Exemplo n.º 1
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $this->_initAcl();
     if ($this->_auth->hasIdentity()) {
         $ident = $this->_auth->getIdentity();
         $date = new Zend_Date();
         $ident->last_login = $date->get(DATABASE_DATE_FORMAT);
         $ident->save();
     }
     if ($request->getControllerName() != 'admin' && $request->getModuleName() != 'admin') {
         return;
     }
     // if this is not admin skip the rest
     if (!$this->_auth->hasIdentity() && !($request->getControllerName() == 'auth' && $request->getActionName() == 'login' && $request->getModuleName() == 'admin')) {
         $redirect = new Zend_Controller_Action_Helper_Redirector();
         $redirect->gotoSimple('login', 'auth', 'admin');
     }
     if ($request->getModuleName() == 'user' && $request->getControllerName() == 'admin' && $request->getActionName() == 'profile') {
         return;
     }
     // the profile is a free resource
     $resource = $request->getModuleName() . '_' . $request->getControllerName();
     $hasResource = $this->_acl->has($resource);
     if ($hasResource && !$this->_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $request->getActionName())) {
         throw new FansubCMS_Exception_Denied('The user is not allowd to do this');
     }
 }
Exemplo n.º 2
0
 public function checkAccess(Zend_Controller_Request_Abstract $request)
 {
     $resource = new User_Model_Acl_Resource();
     $resource->getPrivileges($request);
     if (!$resource->privileges || !$resource->resource_id) {
         //error in getting resource privileges or nobody is allowed access, deny access and redirect to forbidden
         return false;
     }
     $acl = new Zend_Acl();
     $acl->add(new Zend_Acl_Resource($resource->resource_id));
     foreach ($resource->privileges as $key => $privilege) {
         if (!$acl->hasRole($privilege["role_id"])) {
             $acl->addRole(new Zend_Acl_Role($privilege["role_id"]));
             $acl->allow($privilege["role_id"], $resource->resource_id);
         }
     }
     $authorization = Zend_Auth::getInstance();
     if ($authorization->hasIdentity()) {
         $user = $authorization->getIdentity();
         if ($acl->hasRole($user['role_id']) && $acl->isAllowed($user['role_id'], $resource->resource_id)) {
             //role has access
             return true;
         }
         //user role does not have access to this resource
         return false;
     } else {
         $aclrole = new User_Model_Acl_Role();
         $aclrole->getDefaultRole();
         if (!$aclrole->default_role || !$acl->hasRole($aclrole->default_role) || !$acl->isAllowed($aclrole->default_role, $resource->resource_id)) {
             //redirect to login
             return false;
         }
     }
     return true;
 }
Exemplo n.º 3
0
 /**
  * Check the acl
  *
  * @param string $resource
  * @param string $privilege
  * @return boolean
  */
 public function isAllowed($resource = null, $privilege = null)
 {
     if (null === $this->_acl) {
         return null;
     }
     return $this->_acl->isAllowed($this->getIdentity(), $resource, $privilege);
 }
Exemplo n.º 4
0
 /**
  * Hook into action controller preDispatch() workflow
  *
  * @return void
  */
 public function preDispatch()
 {
     $role = Zend_Registry::get('config')->acl->defaultRole;
     if ($this->_auth->hasIdentity()) {
         $user = $this->_auth->getIdentity();
         if (is_object($user) && !empty($user->role)) {
             $role = $user->role;
         }
     }
     $request = $this->_action->getRequest();
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $module = $request->getModuleName();
     $this->_controllerName = $controller;
     $resource = $controller;
     $privilege = $action;
     if (!$this->_acl->has($resource)) {
         $resource = null;
     }
     if ($resource == 'error' && $privilege == 'error') {
         return;
     }
