Exemplo n.º 1
0
 public function init()
 {
     $acl = new Zend_Acl();
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_USER, OpenSKOS_Db_Table_Users::USER_ROLE_GUEST);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, OpenSKOS_Db_Table_Users::USER_ROLE_USER);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR);
     $acl->addRole(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR);
     $acl->addResource('website');
     $acl->addResource('editor');
     $acl->addResource('editor.concepts', 'editor');
     $acl->addResource('editor.concept-schemes', 'editor');
     $acl->addResource('editor.institution', 'editor');
     $acl->addResource('editor.collections', 'editor');
     $acl->addResource('editor.delete-all-concepts-in-collection', 'editor');
     $acl->addResource('editor.users', 'editor');
     $acl->addResource('editor.jobs', 'editor');
     $acl->addResource('editor.manage-search-profiles', 'editor');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_GUEST, 'website', 'view');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor', 'view');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_USER, 'editor.concepts', 'view');
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_EDITOR, 'editor.concepts', array('propose'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concepts', array('full-create', 'edit', 'delete', 'bulk-status-edit'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.concept-schemes', array('index', 'create', 'edit', 'delete', 'manage-icons'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.institution', null);
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.collections', array('index', 'manage'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.users', array('index', 'manage'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.jobs', array('index', 'manage'));
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ADMINISTRATOR, 'editor.manage-search-profiles', null);
     $acl->allow(OpenSKOS_Db_Table_Users::USER_ROLE_ROOT, 'editor.delete-all-concepts-in-collection', null);
     Zend_Registry::set(self::REGISTRY_KEY, $acl);
     //store the ACL for the view:
     Zend_View_Helper_Navigation_HelperAbstract::setDefaultAcl($acl);
 }
Exemplo n.º 2
0
Arquivo: Acl.php Projeto: kminkov/Blog
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role(Model_Role::GUEST));
     $acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST);
     $acl->addResource(new Zend_Acl_Resource('admin'));
     $acl->addResource(new Zend_Acl_Resource('blog'));
     $acl->addResource(new Zend_Acl_Resource('error'));
     $acl->addResource(new Zend_Acl_Resource('index'));
     $acl->allow(Model_Role::GUEST, 'blog');
     $acl->allow(Model_Role::GUEST, 'error');
     $acl->allow(Model_Role::GUEST, 'index');
     $acl->allow(Model_Role::GUEST, 'admin', array('login'));
     $acl->allow(Model_Role::ADMIN, 'admin');
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity()) {
         $user = new Model_User($auth->getIdentity());
         $role = $user->role_id;
     } else {
         $role = Model_Role::GUEST;
     }
     $resource = $request->getControllerName();
     $privilege = $request->getActionName();
     if (!$acl->isAllowed($role, $resource, $privilege)) {
         $this->_request->setControllerName('admin')->setActionName('login');
         $this->_response->setRedirect('/admin/login/');
     }
 }
Exemplo n.º 3
0
 protected function _setupResources()
 {
     $this->_acl->addResource(new Zend_Acl_Resource('home_auth', array('index', 'login', 'logout', 'register')));
     $this->_acl->addResource(new Zend_Acl_Resource('home_error', array('index', 'error', 'forbidden')));
     $this->_acl->addResource(new Zend_Acl_Resource('home_index', array('index', 'add', 'edit', 'delete')));
     $this->_acl->addResource(new Zend_Acl_Resource('admin_index', array('index', 'add', 'edit', 'delete')));
 }
Exemplo n.º 4
0
 protected function _setupResources()
 {
     $resources = $this->ca->getResources();
     foreach ($resources as $resource) {
         $this->_acl->addResource(new Zend_Acl_Resource($resource['controller']));
     }
 }
Exemplo n.º 5
0
 public function testShouldAllowAccessForCorrectRole()
