public function preDispatch(Zend_Controller_Request_Abstract $request) { $this->_initAcl(); if ($this->_auth->hasIdentity()) { $ident = $this->_auth->getIdentity(); $date = new Zend_Date(); $ident->last_login = $date->get(DATABASE_DATE_FORMAT); $ident->save(); } if ($request->getControllerName() != 'admin' && $request->getModuleName() != 'admin') { return; } // if this is not admin skip the rest if (!$this->_auth->hasIdentity() && !($request->getControllerName() == 'auth' && $request->getActionName() == 'login' && $request->getModuleName() == 'admin')) { $redirect = new Zend_Controller_Action_Helper_Redirector(); $redirect->gotoSimple('login', 'auth', 'admin'); } if ($request->getModuleName() == 'user' && $request->getControllerName() == 'admin' && $request->getActionName() == 'profile') { return; } // the profile is a free resource $resource = $request->getModuleName() . '_' . $request->getControllerName(); $hasResource = $this->_acl->has($resource); if ($hasResource && !$this->_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $request->getActionName())) { throw new FansubCMS_Exception_Denied('The user is not allowd to do this'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if (!Zend_Auth::getInstance()->hasIdentity() && ($request->getControllerName() != 'index' && $request->getControllerName() != 'error')) { $request->setControllerName('index'); $request->setActionName('index'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Zend_Auth::getInstance(); $publicPages = array(); $publicPages['controllers'] = array('login'); $publicPages['actions'] = array(); $controllerName = $request->getControllerName(); if ($auth->hasIdentity() || in_array($controllerName, $publicPages['controllers'])) { return true; } throw new WebVista_App_AuthException('You must be authenticated to access the system.'); $roleId = $auth->getIdentity()->roleId; $acl = WebVista_Acl::getInstance(); if (!$acl->hasRole($roleId)) { $error = "Sorry, the requested user role '" . $roleId . "' does not exist"; } if (!$acl->has($request->getModuleName() . '_' . $request->getControllerName())) { $error = "Sorry, the requested controller '" . $request->getControllerName() . "' does not exist as an ACL resource"; } if (!$acl->isAllowed($roleId, $request->getModuleName() . '_' . $request->getControllerName(), $request->getActionName())) { $error = "Sorry, the page you requested does not exist or you do not have access"; } if (isset($error)) { throw new WebVista_App_AuthException('You must be authenticated to access the system.'); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if ('company' == $request->getControllerName()) { $tsn = $request->tsn ? $request->tsn : $_COOKIE['tsn']; if ($tsn) { $token = Token::create($tsn); $token->update_sync_time(); } else { $token = Token::create_abstract('123'); } if ($token->is_logined() == true) { if ($token->is_expire()) { $token->destroy(); include_once LIB_PATH . '/view_helper/BuildUrl.php'; $url_builder = new Zend_View_Helper_BuildUrl(); $referer = SearchFilter::slashes($url_builder->buildUrl($request->getActionName(), $request->getControllerName(), $request->getModuleName())); $login_url = $url_builder->buildUrl('login', 'auth', 'index', array('redirect' => $referer)); $redirector = new Zend_Controller_Action_Helper_Redirector(); $redirector->gotoUrl($login_url); return; } $token->register(); } else { if ('auth' != $request->getActionName()) { $token->destroy(); $request->setModuleName('index'); $request->setControllerName('auth'); $request->setActionName('login'); } } } }
protected function _checkSkipAcl(Zend_Controller_Request_Abstract $request, $type) { // verificação de requisicao - Caso ajax, verifica se a action é delete, senao, SKIP nele. if ($request->isXmlHttpRequest() && !in_array($request->getActionName(), $this->_arrAjaxNotSkip)) { return TRUE; } $configs = Zend_Registry::get('configs'); $skip = $configs['security']['skip'][$type]; $result = FALSE; $result = in_array($request->getActionName(), $skip); foreach ($skip as $routers) { $route = explode('/', $routers); switch (count($route)) { case 1: // action $result = in_array($request->getActionName(), $skip); break; case 2: // controller/action $result = in_array($request->getControllerName() . '/' . $request->getActionName(), $skip); break; case 3: // module/controller/action $result = in_array($request->getModuleName() . '/' . $request->getControllerName() . '/' . $request->getActionName(), $skip); break; } if ($result) { return TRUE; } } return $result; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $storage = new Zend_Auth_Storage_Session(); $data = $storage->read(); $role = $data['emprole']; if ($role == 1) { $role = 'admin'; } $request->getModuleName(); $request->getControllerName(); $request->getActionName(); $module = $request->getModuleName(); $resource = $request->getControllerName(); $privilege = $request->getActionName(); $this->id_param = $request->getParam('id'); $allowed = false; $acl = $this->_getAcl(); $moduleResource = "{$module}:{$resource}"; if ($resource == 'profile') { $role = 'viewer'; } if ($resource == 'services') { $role = 'services'; } if ($role != '') { if ($acl->has($moduleResource)) { $allowed = $acl->isAllowed($role, $moduleResource, $privilege); } if (!$allowed) { $request->setControllerName('error'); $request->setActionName('error'); } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $controller = ""; $action = ""; $module = ""; /* if($request->getControllerName() == "index" ){ $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); } else if ( !$this->_auth->hasIdentity() ) { }*/ if (!$this->_isAuthorized($request->getControllerName(), $request->getActionName())) { if (!$this->_auth->hasIdentity()) { if (!in_array($request->getControllerName(), $this->_moRedirect) && !Application_Model_Redirect::hasRequestUri()) { Application_Model_Redirect::saveRequestUri("/" . $request->getControllerName() . "/" . $request->getActionName()); } $controller = $this->_notLoggedRoute['controller']; $action = $this->_notLoggedRoute['action']; $module = $this->_notLoggedRoute['module']; } else { $controller = $this->_forbiddenRoute['controller']; $action = $this->_forbiddenRoute['action']; $module = $this->_forbiddenRoute['module']; } } else { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); } $request->setControllerName($controller); $request->setActionName($action); $request->setModuleName($module); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $loginController = 'authentication'; $loginAction = 'login'; $auth = Zend_Auth::getInstance(); // If user is not logged in and is not requesting login page // - redirect to login page. if (!$auth->hasIdentity() && $request->getControllerName() != $loginController && $request->getActionName() != $loginAction) { $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoSimpleAndExit($loginAction, $loginController); } // User is logged in or on login page. if ($auth->hasIdentity()) { // Is logged in // Let's check the credential $acl = new Tynex_Models_TynexAcl(); $identity = $auth->getIdentity(); // role is a column in the user table (database) $isAllowed = $acl->isAllowed($identity->role, $request->getControllerName(), $request->getActionName()); if (!$isAllowed) { $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoUrlAndExit('/'); } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if (!in_array($request->getModuleName(), array('qg', 'painel'))) { return; } $controller = ""; $action = ""; $module = ""; if (!$this->_auth->hasIdentity()) { $controller = $this->_notLoggedRoute['controller']; $action = $this->_notLoggedRoute['action']; $module = $request->getModuleName(); } else { if (!$this->_isAuthorized($request->getModuleName(), $request->getControllerName(), $request->getActionName())) { $controller = $this->_forbiddenRoute['controller']; $action = $this->_forbiddenRoute['action']; $module = $request->getModuleName(); } else { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); } } $request->setControllerName($controller); $request->setActionName($action); $request->setModuleName($module); }
function hasAccessUrl(Zend_Controller_Request_Abstract $request) { $acl = $this->getAcl(); $url1 = $request->getModuleName() . '::*'; $url2 = $request->getModuleName() . '::' . $request->getControllerName() . '::*'; $url3 = $request->getModuleName() . '::' . $request->getControllerName() . '::' . $request->getActionName(); return $acl->has($url1) && $acl->isAllowed($this->getRole(), $url1) || $acl->has($url2) && $acl->isAllowed($this->getRole(), $url2) || $acl->has($url3) && $acl->isAllowed($this->getRole(), $url3); }