     if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
         $request->setModuleName('default')->setControllerName('auth')->setActionName('noaccess');
         $request->setDispatched(false);
         return;
     }
 }
Exemplo n.º 5
0
 /**
  * @param Zend_Controller_Request_Abstract $oHttpRequest
  */
 public function preDispatch(Zend_Controller_Request_Abstract $oHttpRequest)
 {
     $sControllerName = $oHttpRequest->getControllerName();
     $sActionName = $oHttpRequest->getActionName();
     $aRequestedParams = $oHttpRequest->getUserParams();
     $sQuery = '';
     unset($aRequestedParams['controller']);
     unset($aRequestedParams['action']);
     // Define user role
     if (Zend_Auth::getInstance()->hasIdentity()) {
         $aData = Zend_Auth::getInstance()->getStorage()->read();
         $sRole = $aData['role'];
     } else {
         // Default role
         $sRole = 'guest';
     }
     // Check access
     if (!$this->_oAcl->isAllowed($sRole, $sControllerName, $sActionName)) {
         $oHttpRequest->setParam('referer_controller', $sControllerName);
         $oHttpRequest->setParam('referer_action', $sActionName);
         $aParams = array();
         if (count($aRequestedParams)) {
             foreach ($aRequestedParams as $sKey => $sValue) {
                 $aParams[] = $sKey;
                 $aParams[] = $sValue;
             }
             $sQuery = implode('/', $aParams) . '/';
         }
         $oHttpRequest->setParam('query', $sQuery);
         $oHttpRequest->setControllerName('auth')->setActionName('login');
         $this->_response->setHttpResponseCode(401);
     }
 }
Exemplo n.º 6
0
 public function testDeniesProfileEditToNonAdmin()
 {
     $mapper = new Default_Model_Mapper_Mongo_UserMapper();
     $user = $mapper->findByUserName('foo');
     $profile = $mapper->findByUserName('admin');
     $b = $this->_acl->isAllowed($user, $profile, 'update');
     $this->assertFalse($b);
 }
Exemplo n.º 7
0
 public function isAllowed($resource = null, $privilege = null, $role = null)
 {
     // Default business rule to return null instead of throwing exceptions for non-known resources
     if (!$this->_acl->has($resource)) {
         $resource = null;
     }
     return $this->_acl->isAllowed($resource, $privilege, $role);
 }
Exemplo n.º 8
0
 protected function _isAuthorized($resource, $action)
 {
     $user = $this->_auth->hasIdentity() ? $this->_auth->getIdentity() : 'guest';
     if (!$this->_acl->has($resource) || !$this->_acl->isAllowed($user, $resource, $action)) {
         return false;
     }
     return true;
 }
Exemplo n.º 9
0
 protected function _isAuthorized($controller, $action)
 {
     $this->_acl = Zend_Registry::get('acl');
     $user = $this->_auth->getIdentity();
     if (!$this->_acl->has($controller) || !$this->_acl->isAllowed($user, $controller, $action)) {
         return false;
     }
     return true;
 }
Exemplo n.º 10
0
 /**
  * 是否有权限
  * 
  * @param string $action
  * @param string $controller
  * @param string $module
  * @param array $params
  * @return boolean
  */
 public function isAllowed($action, $controller, $module, $params = array())
 {
     $resource = ZtChart_Model_Acl_Resource::parsePageMvc($action, $controller, $module);
     if (!$this->_acl->has($resource)) {
         return true;
     } else {
         return $this->_acl->isAllowed($this->_role(), $resource, $this->_privileges());
     }
 }
Exemplo n.º 11
0
 /**
  * Checks if user has the right to do privilege on resource
  * 
  * @param Zend_Acl_Resource $resource
  * @param string $privilege
  * @return boolean
  */
 public function isAllowed($resource, $privilege)
 {
     if (empty(self::$_acl)) {
         self::$_acl = Zend_Registry::get('Zend_Acl');
     }
     if (!self::$_acl->has($resource)) {
         return true;
     }
     return self::$_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $privilege);
 }
 /**
  * Grant access if the user owns the record or the parent exhibit.