 {
     $request = $this->request->setModuleName('admin')->setControllerName('index')->setActionName('index');
     $this->acl->addResource('admin_index');
     $this->acl->allow(Acl::ROLE_GUEST, 'admin_index');
     $plugin = new Acl($this->acl);
     $plugin->setRequest($this->request);
     $plugin->preDispatch();
     $this->assertEquals('admin', $this->request->getModuleName());
     $this->assertEquals('index', $this->request->getControllerName());
     $this->assertEquals('index', $this->request->getActionName());
 }
Exemplo n.º 6
0
 protected function _setupResources()
 {
     //declara os controllers da aplicacao
     $this->_acl->addResource(new Zend_Acl_Resource('index'));
     $this->_acl->addResource(new Zend_Acl_Resource('error'));
     $this->_acl->addResource(new Zend_Acl_Resource('log'));
     $this->_acl->addResource(new Zend_Acl_Resource('relatorios'));
     $this->_acl->addResource(new Zend_Acl_Resource('usuarios'));
     $this->_acl->addResource(new Zend_Acl_Resource('oriente'));
     $this->_acl->addResource(new Zend_Acl_Resource('obreiro'));
     $this->_acl->addResource(new Zend_Acl_Resource('loja'));
     $this->_acl->addResource(new Zend_Acl_Resource('selos'));
 }
 /**
  * 
  */
 public function buildAcl()
 {
     if (is_null($this->acl)) {
         $this->acl = new Zend_Acl();
     }
     $this->acl->removeAll();
     $permissions = $this->getPermissionList();
     $resources = $this->getResourceList();
     $resourceParents = $this->getResourceParentList();
     $roles = $this->getRoleList();
     $roleParents = $this->getRoleParentList();
     $rolesTmp = array();
     foreach ($roles as $role) {
         $roleId = $role['role_id'];
         $roleName = $role['role_name'];
         $rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array());
         $rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId));
     }
     foreach ($roleParents as $roleParent) {
         $roleId = $roleParent['role_id'];
         $roleIdParent = $roleParent['role_id_parent'];
         $rolesTmp[$roleId]['parents'][] = $roleIdParent;
     }
     foreach ($rolesTmp as $role) {
         $this->acl->addRole($role['name'], $role['parents']);
     }
     #echo '<pre>';
     $resourcesTmp = array();
     foreach ($resources as $resource) {
         $resourceId = $resource['resource_id'];
         $resourceName = $resource['resource_name'];
         $resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null);
         $resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId);
     }
     foreach ($resourceParents as $resourceParent) {
         $resourceId = $resourceParent['resource_id'];
         $resourceIdParent = $resourceParent['resource_id_parent'];
         $resourcesTmp[$resourceId]['parent'] = $resourceIdParent;
     }
     foreach ($resourcesTmp as $resource) {
         $this->acl->addResource($resource['name'], $resource['parent']);
     }
     foreach ($permissions as $permission) {
         if (empty($permission['allowed'])) {
             $this->acl->deny($permission['role_id'], $permission['resource_id']);
         } else {
             $this->acl->allow($permission['role_id'], $permission['resource_id']);
         }
     }
 }
Exemplo n.º 8
0
 protected function _setupResources()
 {
     $this->_acl->addResource(new Zend_Acl_Resource('auth'));
     $this->_acl->addResource(new Zend_Acl_Resource('index'));
     $this->_acl->addResource(new Zend_Acl_Resource('encontre'));
     $this->_acl->addResource(new Zend_Acl_Resource('buscar'));
     $this->_acl->addResource(new Zend_Acl_Resource('error'));
     $this->_acl->addResource(new Zend_Acl_Resource('cadastro'));
     $this->_acl->addResource(new Zend_Acl_Resource('perfil'));
     $this->_acl->addResource(new Zend_Acl_Resource('admin'));
 }
Exemplo n.º 9
0
Arquivo: Acl.php Projeto: Roave/issues
 /**
  * @return void
  */
 public function addResource($obj)
 {
     if (!is_object($obj) || $this->_acl->has($obj)) {
         return false;
     }
     $nameParts = explode('_', strtolower(get_class($obj)));
     $simpleName = array_pop($nameParts);
     if (!$this->_acl->has($simpleName)) {
         $this->_acl->addResource(new Zend_Acl_Resource($simpleName));
