['cookie']['key']);
$authStorage = new Lms_Auth_Storage_Cookie($cookieManager, self::$_config['auth']['cookie']);
self::$_auth->setStorage($authStorage);
self::$_acl = new Zend_Acl();
self::$_acl->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('user'), 'guest')->addRole(new Zend_Acl_Role('moder'), 'user')->addRole(new Zend_Acl_Role('admin'));
self::$_acl->add(new Zend_Acl_Resource('film'))->add(new Zend_Acl_Resource('comment'))->add(new Zend_Acl_Resource('bookmark'))->add(new Zend_Acl_Resource('rating'))->add(new Zend_Acl_Resource('user'));
self::$_acl->allow('admin')->allow('moder', array('film', 'comment'))->allow('user', array('bookmark', 'rating', 'user'))->allow('user', array('comment'), 'post')->allow('guest', array('film'), 'view');
Lms_User::setAcl(self::$_acl);
self::$_user = Lms_User::getUser();
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// set up acl
$acl = new Zend_Acl();
// add the roles
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('administrator'), 'user');
// add the resources
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('error'));
$acl->add(new Zend_Acl_Resource('page'));
$acl->add(new Zend_Acl_Resource('menu'));
$acl->add(new Zend_Acl_Resource('menuitem'));
$acl->add(new Zend_Acl_Resource('user'));
$acl->add(new Zend_Acl_Resource('search'));
$acl->add(new Zend_Acl_Resource('feed'));
// set up the access rules
$acl->allow(null, array('index', 'error'));
// a guest can only read content and login
$acl->allow('guest', 'page', array('index', 'open'));
$acl->allow('guest', 'menu', array('render'));
$acl->allow('guest', 'user', array('login'));
$acl->allow('guest', 'search', array('index', 'search'));
$acl->allow('guest', 'feed');
// cms users can also work with content
$acl->allow('user', 'page', array('list', 'create', 'edit', 'delete'));
// administrators can do anything
$acl->allow('administrator', null);
// fetch the current user
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$identity = $auth->getIdentity();
$role = strtolower($identity->role);
} else {
$role = 'guest';
}
$controller = $request->controller;
$action = $request->action;
if (!$acl->isAllowed($role, $controller, $action)) {
if ($role == 'guest') {
$request->setControllerName('user');
$request->setActionName('login');
} else {
$request->setControllerName('error');
$request->setActionName('noauth');
}
}
}
/**
* check if specific roles are allowed to perform specific action on resource
* @param $roles (array)roles array
* @param $permissionName (integer)permission identifier
* @param $object (integer)object identifier
* @param $defaultDeniedMessage (boolean)should add a default access denied message to flash messanger
* @return boolean
*/
static function isAllowed($roles, $permissionName, $object = null, $defaultDeniedMessage = true)
{
$cache = Zend_Registry::get('cache_files');
$acl = new Zend_Acl();
#adding all the roles that user has
$tmpRoles = array();
foreach ($roles as $role) {
$acl->addRole(new Zend_Acl_Role($role->id));
array_push($tmpRoles, $role->id);
}
$select = self::getAclTable()->select()->where('role IN (?)', $tmpRoles);
#fetching permissions for specific object from database
#if no object is passed then we test for object 1 - faking site "section" permission
if (!$object) {
$object = 1;
}
$select->where('object = ?', (int) $object);
#resource for test
$acl->add(new Zend_Acl_Resource($object));
#caching
$permsAvailable = $cache->load(md5(UNIQUE_HASH . $select->__toString()));
if ($permsAvailable === false) {
$permsAvailable = array();
#TODO is there a more efficient way to do it instead of casting to array and then casting to object ?