  */
 public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
 {
     $allPriv = $privilege . 'All';
     $selfPriv = $privilege . 'Self';
     if (!$role instanceof User) {
         return false;
     } else {
         $allowedAll = $acl->isAllowed($role, $resource, $allPriv);
         $allowedSelf = $acl->isAllowed($role, $resource, $selfPriv);
         $ownsRecord = $this->_userOwnsRecord($role, $resource);
         return $allowedAll || $allowedSelf && $ownsRecord;
     }
 }
Exemplo n.º 13
0
 /**
  *(non-PHPdoc)
  *
  * @see Zend_Controller_Plugin_Abstract::preDispatch()
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     /**
      * Recupera a identidade do usuario logado
      *
      * @var Array
      */
     $role = $this->auth->getIdentity();
     /**
      * Recursos que se deseja acesso
      *
      * @var String
      */
     $resource = $this->getRequest()->getModuleName();
     /**
      * Ação permitida dentro de um resource
      *
      * @var String
      */
     $action = $this->getRequest()->getModuleName() != 'admin' && $this->getRequest()->getModuleName() != 'sac' ? null : $this->getRequest()->getControllerName();
     // Verificação condicional para os controllers e actions de upload
     if (!($request->getActionName() == 'upload' || $request->getControllerName() == 'upload')) {
         // Verifica se ha lixo na autenticacao
         if (!is_array($role)) {
             // Parametros
             $params = array();
             // Destroi qualquer instancia de autenticacao
             $this->auth->clearIdentity();
             // Altera a rota de destino
             $request->setModuleName('admin')->setControllerName('login')->setActionName('index');
             return;
         }
         // Verifica se o recurso existe e se o usuario logado tem acesso
         if (!$this->acl->has($resource) || !$this->acl->isAllowed($role['usuario'], $resource, $action)) {
             // Parametros
             $params = array();
             // Redireciona para o controller de login
             if ($role['usuario'] != 'visitante') {
                 $params['erro'] = 'Você não possui permissão de acesso a este recurso.';
                 $request->setModuleName('admin')->setControllerName('index')->setActionName('index')->setParams($params);
             } else {
                 if ($this->getRequest()->getModuleName() == "sac") {
                     $request->setModuleName('sac')->setControllerName('login')->setActionName('index')->setParams($params);
                 } else {
                     $request->setModuleName('admin')->setControllerName('login')->setActionName('index')->setParams($params);
                 }
             }
             return;
         }
     }
 }
Exemplo n.º 14
0
 /**
  * Called before an action is dispatched by Zend_Controller_Dispatcher.
  *
  * This callback allows for proxy or filter behavior.  By altering the
  * request and resetting its dispatched flag (via
  * {@link Zend_Controller_Request_Abstract::setDispatched() setDispatched(false)}),
  * the current action may be skipped.
  *
  * @param  Zend_Controller_Request_Abstract $request
  * @return void
  */
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     // reset role & resource
     Zend_Registry::set('Role', 'guest');
     Zend_Registry::set('Resource', '');
     // check if ErrorHandler wasn't fired
     if ($request->getParam('error_handler')) {
         return;
     }
     $module = $request->getModuleName();
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $pathInfo = $request->getPathInfo();
     $allow = false;
     if ($this->_auth->hasIdentity()) {
         $userId = $this->_auth->getIdentity();
         $roleId = $this->_auth->getRoleId();
         $rolesList = $this->_em->find('Roles', $roleId);
         $roleName = $rolesList->getRoleName();
         $role = new Zend_Acl_Role($roleName);
     } else {
         $roleName = 'guest';
         $role = new Zend_Acl_Role($roleName);
     }
     $resource = $action == '' ? trim($controller) . '/index' : trim($controller) . '/' . trim($action);
     $resource = $module == 'default' ? $resource : $module . "/" . $resource;
     // on main page resource might be empty
     if ($resource == '') {
         $resource = 'index/index';
     }
     // if resource not exist in db then check permission for controller
     if (!$this->_acl->has($resource) && $action != '') {
         $resource = trim($controller);
     }
     // check if user is allowed to see the page