     }
     $this->_acl->addResource($obj->getResourceId(), $simpleName);
     if ($obj->isPrivate()) {
         $this->_acl->deny(null, $obj->getResourceId(), null, new Default_Model_Acl_HasPermissionAssertion());
     }
     return true;
 }
Exemplo n.º 10
0
Arquivo: Acl.php Projeto: abdala/la
 protected function _getAcl()
 {
     $acl = false;
     if (Zend_Registry::isRegistered('cache')) {
         $cache = Zend_Registry::get('cache');
         $acl = $cache->load('acl');
     }
     if (!$acl) {
         $acl = new Zend_Acl();
         $role = new Auth_Model_DbTable_Role();
         $resource = new Auth_Model_DbTable_Resource();
         $roleResource = new Auth_Model_DbTable_RoleResource();
         $roles = $role->fetchAll("name <> 'Todos'");
         $resources = $resource->getDistinctModules();
         $relations = $roleResource->fetchAllRelations();
         $acl->addRole('Todos');
         foreach ($roles as $role) {
             $acl->addRole($role['name'], 'Todos');
         }
         foreach ($resources as $resource) {
             $acl->addResource($resource['module']);
         }
         foreach ($relations as $relation) {
             $acl->allow($relation['name'], $relation['module'], $relation['privilege']);
         }
         if (Zend_Registry::isRegistered('cache')) {
             $cache->save($acl, 'acl');
         }
     }
     Zend_Registry::set('acl', $acl);
     return $acl;
 }
Exemplo n.º 11
0
 /**
  * Get acl for role
  *
  * @param Zend_Acl_Role_Interface $role
  * @return Zend_Acl
  */
 public function getAcl(Zend_Acl_Role_Interface $role)
 {
     if (isset($this->cache[$role->getRoleId()])) {
         return $this->cache[$role->getRoleId()];
     }
     $acl = new Zend_Acl();
     // set resources
     $resources = $this->getResources();
     foreach (array_keys($resources) as $resource) {
         $acl->addResource($resource);
     }
     // get role parents if possible
     $method = self::PARENTS_METHOD;
     $parents = NULL;
     if (method_exists($role, $method)) {
         foreach ($role->{$method}() as $parent) {
             $parents[] = $parent;
             $acl->addRole($parent);
             $this->addRules($acl, $parent);
         }
     }
     // set role
     $acl->addRole($role, $parents);
     $this->addRules($acl, $role);
     return $this->cache[$role->getRoleId()] = $acl;
 }
Exemplo n.º 12
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $acl = new Zend_Acl();
     $acl->addResource("page");
     $acl->addResource("forum");
     $acl->addResource("catalog");
     $acl->addRole("administrator");
     $acl->addRole("moderator");
     $acl->allow("administrator");
     $acl->deny("moderator");
     $acl->allow("moderator", "forum", array("answer", "edit-own"));
     Zend_Registry::set('acl', $acl);
     if (!Zend_Auth::getInstance()->hasIdentity()) {
         $request->setControllerName('index')->setActionName('login');
     }
 }
Exemplo n.º 13
0
    /**
     * @group ZF-9643
     */
    public function testRemoveDenyWithNullResourceAppliesToAllResources()
    {
        $this->_acl->addRole('guest');
        $this->_acl->addResource('blogpost');
        $this->_acl->addResource('newsletter');
        
        $this->_acl->allow();
        $this->_acl->deny('guest', 'blogpost', 'read');
        $this->_acl->deny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));

        $this->_acl->removeDeny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        $this->_acl->removeDeny('guest', null, 'read');
        $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        // ensure deny null/all resources works
        $this->_acl->deny('guest', null, 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
    }
Exemplo n.º 14
0
 /**
  * @group 4226
  */
 public function testAllowNullPermissionAfterResourcesExistShouldAllowAllPermissionsForRole()
 {
     $this->_acl->addRole('admin');
     $this->_acl->addResource('newsletter');
     $this->_acl->allow('admin');
     $this->assertTrue($this->_acl->isAllowed('admin'));
 }
Exemplo n.º 15
0
Arquivo: Acl.php Projeto: kyfr59/cg35
 public function getAcl()
 {
     $acl = new Zend_Acl();
     // Add roles.