public static function getModulesIdsByRequest(Zend_Controller_Request_Abstract $request) { $map = self::getMapModules(); if (isset($map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()])) { return $map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()]; } else { return false; } }
/** * @param $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $id = Zend_Auth::getInstance()->getIdentity(); if (empty($id)) { // If it is not the login action of the authentication controller then forward to the login form if (!($request->getControllerName() === 'authentication' || $request->getControllerName() === 'favicon.ico' || $request->getControllerName() === 'error' || $request->getControllerName() === 'index')) { $this->_response->setRedirect('/login'); } } }
/** * * @access protected * @return void */ protected function _includeCssController() { $ds = '/'; //DIRECTORY_SEPARATOR; $file = 'public' . $ds . 'styles' . $ds . $this->_request->getModuleName() . $ds . $this->_request->getControllerName() . '.css'; if (file_exists(APPLICATION_PATH . $ds . '..' . $ds . $file)) { $view = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('view'); $view->headLink()->appendStylesheet($view->baseUrl($file)); } }
public function preDispatch(\Zend_Controller_Request_Abstract $request) { if ($request->getControllerName() == "login" || $request->getControllerName() == "privilegese" || $request->getControllerName() == "index" || $request->getControllerName() == "error" || $request->getControllerName() == "document") { return; } $hasPrivilege = self::hasPrivilige($request); if ($hasPrivilege == false) { $request->setControllerName("privileges"); $request->setActionName("index"); } }
public function getInstance(Zend_Controller_Request_Abstract $request) { if (!is_null($request->getModuleName())) { $controller = $this->_loadCommand($request->getControllerName(), $request->getModuleName()); return $controller; } elseif (!is_null($request->getControllerName())) { $controller = $this->_loadCommand($request->getControllerName()); return $controller; } else { return $this->_loadCommand($this->getDefaultControllerName()); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if (preg_match('/(.*)\\.popup$/', $request->getControllerName(), $matches)) { Zend_Layout::getMvcInstance()->setInflectorTarget('../../views/scripts/:script.popup.:suffix'); $request->setControllerName($matches[1]); } else { if (preg_match('/(.*)\\.raw$/', $request->getControllerName(), $matches)) { Zend_Layout::getMvcInstance()->setInflectorTarget('../../views/scripts/:script.raw.:suffix'); $request->setControllerName($matches[1]); } } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { /* Redirect to the upgrade controller if an upgrade is neccessary */ if (Phprojekt_Auth::isLoggedIn() && ($request->getModuleName() != 'Core' || $request->getControllerName() != 'Upgrade') && ($request->getControllerName() != 'Login' || $request->getActionName() != 'logout')) { $migration = new Phprojekt_Migration($this->_extensions); if ($migration->needsUpgrade()) { $this->_request->setModuleName('Core'); $this->_request->setControllerName('Upgrade'); $this->_request->setActionName('index'); } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $this->layout = Zend_Layout::getMvcInstance(); $auth = Zend_Auth::getInstance(); $authorizedModules = array("painel"); if ($request->getModuleName() == 'default') { $this->layout->setLayout("layout.default"); } elseif ($request->getControllerName() == "error") { $this->layout->setLayout("layout.default"); } else { if ($request->getControllerName() == "login") { $this->layout->setLayout("layout.login"); } else { if ($auth->hasIdentity()) { if ($auth->getIdentity()->sessao == "admin") { $this->layout->setLayout("layout.painel"); } else { $auth->clearIdentity(); header("location: /painel/login"); exit; } } else { header("location: /painel/login"); exit; } } } /* if($request->getModuleName() == 'default'){ $this->layout->setLayout("layout.default"); } else { if($request->getControllerName() == "login"){ $this->layout->setLayout("layout.login"); }else{ if($auth->hasIdentity()) { if($auth->getIdentity()->sessao == "admin") { $this->layout->setLayout("layout.painel"); }else{ $auth->clearIdentity(); header("location: /painel/login"); exit; } }else{ header("location: /painel/login"); exit; } } } */ }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { try { $this->_statusRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack')); $this->_aclRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'), $request->getQuery()); $this->_workflowRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack')); } catch (Saf_Controller_Front_Plugin_RouteRules_Exception $e) { Saf_Debug::out('Enforcing Routing Rule: ' . $e->getMessage()); $request->setModuleName($e->getModuleName()); $request->setControllerName($e->getControllerName()); $request->setActionName($e->getActionName()); $request->setParam('resourceStack', $e->getResourceStack()); } }