     $allow = $this->_acl->isAllowed($role, $resource);
     if ($allow == false && $this->_auth->hasIdentity()) {
         // user logged in but denied permission
         $request->setModuleName('default');
         $request->setControllerName('error');
         $request->setActionName('forbidden');
         /* $this->_response->setHeader('Content-type', 'text/html');
                       $this->_response->setHttpResponseCode(403);
                       $this->_response->setBody('<h1>403 - Forbidden</h1>');
         
                       $this->_response->sendResponse(); */
     }
     Zend_Registry::set('Role', $role);
     Zend_Registry::set('Resource', $resource);
 }
Exemplo n.º 15
0
 public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
 {
     if ($acl->isAllowed($role, $resource, $privilege . ':all')) {
         return true;
     } elseif ($acl->isAllowed($role, $resource, $privilege . ':mine')) {
         if ($resource->createdBy == $role->id) {
             return true;
         } else {
             return false;
         }
     } else {
         return false;
     }
 }
Exemplo n.º 16
0
 /**
  * @param \Zend_Acl_Role $role
  */
 private function checkRole(\Zend_Acl_Role $role)
 {
     $resource = $this->getResource();
     if (!$this->acl->has($resource)) {
         $errModule = 'gallery';
         $errController = 'error';
         $errAction = 'error404';
         $this->_request->setModuleName($errModule)->setControllerName($errController)->setActionName($errAction);
         return;
     }
     if (!$this->acl->isAllowed($role, $resource)) {
         $this->_request->setModuleName('admin')->setControllerName('auth')->setActionName('login');
         return;
     }
 }
Exemplo n.º 17
0
 /**
  * Hook into action controller preDispatch() workflow
  *
  * @return void
  */
 public function preDispatch()
 {
     $role = 'guest';
     //        die($role);
     if ($this->_auth->hasIdentity()) {
         $user = $this->_auth->getIdentity();
         if (is_object($user)) {
             $role = $this->_auth->getIdentity()->role;
         }
     }
     $request = $this->_action->getRequest();
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $module = $request->getModuleName();
     //        $this->view->getLayout()->setLayout($module);
     $this->_controllerName = $controller;
     $resource = $controller;
     $privilege = $action;
     if (!$this->_acl->has($resource)) {
         $resource = null;
     }
     if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
         if (!$this->_auth->hasIdentity()) {
             $noPermsAction = $this->_acl->getNoAuthAction();
         } else {
             $noPermsAction = $this->_acl->getNoAclAction();
         }
         $request->setModuleName($noPermsAction['module']);
         $request->setControllerName($noPermsAction['controller']);
         $request->setActionName($noPermsAction['action']);
         $request->setDispatched(false);
     }
 }
Exemplo n.º 18
0
 /**
  * Notifies whether the logged-in user has permission for a given resource/
  * privilege combination.
  *
  * If an ACL resource being checked has not been defined, access to that
  * resource should not be controlled.  This allows plugin writers to
  * implement controllers without also requiring them to be aware of the ACL.
  *
  * Conversely, in the event that an ACL resource has been defined, all access
  * permissions for that controller must be properly defined.
  *
  * The names of resources should correspond to the name of the controller
  * class minus 'Controller', e.g.
  * Geolocation_IndexController -> 'Geolocation_Index'
  * CollectionsController -> 'Collections'
  *
  * @param string $privilege
  * @param Zend_Acl_Resource|string|null (Optional) Resource to check.
  * @see getResourceName()
  * @return boolean
  */
 public function isAllowed($privilege, $resource = null)
 {
     $allowed = $this->_allowed;
     if (isset($allowed[$privilege])) {
         return $allowed[$privilege];
     }
     if ($resource instanceof Zend_Acl_Resource_Interface) {
         $resourceObj = $resource;
         $resourceName = $resourceObj->getResourceId();
     } else {
         if (is_string($resource)) {
             $resourceName = $resource;
         } else {
             if (!$resource) {
                 $resourceName = $this->getResourceName();
             }
         }
     }
     // Plugin writers do not need to define an ACL in order for their
     // controllers to work.