     $acl->addRole('super');
     // Admins inherit privileges from super users.
     $acl->addRole('admin', 'super');
     $acl->addRole('researcher');
     // Contributors inherit privileges from researchers.
     $acl->addRole('contributor', 'researcher');
     // Add resources, corresponding to Omeka controllers.
     $resources = array('Items', 'Collections', 'ElementSets', 'Files', 'Plugins', 'Settings', 'Security', 'Upgrade', 'Tags', 'Themes', 'SystemInfo', 'ItemTypes', 'Users', 'Search', 'Appearance', 'Elements');
     foreach ($resources as $resource) {
         $acl->addResource($resource);
     }
     // Define allow rules for everyone.
     // Everyone can view and browse these resources.
     $acl->allow(null, array('Items', 'ItemTypes', 'Tags', 'Collections', 'Search', 'ElementSets', 'Elements'), array('index', 'browse', 'show', 'home', 'print-cart'));
     // Everyone can view an item's tags and use the item search.
     $acl->allow(null, array('Items'), array('tags', 'search'));
     // Everyone can view files.
     $acl->allow(null, 'Files', 'show');
     // Non-authenticated users can access the upgrade script, for logistical reasons.
     $acl->allow(null, 'Upgrade');
     // Deny privileges from admin users
     $acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo', 'Appearance'));
     // Assert ownership for certain privileges.
     // Owners can edit and delete items and collections.
     $acl->allow(null, array('Items', 'Collections'), array('edit', 'delete'), new Omeka_Acl_Assert_Ownership());
     // Owners can edit files.
     $acl->allow(null, 'Files', 'edit', new Omeka_Acl_Assert_Ownership());
     // Define allow rules for specific roles.
     // Super users have full privileges.
     $acl->allow('super');
     // Researchers can view and search items and collections that are not public.
     $acl->allow('researcher', array('Items', 'Collections', 'Search'), 'showNotPublic');
     // Contributors can add and tag items, edit or delete their own items, and see
     // their items that are not public.
     $acl->allow('contributor', 'Items', array('add', 'tag', 'batch-edit', 'batch-edit-save', 'change-type', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
     // Contributors can edit their own files.
     $acl->allow('contributor', 'Files', 'editSelf');
     // Contributors have access to tag autocomplete.
     $acl->allow('contributor', 'Tags', array('autocomplete'));
     // Contributors can add collections, edit or delete their own collections, and
     // see their collections that are not public.
     $acl->allow('contributor', 'Collections', array('add', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
     $acl->allow('contributor', 'Elements', 'element-form');
     // Define deny rules.
     // Deny admins from accessing some resources allowed to super users.
     $acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo'));
     // Deny admins from deleting item types and item type elements.
     $acl->deny('admin', 'ItemTypes', array('delete', 'delete-element'));
     // Deny Users to admins since they normally have all the super permissions.
     $acl->deny(null, 'Users');
     $acl->allow(array('super', 'admin', 'contributor', 'researcher'), 'Users', null, new Omeka_Acl_Assert_User());
     // Always allow users to login, logout and send forgot-password notifications.