$aclResources = self::getAclTable()->fetchAll($select)->toArray();
foreach ($aclResources as $aclResource) {
array_push($permsAvailable, (object) $aclResource);
}
$cache->save($permsAvailable, md5(UNIQUE_HASH . $select->__toString()), array('acl', 'user_data'));
}
#setting up permissions for roles
if ($permsAvailable) {
foreach ($permsAvailable as $perm) {
$acl->allow($perm->role, $perm->object, $perm->permission);
}
}
#admin has access to everything
#admin group has id of 2 in db
if (in_array(2, $tmpRoles)) {
$acl->allow(2);
}
#setting a role that will be used for testing and will inherit all the priviledges from parent roles
$acl->addRole(new Zend_Acl_Role('testedRole'), $tmpRoles);
#query acl
$result = $acl->isAllowed('testedRole', $object, $permissionName);
if (!$result && $defaultDeniedMessage) {
$messages = Zend_Controller_Action_HelperBroker::getStaticHelper('Messages');
$messages->errors = 'e_permission_too_low';
}
return $result;
}
public function kontrolAction()
{
$post = $this->getRequest()->getPost();
$db = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName("tbl_login")->setIdentityColumn("kullanici_adi")->setCredentialColumn("parola")->setIdentity($post['kullanici_adi'])->setCredential($post['parola']);
$session = new Zend_Session_Namespace('userSession');
$auth = Zend_Auth::getInstance();
try {
$result = $auth->authenticate($authAdapter);
$veri = $authAdapter->getResultRowObject();
if (!$result->isValid()) {
$session->hataMesaji = 'Hatalı Giriş Yaptınız';
$this->_redirect("/giris/index");
} else {
$session = new Zend_Session_Namespace('userSession');
$session->kullanici_id = $veri->id;
$grup_kodu = $veri->grup_kodu ? $veri->grup_kodu : "A";
$session->grup_kodu = $grup_kodu;
if ($grup_kodu != 'A') {
$acl = new Zend_Acl();
$role = new Zend_Acl_Role($grup_kodu);
$acl->addRole($role);
$tblacl = new TblYetki();
$grupHak = $tblacl->fetchAll("grup_kodu='" . $veri->grup_kodu . "'");
foreach ($grupHak as $gHak) {
if (!$acl->has(new Zend_Acl_Resource($gHak->controller))) {
$acl->add(new Zend_Acl_Resource($gHak->controller));
}
$acl->allow($gHak->grup_kodu, $gHak->controller, $gHak->action);
$session->acl = $acl;
}
} else {
$session->hataMesaji = 'Giriş Yaptınız';
$this->_redirect('/admin');
}
$session->hataMesaji = 'Giriş Yaptınız';
$this->_redirect("/kullanici/index");
}
} catch (Zend_Exception $e) {
echo $e->getMessage();
}
}
protected function _generateAcl()
{
//This would probably be pulled from a registry or something in an application
//hard coded here to an example ACL
//create the acl
$acl = new Zend_Acl();
//create playlist resource
$acl->add(new Zend_Acl_Resource('playlist'));
//Listen can view playlists
$acl->addRole(new Zend_Acl_Role('listener'));
$acl->allow('listener', 'playlist', 'view');
//DJ inherits from listener to view playlists, but can also play playlists
$acl->addRole(new Zend_Acl_Role('dj'), 'listener');
$acl->allow('dj', 'playlist', 'play');
//program manager inherits from DJ to view and play playlists but can also manage playlists
$acl->addRole(new Zend_Acl_Role('program manager'), 'dj');
$acl->allow('program manager', 'playlist', 'manage');
return $acl;
}
/**
* 设置ACL
*
*/
public function setAcl()
{
//定义角色
$acl = new Zend_Acl();
$roles = $this->getRoles();
foreach ($roles as $value) {
$acl->addRole(new Zend_Acl_Role($value['mod_name'] . '.' . $value['role_name']));
}
//添加资源
$resources = $this->getResources();
foreach ($resources as $value) {
$acl->add(new Zend_Acl_Resource($value['mod_name'] . '.' . $value['res_name']));
}
foreach ($this->_getRules() as $rule) {
$roleName = "{$rule['mod_name']}.{$rule['role_name']}";
$resName = "{$rule['mod_name']}.{$rule['res_name']}";
$method = $rule['permit'] == 1 ? 'allow' : 'deny';
$acl->{$method}($roleName, $resName, $rule['priv_name']);
}
return $acl;
}
/**
* Инициализация пользовательской сессии
*
* @return array
*/
public function init()
{
$this->_bootstrap->bootstrap('Usersession');
$this->_bootstrap->bootstrap('View');
$acl = new Zend_Acl();
$role = $this->_bootstrap->Usersession->UserData['roleid'];
$acl->addRole(new Zend_Acl_Role($role));
$db = $this->_bootstrap->Db;
$select = $db->select()->from('pw_mvc_resources', new Zend_Db_Expr('DISTINCT module,controller'));
foreach ($db->fetchAll($select) as $row) {
$acl->add(new Zend_Acl_Resource(join(':', $row)));
}
foreach ($this->_bootstrap->Usersession->UserData['acl']['mvc'] as $modulename => $moduledata) {
foreach ($moduledata as $controllername => $controllerdata) {
$acl->allow($role, $modulename . ":" . $controllername, array_keys($controllerdata));
}
}
Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
Zend_View_Helper_Navigation_HelperAbstract::setDefaultRole($role);
$navigation = $this->_bootstrap->View->navigation();