     if (!$this->_acl->has($resourceName)) {
         return true;
     }
     if (!isset($resourceObj)) {
         $resourceObj = $this->_acl->get($resourceName);
     }
     return $this->_acl->isAllowed($this->_currentUser, $resourceObj, $privilege);
 }
Exemplo n.º 19
0
 /**
  * Checl whether the user can execute the action on the named resource
  *
  * @param String $resourceName The name of the resource
  * @param String $action The action to be executred
  */
 function checkPermission($resourceName, $action)
 {
     // make the resourcenmae lower case to match the ones which were loaded
     $resourceName = strtolower($resourceName);
     if (!$this->availableGroups) {
         // there are no groups loaded
         return false;
     }
     foreach ($this->availableGroups as $group) {
         try {
             // check if the action can be executed on the resource for the specific role
             // use the parent method since we are dealing with one role at a time here
             if (parent::isAllowed($group, $resourceName, $action)) {
                 // action is allowed on the resource
                 return true;
             }
         } catch (Zend_Exception $ze) {
             // either a resource or a group is not defined in the ACL. Deny access to it
             error_log($ze->__toString());
             return false;
         }
     }
     // by default the action is denied on the resource
     return false;
 }
Exemplo n.º 20
0
 /**
  * @group 4226
  */
 public function testAllowNullPermissionAfterResourcesExistShouldAllowAllPermissionsForRole()
 {
     $this->_acl->addRole('admin');
     $this->_acl->addResource('newsletter');
     $this->_acl->allow('admin');
     $this->assertTrue($this->_acl->isAllowed('admin'));
 }
Exemplo n.º 21
0
 /**
  * Checks if user has the right to do privilege on resource
  * 
  * @param Zend_Acl_Resource $resource
  * @param string $privilege
  * @return boolean
  */
 public function isAllowed($resource, $privilege)
 {
     if (!$this->acl->has($resource)) {
         return true;
     }
     return $this->acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $privilege);
 }
Exemplo n.º 22
0
 /**
  * Hook into action controller preDispatch() workflow
  *
  * @return void
  */
 public function preDispatch()
 {
     $role = 'public';
     if ($this->getAuth()->hasIdentity()) {
         $user = $this->getAuth()->getIdentity();
         if (is_object($user)) {
             $role = $this->getAuth()->getIdentity()->role;
         }
     }
     $request = $this->getAction()->getRequest();
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $module = $request->getModuleName();
     $this->_controllerName = $controller;
     $resource = $controller;
     $privilege = $action;
     if (!$this->_acl->has($resource)) {
         $resource = null;
     }
     if (!$this->_acl->isAllowed($role, $resource, $privilege)) {
         $request->setModuleName('default');
         $request->setControllerName('error');
         $request->setActionName('notauthorised');
         $request->setDispatched(false);
     }
 }
Exemplo n.º 23
0
Arquivo: Acl.php Projeto: kminkov/Blog
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $acl = new Zend_Acl();
     $acl->addRole(new Zend_Acl_Role(Model_Role::GUEST));
     $acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST);
     $acl->addResource(new Zend_Acl_Resource('admin'));
     $acl->addResource(new Zend_Acl_Resource('blog'));
     $acl->addResource(new Zend_Acl_Resource('error'));
     $acl->addResource(new Zend_Acl_Resource('index'));
     $acl->allow(Model_Role::GUEST, 'blog');
     $acl->allow(Model_Role::GUEST, 'error');
     $acl->allow(Model_Role::GUEST, 'index');
     $acl->allow(Model_Role::GUEST, 'admin', array('login'));
     $acl->allow(Model_Role::ADMIN, 'admin');
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity()) {
         $user = new Model_User($auth->getIdentity());
         $role = $user->role_id;
     } else {
         $role = Model_Role::GUEST;
     }
     $resource = $request->getControllerName();
     $privilege = $request->getActionName();
     if (!$acl->isAllowed($role, $resource, $privilege)) {
         $this->_request->setControllerName('admin')->setActionName('login');
         $this->_response->setRedirect('/admin/login/');
     }
 }
Exemplo n.º 24
0
 /**
  * Checks the Acl to see if this $user (role) can preform this $action on this $resource. If no specific rules have been defined for this $resource or the specific resource doesn't exist,
  * this function will return false.