     $acl->allow(array(null, 'admin'), 'Users', array('login', 'logout', 'forgot-password', 'activate'));
     return $acl;
 }
Exemplo n.º 16
0
 public function testSetRuleWorksWithResourceInterface()
 {
     $roleGuest = new Role\GenericRole('guest');
     $this->_acl->addRole($roleGuest);
     $resourceFoo = new Resource\GenericResource('foo');
     $this->_acl->addResource($resourceFoo);
     $this->_acl->setRule(Acl\Acl::OP_ADD, Acl\Acl::TYPE_ALLOW, $roleGuest, $resourceFoo);
 }
Exemplo n.º 17
0
 /**
  * @group ZF-8468
  */
 public function testgetResources()
 {
     $this->assertEquals(array(), $this->_acl->getResources());
     $this->_acl->addResource(new Resource\GenericResource('someResource'));
     $this->_acl->addResource(new Resource\GenericResource('someOtherResource'));
     $expected = array('someResource', 'someOtherResource');
     $this->assertEquals($expected, $this->_acl->getResources());
 }
Exemplo n.º 18
0
 /**
  * Return the acl under test
  *
  * @return Zend_Acl
  */
 protected function getAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('guest'));
     $acl->addRole(new Zend_Acl_Role('user'));
     $acl->addResource('foo');
     $acl->allow('user', 'foo');
     return $acl;
 }
Exemplo n.º 19
0
 protected function _initDoctype()
 {
     date_default_timezone_set('Asia/Jerusalem');
     $this->bootstrap('view');
     $view = $this->getResource('view');
     $view->doctype('HTML5');
     $view->addHelperPath('../application/views/helpers/', 'Application_View_Helper');
     $lang_sess = new Zend_Session_Namespace('lang');
     $lang = 'he';
     if (isset($lang_sess->lang)) {
         $lang = $lang_sess->lang;
     }
     if (isset($_GET['lang'])) {
         $lang_sess->lang = $_GET['lang'];
         $lang = $lang_sess->lang;
     }
     $translate = new Zend_Translate(array('adapter' => 'csv', 'content' => '../lang/' . $lang . '.csv', 'locale' => $lang));
     $view->lang = $translate;
     Zend_Registry::set('lang', $translate);
     /**Permissions**/
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('admin'), 'user');
     $acl->addResource(new Zend_Acl_Resource('groups'));
     $acl->addResource(new Zend_Acl_Resource('students'));
     $acl->addResource(new Zend_Acl_Resource('fields'));
     $acl->addResource(new Zend_Acl_Resource('planning'));
     $acl->addResource(new Zend_Acl_Resource('documentation'));
     $acl->addResource(new Zend_Acl_Resource('managegroups'));
     $acl->addResource(new Zend_Acl_Resource('managestudents'));
     $acl->addResource(new Zend_Acl_Resource('manage fields'));
     $acl->addResource(new Zend_Acl_Resource('manage goals and games'));
     $acl->addResource(new Zend_Acl_Resource('manage gans and users'));
     $acl->allow('user', 'groups', array('read', 'edit'));
     $acl->allow('user', 'students', array('read', 'edit'));
     $acl->allow('user', 'fields', array('read', 'edit'));
     $acl->allow('user', 'planning', array('read', 'edit'));
     $acl->allow('user', 'documentation', array('read', 'edit'));
     $acl->allow('user', 'managegroups', array('read', 'edit'));
     $acl->allow('user', 'managestudents', array('read', 'edit'));
     $acl->allow('admin');
     $view->acl = $acl;
     Zend_Registry::set('acl', $acl);
 }
Exemplo n.º 20
0
 protected function _initAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_GUEST));
     $acl->addRole(new Zend_Acl_Role(Core_Role::ROLE_USER), Core_Role::ROLE_GUEST);
     $acl->addResource('default:index');
     $acl->allow(Core_Role::ROLE_GUEST, 'default:index', 'index');
     $registry = Zend_Registry::getInstance();
     $registry->set('acl', $acl);
 }
Exemplo n.º 21
0
 /**
  * Inicializa a ACL juntamente com as permissões.