$dir = APPLICATION_PATH . '/configs/navigation/';
if (is_dir($dir)) {
$handle = opendir($dir);
while ($module = readdir($handle)) {
if (is_dir($dir . $module) && !in_array($module, array('.', '..'))) {
$files = opendir($dir . $module);
while ($file = readdir($files)) {
if (preg_match('#^([^\\.]+)\\.xml$#iu', $file, $fileinfo)) {
$container = new Zend_Navigation(new Zend_Config_Xml($dir . $module . '/' . $file));
$this->_containers[$module][$fileinfo[1]] = array('menu' => $navigation->menu($container)->render(), 'breadcrumbs' => $navigation->breadcrumbs($container)->render());
}
}
closedir($files);
}
}
closedir($handle);
}
$this->_bootstrap->View->assign('Navigation', $this->_containers);
return $this->_containers;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
parent::preDispatch($request);
$acl = new Zend_Acl();
//adding Roles
$acl->addRole(new Zend_Acl_Role(""))->addRole(new Zend_Acl_Role("guest"), "")->addRole(new Zend_Acl_role("user"), "guest")->addRole(new Zend_Acl_role("admin"), "user");
//Adding Resources
$acl->add(new Zend_Acl_Resource("default"))->add(new Zend_Acl_Resource("admin"))->add(new Zend_Acl_Resource("user"))->add(new Zend_Acl_Resource("error"));
//set up access a roles
$acl->allow(null, array("error", "error"));
//set up access a Guest
$acl->allow("guest", "default");
//access a user
$acl->allow("user", "default");
$acl->allow('user', 'user');
//access of admistrator
$acl->allow('admin', null);
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$identity = $auth->getIdentity();
$role = strtolower($identity->role);
} else {
$role = 'guest';
}
$module = $request->module;
$controller = $request->controller;
$action = $request->action;
if (!$acl->isAllowed($role, $module, $controller, $action)) {
if ($role == 'guest' or $role === "") {
$request->setModuleName('default');
$request->setControllerName('usuario');
$request->setActionName('index');
} else {
$request->setModuleName('default');
$request->setControllerName("error");
$request->setActionName("noauth");
}
}
}
/**
* pobranie obiektu ACL
*
* @return Zend_Acl
*
*/
public function _getAcl()
{
if ($this->_acl !== null) {
return $this->_acl;
}
$cache = Zend_Registry::get('cache');
$cache_name = 'cms_acl_roles';
if ($this->_config->mode != 'staging' && ($this->_acl = $cache->load($cache_name)) !== false) {
return $this->_acl;
}
$acl = new Zend_Acl();
$select = $this->_db->select()->from('cms_privileges')->order('privilege_name');
$result = $this->_db->fetchAll($select);
foreach ($result as $privilege) {
$privilegeArray[$privilege['privilege_name']] = (int) $privilege['privilege_value'];
}
$select = $this->_db->select()->from('cms_role')->order('role_name');
$result = $this->_db->fetchAll($select);
foreach ($result as $role) {
$acl->addRole(new Zend_Acl_Role($role['role_code']));
$module_select = $this->_db->select()->from('cms_role_privileges')->where('role_id = ?', (int) $role['role_id'])->order('module_code');
$module_result = $this->_db->fetchAll($module_select);
foreach ($module_result as $resource) {
$this->_tmp_resource_acl = (int) $resource['acl'];
if (!$acl->has($resource['module_code'])) {
// module-privilege == name np. firm-access, firm-edit
$acl->add(new Zend_Acl_Resource($resource['module_code']));
}
$p = array_keys(array_filter($privilegeArray, array($this, "_getPrivileges")));
$acl->allow($role['role_code'], $resource['module_code'], $p ? $p : array('nop'));
}
}
$cache->save($acl, $cache_name, array('cms', 'cms_acl'), null);
$this->_acl = $acl;
return $this->_acl;
}
/**
* Check if the ACL allows accessing the function or method
*
* @param string|object $object Object or class being accessed
* @param string $function Function or method being accessed
* @return unknown_type
*/
protected function _checkAcl($object, $function)
{
if (!$this->_acl) {
return true;
}
if ($object) {
$class = is_object($object) ? get_class($object) : $object;
if (!$this->_acl->has($class)) {
require_once 'Zend/Acl/Resource.php';
$this->_acl->add(new Zend_Acl_Resource($class));
}
$call = array($object, "initAcl");
if (is_callable($call) && !call_user_func($call, $this->_acl)) {
// if initAcl returns false, no ACL check
return true;
}
} else {
$class = null;
}
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$role = $auth->getIdentity()->role;
} else {
if ($this->_acl->hasRole(Zend_Amf_Constants::GUEST_ROLE)) {
$role = Zend_Amf_Constants::GUEST_ROLE;
} else {
require_once 'Zend/Amf/Server/Exception.php';
throw new Zend_Amf_Server_Exception("Unauthenticated access not allowed");
}
}
if ($this->_acl->isAllowed($role, $class, $function)) {
return true;
} else {
require_once 'Zend/Amf/Server/Exception.php';
throw new Zend_Amf_Server_Exception("Access not allowed");
}
}