  *
  * @param string|Zend_Acl_Role_Interface $user The user to check
  * @param string|Zend_Acl_Resource_Interface $resource The resource to check
  * @param string $action The privilege to check
  * @return boolean
  */
 function isSpecificallyAllowed($user, $resource, $action)
 {
     if ($this->acl->has($resource)) {
         return $this->acl->isAllowed($user, $resource, $action);
     }
     return false;
 }
Exemplo n.º 25
0
    /**
     * @group ZF-9643
     */
    public function testRemoveDenyWithNullResourceAppliesToAllResources()
    {
        $this->_acl->addRole('guest');
        $this->_acl->addResource('blogpost');
        $this->_acl->addResource('newsletter');
        
        $this->_acl->allow();
        $this->_acl->deny('guest', 'blogpost', 'read');
        $this->_acl->deny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));

        $this->_acl->removeDeny('guest', 'newsletter', 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        $this->_acl->removeDeny('guest', null, 'read');
        $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
        
        // ensure deny null/all resources works
        $this->_acl->deny('guest', null, 'read');
        $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
        $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
    }
Exemplo n.º 26
0
 /**
  * Return whether or not this role has access to a certain resource
  *
  * @param  string            the permission being asked about
  * @param  QFrame_Permissible  (optional) the permissible object in question
  * @return boolean
  */
 public function hasAccess($permission, QFrame_Permissible $permissible = null)
 {
     $resource = $permissible === null ? "GLOBAL" : $permissible->getPermissionID();
     if (!$this->acl->hasRole($permission) || !$this->acl->has($resource)) {
         return false;
     }
     return $this->acl->isAllowed($permission, $resource);
 }
Exemplo n.º 27
0
 /**
  * Assert whether or not the ACL should allow access.
  */
 public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
 {
     $allPriv = $privilege . 'All';
     $selfPriv = $privilege . 'Self';
     if (!$role instanceof User) {
         $allowed = false;
     } else {
         if ($resource instanceof Omeka_Record_AbstractRecord) {
             $allowed = $acl->isAllowed($role, $resource, $allPriv) || $acl->isAllowed($role, $resource, $selfPriv) && $this->_userOwnsRecord($role, $resource);
         } else {
             // The "generic" privilege is allowed if the user can
             // edit any of the given record type whatsoever.
             $allowed = $acl->isAllowed($role, $resource, $allPriv) || $acl->isAllowed($role, $resource, $selfPriv);
         }
     }
     return $allowed;
 }
 /**
  * Assert whether or not the ACL should allow access.
  */
 public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null)
 {
     $allPriv = $privilege . 'All';
     $selfPriv = $privilege . 'Self';
     if (!$role instanceof User) {
         $allowed = false;
     } else {
         if ($resource instanceof NeatlineTimeTimeline) {
             $allowed = $acl->isAllowed($role, $resource, $allPriv) || $acl->isAllowed($role, $resource, $selfPriv) && $this->_userOwnsTimeline($role, $resource);
         } else {
             // The "generic" privilege is allowed if the user can
             // edit any items whatsoever.
             $allowed = $acl->isAllowed($role, $resource, $allPriv) || $acl->isAllowed($role, $resource, $selfPriv);
         }
     }
     return $allowed;
 }
Exemplo n.º 29
0
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $resource = null;
     $module = $request->getModuleName();
     $controller = $request->getControllerName();
     $action = $request->getActionName();
     $front = Zend_Controller_Front::getInstance();
     $defaultModule = $front->getDefaultModule();
     if ($module != '' && $module != $defaultModule) {
         $resource .= $module . ':';
     }
     $resource .= $controller;
     if ($this->_acl->has(new Zend_Acl_Resource($resource))) {
         if (!$this->_acl->isAllowed(new Zend_Acl_Role($this->_role), new Zend_Acl_Resource($resource), $action)) {
             $request->setModuleName($defaultModule)->setControllerName('error')->setActionName($this->_denyAction)->setParam('error_handler', true);
         }
     }
 }
Exemplo n.º 30
0
Arquivo: Acl.php Projeto: kandy/system
 /**
  * Pre dispatch hock
  * Checks if the current user identified by role has rights to the requested url (module/controller/action)
  * If not, it will call denyAccess to be redirected to errorPage
  *
  * @return void
  **/
 public function preDispatch(Zend_Controller_Request_Abstract $request)
 {
     $this->setRequest($request);
     /** Check if the controller/action can be accessed by the current user */
     if (!$this->_acl->isAllowed($this->getRole(), $this->getResource($request), $this->_getPrivilege($request))) {
         /** Redirect to access denied page */
         $this->denyAccess();
     }
 }