  *
  * @author  Alex Oliveira <*****@*****.**>
  * @version 1.0
  *
  * @return  Zend_Acl
  */
 protected static function init()
 {
     # instancia a ACL
     $acl = new Zend_Acl();
     # adiciona recursos disponíveis na ACL # trocar null pelo tipo de permissão {publica, protegida, privada}
     foreach (self::resources() as $controller => $actions) {
         $acl->addResource(new Zend_Acl_Resource($controller))->allow(null, $controller, $actions);
     }
     # retorna uma instância da acl
     return $acl;
 }
Exemplo n.º 22
0
 protected function _loadResources()
 {
     $resources = Auth_Model_ResourceMapper::getInstance()->fetchAll(array(), array('r.parent_id ASC'));
     /* @var $resource Auth_Model_Resource */
     foreach ($resources as $resource) {
         if ($resource->get_parent_id() > 0) {
             $this->_acl->addResource($resource->get_code(), $resources[$role->get_parent_id()]);
         } else {
             $this->_acl->addResource($resource->get_code());
         }
     }
 }
Exemplo n.º 23
0
Arquivo: Acl.php Projeto: kandy/system
 protected function _registerResource($resourceName)
 {
     $parentRole = null;
     $currentResourceName = '';
     foreach (explode('.', $resourceName) as $resourceNamePart) {
         $currentResourceName = trim($currentResourceName . '.' . $resourceNamePart, '.');
         if (!$this->_acl->has($currentResourceName)) {
             $this->_acl->addResource($currentResourceName, $parentRole);
         }
         $parentRole = $this->_acl->get($currentResourceName);
     }
 }
Exemplo n.º 24
0
 /**
  * @group ZF-10649
  */
 public function testAllowAndDenyWithNullForResourcesWillApplyToAllResources()
 {
     $this->_acl->addRole('guest');
     $this->_acl->addResource('blogpost');
     $this->_acl->allow('guest');
     $this->assertTrue($this->_acl->isAllowed('guest'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
     $this->_acl->deny('guest');
     $this->assertFalse($this->_acl->isAllowed('guest'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
 }
Exemplo n.º 25
0
 protected function _setupResources()
 {
     $this->_acl->addResource(new Zend_Acl_Resource('login'));
     $this->_acl->addResource(new Zend_Acl_Resource('upload'));
     $this->_acl->addResource(new Zend_Acl_Resource('error'));
     $this->_acl->addResource(new Zend_Acl_Resource('index'));
     $this->_acl->addResource(new Zend_Acl_Resource('usuarios'));
 }
Exemplo n.º 26
0
 public function _initAcl()
 {
     // Создаём объект Zend_Acl
     $acl = new Zend_Acl();
     // указываем, что у нас есть ресурс index
     $acl->addResource('index');
     // ресурс add является потомком ресурса index
     $acl->addResource('add', 'index');
     $acl->addResource('sites', 'index');
     $acl->addResource('maps', 'index');
     $acl->addResource('logs', 'index');
     $acl->addResource('admin', 'index');
     #        $acl->addResource('edit', 'index');
     #        $acl->addResource('delete', 'index');
     $acl->addResource('error');
     $acl->addResource('auth');
     $acl->addResource('login', 'auth');
     $acl->addResource('logout', 'auth');
     // далее переходим к созданию ролей, которых у нас 2:
     // гость (неавторизированный пользователь)
     $acl->addRole('guest');
     // администратор, который наследует доступ от гостя
     $acl->addRole('admin', 'guest');
     // разрешаем гостю просматривать ресурс index
     $acl->allow('guest', 'index', array('index'));
     // разрешаем гостю просматривать ресурс auth и его подресурсы
     $acl->allow('guest', 'auth', array('index', 'login', 'logout'));
     // даём администратору доступ к ресурсам 'add', 'edit' и 'delete'
     $acl->allow('admin', 'index', array('add', 'edit', 'delete'));
     // разрешаем администратору просматривать страницу ошибок
     $acl->allow('admin', 'error');
     #$fc = Zend_Controller_Front::getInstance();
     // регистрируем плагин с названием AccessCheck, в который передаём
     // на ACL и экземпляр Zend_Auth
     #$fc->registerPlugin(new Application_Plugin_AccessCheck($acl, Zend_Auth::getInstance()));
     $front = Zend_Controller_Front::getInstance();
     $front->registerPlugin(new Application_Plugin_Acl());