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { if ($request->getModuleName() == 'admin') { if (!$this->_auth->hasIdentity()) { if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') { return true; } $this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index/login'); } else { if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') { $this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index'); } } } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { $layout = Zend_Layout::getMvcInstance(); $layoutConfig = Zend_Json::decode(file_get_contents(APPLICATION_PATH . '/configs/layout.json'), true); $layoutName = 'layout'; if (isset($layoutConfig[$request->getControllerName()])) { if (is_array($layoutConfig[$request->getControllerName()]) && isset($layoutConfig[$request->getControllerName()][$request->getActionName()])) { $layoutName = $layoutConfig[$request->getControllerName()][$request->getActionName()]; } else { $layoutName = $layoutConfig[$request->getControllerName()]; } } $layout->setLayout('layouts/' . $layoutName); parent::routeShutdown($request); }
/** * @param Zend_Controller_Request_Abstract $oHttpRequest */ public function preDispatch(Zend_Controller_Request_Abstract $oHttpRequest) { $sControllerName = $oHttpRequest->getControllerName(); $sActionName = $oHttpRequest->getActionName(); $aRequestedParams = $oHttpRequest->getUserParams(); $sQuery = ''; unset($aRequestedParams['controller']); unset($aRequestedParams['action']); // Define user role if (Zend_Auth::getInstance()->hasIdentity()) { $aData = Zend_Auth::getInstance()->getStorage()->read(); $sRole = $aData['role']; } else { // Default role $sRole = 'guest'; } // Check access if (!$this->_oAcl->isAllowed($sRole, $sControllerName, $sActionName)) { $oHttpRequest->setParam('referer_controller', $sControllerName); $oHttpRequest->setParam('referer_action', $sActionName); $aParams = array(); if (count($aRequestedParams)) { foreach ($aRequestedParams as $sKey => $sValue) { $aParams[] = $sKey; $aParams[] = $sValue; } $sQuery = implode('/', $aParams) . '/'; } $oHttpRequest->setParam('query', $sQuery); $oHttpRequest->setControllerName('auth')->setActionName('login'); $this->_response->setHttpResponseCode(401); } }
/** * routeShutdown * 在 路由器 完成请求的路由后被调用 * @param Zend_Controller_Request_Abstract $request * @return void */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { /** * 检测请求的Content-type类型 */ $pathinfo = $request->getPathInfo(); if (!empty($pathinfo)) { if ($extension = pathinfo($pathinfo, PATHINFO_EXTENSION)) { if (preg_match('/^[-a-z0-9]+$/i', $extension)) { $request->setParam(static::KEY_EXT, strtolower($extension)); } } } /** * 检测是否支持json响应 */ if ($request->getParam(static::KEY_EXT) == '') { $accept = $request->getServer('HTTP_ACCEPT'); if (!empty($accept)) { if (strpos($accept, 'json') !== false) { $request->setParam(static::KEY_EXT, 'json'); } } } /** * 格式化请求目标信息,不允许[-a-zA-Z0-9]以外的字符 */ $pattern = '/[^-a-zA-Z0-9].*/'; $request->setModuleName(preg_replace($pattern, '', $request->getModuleName())); $request->setControllerName(preg_replace($pattern, '', $request->getControllerName())); $request->setActionName(preg_replace($pattern, '', $request->getActionName())); }
public function postDispatch(Zend_Controller_Request_Abstract $request) { $layout = Zend_Layout::getMvcInstance(); // the name "maintenanceMode" is also referred to in the Admin_MaintenanceController, // so if you change the filename, it needs to be changed there too $maintenanceModeFileName = 'maintenanceMode'; $register = new Ot_Config_Register(); $identity = Zend_Auth::getInstance()->getIdentity(); $role = empty($identity->role) ? $register->defaultRole->getValue() : $identity->role; if (isset($identity->masquerading) && $identity->masquerading == true && isset($identity->realAccount) && !is_null($identity->realAccount) && isset($identity->realAccount->role)) { $role = $identity->realAccount->role; } $acl = Zend_Registry::get('acl'); $view = $layout->getView(); $viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer'); if (is_file(APPLICATION_PATH . '/../overrides/' . $maintenanceModeFileName) && (!$request->isXmlHttpRequest() && !$viewRenderer->getNeverRender())) { if (!$acl->isAllowed($role, 'ot_maintenance', 'index')) { if (!($request->getModuleName() == 'ot' && $request->getControllerName() == 'login' && $request->getActionName() == 'index')) { $response = $this->getResponse(); $layout->disableLayout(); $response->setBody($view->maintenanceMode()->publicLayout()); } } else { $response = $this->getResponse(); // there's no point in setting text here if it's a redirect if ($response->isRedirect()) { $response->setBody(''); } else { $response->setBody($view->maintenanceMode()->header() . $response->getBody()); } } } }
/** * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $options = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getApplication()->getOptions(); $config = new Zend_Config($options); $acl = new My_Acl($config); $role = 'guest'; if (Zend_Auth::getInstance()->hasIdentity()) { $role = 'user'; if (Zend_Auth::getInstance()->hasIdentity()) { return; } else { $login = Zend_Auth::getInstance()->getIdentity(); $user = My_Model::get('Users')->getUserByEmail($login); if ($user->admin == 1) { $role = 'admin'; } } } $controller = $request->getControllerName(); $action = $request->getActionName(); $resource = $controller; $privilege = $action; if (!$acl->has($resource)) { $resource = null; } if (is_null($privilege)) { $privilege = 'index'; } if (!$acl->isAllowed($role, $resource, $privilege)) { // $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger'); // $flash->addMessage('Access Denied'); $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector'); $redirector->gotoSimpleAndExit('login', 'admin'); } }
public function routeShutdown(Zend_Controller_Request_Abstract $request) { if ('admin' == $request->getModuleName() && 'Login' != $request->getControllerName()) { // Immediate ACL check to make sure they have identity $allowUser = defined('DEBUG_MODE') ? true : false; // blacklist system $user = $request->getParam('User', null); if ($user instanceof Showcase_User) { // OK user has identity, check the roles //$allowUser = Zend_registry::get('Acl')->isAllowed($user->getRoles(), "CMS User") ? true : false; $allowUser = $user->isCmsaccess; } if (!$allowUser) { $request->setControllerName('Login')->setModuleName('index')->setActionName('index')->setDispatched(false); } else { Showcase_Controller_Action_HelperBroker::addPath(Package::buildPath(SITE_DIR, 'classes', 'Controller', 'Action', 'Helper', 'Admin'), 'Showcase_Controller_Action_Helper_Admin'); // Cretae a new helper path for administrative privileges //$request->setParam('Admin', Showcase_Admin::getInstance()); // Set the instance of the Admin object //$request->getParam('View')->assign('admin', $request->getParam('Admin')); // And inject it into the view so it can help things for Smarty // Include the CMS JS scripts //$request->getParam('View')->assign('javaScripts', array('/include/js/admin/js/cms')); // Check if the user wants to force a manual cache clearance //if ($request->getParam('flushCache')) { // Showcase_Content_Cache::flushCache(); //} } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if ($request->isXmlHttpRequest()) { return; } $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $isAllowed = false; if (Zend_Auth::getInstance()->hasIdentity()) { $user = Zend_Auth::getInstance()->getIdentity(); require_once APPLICATION_PATH . '/modules/core/services/Acl.php'; $acl = Core_Services_Acl::getInstance(); if (in_array(strtolower($module . '_' . $controller . '_' . $action), array('default_index_index', 'identity_account_logout'))) { $isAllowed = true; } else { $isAllowed = $acl->isUserOrRoleAllowed($user, $module, $controller, $action); } } if (!