 }
Exemplo n.º 27
0
 protected function _initAcl()
 {
     $acl = new Zend_Acl();
     /*Default Resources*/
     $acl->addResource('default-index');
     $acl->addResource('default-auth');
     $acl->addResource('default-error');
     /*Admin Resources*/
     $acl->addResource('admin-index');
     /*Roles*/
     $acl->addRole('guest');
     $acl->addRole('user', 'guest');
     $acl->addRole('admin', 'user');
     /*Guest Access*/
     $acl->allow('guest', 'default-index', array('index', 'photos', 'video', 'episodes', 'crew', 'item'));
     $acl->allow('guest', 'default-auth', array('index', 'register', 'login', 'logout', 'social'));
     $acl->allow('guest', 'default-error', array('error'));
     /*User Access*/
     /*Admin Access*/
     $acl->allow('guest', 'admin-index', array('index'));
     $fc = Zend_Controller_Front::getInstance();
     $fc->registerPlugin(new Application_Plugin_AccessCheck($acl, Zend_Auth::getInstance()));
 }
Exemplo n.º 28
0
 private function _addResourceById(array $resources, $resourceId)
 {
     foreach ($resources as $resourceName => $properties) {
         $resourceName = strtolower($resourceName);
         // If the properties aren't set as an array, then we will consider
         // the value as the resource ID.
         if (!is_array($properties)) {
             $properties = array('id' => $properties);
         }
         $id = $properties['id'];
         $parent = null;
         $resource = null;
         $allowRules = array();
         $denyRules = array();
         if ($resourceName === 'all') {
             $id = 'all';
         }
         if (is_null($id) || empty($id)) {
             throw new Zend_Application_Resource_Exception(sprintf($this->_missingPropertyMessage, 'ID', 'resource', $resourceName));
         }
         if (isset($properties['parent']) && !empty($properties['parent'])) {
             $parent = $properties['parent'];
         }
         if (isset($properties['allow']) && !empty($properties['allow'])) {
             $allowRules = $properties['allow'];
         }
         if (isset($properties['deny']) && !empty($properties['deny'])) {
             $denyRules = $properties['deny'];
         }
         if ($id == $resourceId) {
             if ($this->_acl->has($resourceId)) {
                 return;
             }
             if (!is_null($parent)) {
                 if (!$this->_acl->has($parent)) {
                     $this->_addResourceById($resources, $parent);
                 }
             }
             if ($resourceId !== 'all') {
                 $resource = new Zend_Acl_Resource($resourceId);
                 $this->_acl->addResource($resource, $parent);
             }
             $this->_addRules(Zend_Acl::TYPE_ALLOW, $allowRules, $resource, $resourceName);
             $this->_addRules(Zend_Acl::TYPE_DENY, $denyRules, $resource, $resourceName);
             // Since we've finished adding the specified resource, let's break
             // from our loop.
             break;
         }
     }
 }
Exemplo n.º 29
0
 public function setUp()
 {
     $acl = new Zend_Acl();
     // Add resources and roles
     $acl->addResource('profile');
     $acl->addRole('admin');
     $acl->addRole('user');
     // Deny everything by default
     $acl->deny();
     // Admins can create and edit users but normal users are only
     // allowed to edit their own profile
     $acl->allow('admin', 'profile', array('create', 'read', 'update'));
     $acl->allow('user', 'profile', array('read', 'update'), new App_Acl_Assert_SameUser());
     $this->_acl = $acl;
 }
Exemplo n.º 30
0
 protected function _initAcl()
 {
     $this->bootstrap('frontController');
     $front = $this->getResource('frontController');
     $acl = new \Zend_Acl();
     $acl->deny();
     $acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST));
     $acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST);
     $aclConfig = new \Zend_Config_Ini(APPLICATION_PATH . '/configs/acl.ini');
     foreach ($aclConfig as $resourceName => $role) {
         $acl->addResource($resourceName);
         $acl->allow($role, $resourceName);
     }
     $front->registerPlugin(new Acl($acl));
 }