$isAllowed) { if (Zend_Auth::getInstance()->hasIdentity()) { $forwardAction = 'deny'; } else { $forwardAction = 'login'; } $sReturn = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $sReturn = base64_encode($sReturn); $request->setModuleName('core')->setControllerName('Auth')->setActionName($forwardAction)->setParam('returnUrl', $sReturn)->setDispatched(true); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { //clear session from search session //$this->clearSession(); $session_user = new Zend_Session_Namespace('auth'); $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $url = $module . "/" . $controller . "/" . $action; $_url = ""; //have login if (isset($session_user->arr_acl)) { $arr_acl = $session_user->arr_acl; $valid_action = FALSE; foreach ($arr_acl as $acl) { if ($module == $acl["module"] && $controller == $acl["controller"]) { $valid_action = TRUE; break; } elseif ($module === "rsvAcl" && $controller === "user" && $action === "change-password") { //all user level can change password all $valid_action = TRUE; break; } elseif ($module === "rsvAcl" && $session_user->level === "1") { //user level 1 can access all action in module "rsvAcl" $valid_action = TRUE; break; } } //redirect to homepage if (!$valid_action) { //just open block below if ($url !== "default/index/index" && $url !== "default/error/error" && $url !== "default/index/changepassword" && $url !== "default/index/logout") { $_url = '/'; } $_have = false; foreach ($this->_exception_url as $i => $val) { if ($url === $val) { $_have = true; break; } } if (!$_have) { $_url = '/'; } } else { $_url = $this->rewriteUrl($url); } } else { //no login //redirect to login page if ($url !== "default/index/index") { $_url = "/"; } } if (!empty($_url)) { // echo"url here". $_url;exit(); $_url = "/home"; Application_Form_FrmMessage::redirectUrl($_url); } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Zend_Auth::getInstance(); $isAllowed = false; $controller = $request->getControllerName(); $action = $request->getActionName(); // Generate the resource name $resourceName = $controller . '/' . $action; // Don't block errors if ($resourceName == 'error/error') { return; } $resources = $this->acl->getResources(); if (!in_array($resourceName, $resources)) { $request->setControllerName('error')->setActionName('error')->setDispatched(true); throw new Zend_Controller_Action_Exception('This page does not exist', 404); return; } // Check if user can access this resource or not $isAllowed = $this->acl->isAllowed(Zend_Registry::get('role'), $resourceName); // Forward user to access denied or login page if this is guest if (!$isAllowed) { if (!Zend_Auth::getInstance()->hasIdentity()) { $forwardAction = 'login'; } else { $forwardAction = 'deny'; } $request->setControllerName('index')->setActionName($forwardAction)->setDispatched(true); } }
/** * Hlavni logika ACL * * @param $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $acl = new Zend_Acl(); $identity = $auth->getIdentity(); $acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner'); if ($identity->owner == true) { $inherit = 'owner'; } elseif ($identity->administrator == true) { $inherit = 'admin'; } else { $inherit = 'user'; } $acl->addRole(new Zend_Acl_Role($identity->email), $inherit); $projekt = $request->getParam('projekt'); // Zakladni resource foreach ($this->_resources as $val => $key) { $acl->add(new Zend_Acl_Resource($key)); } // Prava pro zakladni resource $acl->allow('owner'); $acl->deny('admin', 'account'); $acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir')); $acl->deny('user', 'account'); $acl->deny('user', 'project', $this->_create); $acl->deny('user', 'people', $this->_create); $acl->deny('user', 'project', $this->_manage); $acl->deny('user', 'people', $this->_manage); if ($request->id == $identity->iduser) { $acl->allow('user', 'people', $this->_manage); } // Resource pro projektovou podsekci $this->_projectAcl($acl, $identity); Zend_Registry::set('acl', $acl); if ($identity->administrator == 1) { $isAllowed = true; } elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) { $isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName()); } elseif (in_array($request->getControllerName(), $this->_resources)) { $isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName()); } else { $isAllowed = false; } $error = $request->getParam('error_handler'); if (is_null($error)) { if (!$isAllowed) { $module = $this->_noacl['module']; $controller = $this->_noacl['controller']; $action = $this->_noacl['action']; } } $request->setModuleName($module); $request->setControllerName($controller); $request->setActionName($action); } }