Exemplo n.º 1
0
 public function initAcl(MvcEvent $e)
 {
     //Creamos el objeto ACL
     $acl = new Acl();
     //Incluimos la lista de roles y permisos, nos devuelve un array
     $roles = (require 'config/autoload/acl.roles.php');
     foreach ($roles as $role => $resources) {
         //Indicamos que el rol será genérico
         $role = new \Zend\Permissions\Acl\Role\GenericRole($role);
         //Añadimos el rol al ACL
         $acl->addRole($role);
         //Recorremos los recursos o rutas permitidas
         foreach ($resources["allow"] as $resource) {
             //Si el recurso no existe lo añadimos
             if (!$acl->hasResource($resource)) {
                 $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource));
             }
             //Permitimos a ese rol ese recurso
             $acl->allow($role, $resource);
         }
         foreach ($resources["deny"] as $resource) {
             //Si el recurso no existe lo añadimos
             if (!$acl->hasResource($resource)) {
                 $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource));
             }
             //Denegamos a ese rol ese recurso
             $acl->deny($role, $resource);
         }
     }
     //Establecemos la lista de control de acceso
     $e->getViewModel()->acl = $acl;
 }
 public function testBuildCanAcceptXMLAsString()
 {
     $content = file_get_contents(__DIR__ . '/fixtures/test.xml');
     $this->object = new AclBuilder(new StringType($content), $this->acl);
     $this->assertTrue($this->object->build());
     $this->assertTrue($this->acl->hasRole('guest'));
     $this->assertTrue($this->acl->hasResource('logout'));
     $this->assertTrue($this->acl->isAllowed('guest', 'login'));
     $this->assertTrue($this->acl->isAllowed('user', null, 'GET'));
 }
Exemplo n.º 3
0
 private function _load()
 {
     if ($this->loaded == false) {
         // Add roles
         $config = $this->serviceLocator->get('config');
         if (isset($config['acl']['role_providers'])) {
             $roles = [];
             foreach ($config['acl']['role_providers'] as $class => $options) {
                 /** @var \Acl\Provider\Role\ProviderInterface $roleProvider */
                 $roleProvider = $this->serviceLocator->get($class);
                 $roles = $roles + $roleProvider->getRoles();
             }
             foreach ($roles as $role) {
                 /** @var \Acl\Entity\Role $role */
                 $this->acl->addRole($role, $role->getParents());
             }
         }
         // Add resources
         if (isset($config['acl']['resource_providers'])) {
             foreach ($config['acl']['resource_providers'] as $class => $options) {
                 /** @var \Acl\Provider\Resource\ProviderInterface $resourceProvider */
                 $resourceProvider = $this->serviceLocator->get($class);
                 $resources = $resourceProvider->getResources();
                 if ($resources) {
                     foreach ($resources as $r) {
                         if (!$this->acl->hasResource($r)) {
                             $this->acl->addResource($r);
                         }
                     }
                 }
             }
         }
         // Add rules
         if (isset($config['acl']['rule_providers'])) {
             $rules = [];
             foreach ($config['acl']['rule_providers'] as $class => $options) {
                 /** @var \Acl\Provider\Rule\ProviderInterface $ruleProvider */
                 $ruleProvider = $this->serviceLocator->get($class);
                 $rules = $rules + $ruleProvider->getRules();
             }
             foreach ($rules as $rule) {
                 /** @var \Acl\Entity\Rule $rule */
                 if ($rule->allow) {
                     $this->acl->allow($rule->obj_id, $rule->resource, $rule->privilege);
                 } else {
                     $this->acl->deny($rule->obj_id, $rule->resource, $rule->privilege);
                 }
             }
         }
         $this->loaded = true;
     }
 }
Exemplo n.º 4
0
 public function loadPrivilege()
 {
     if (!$this->acl || !$this->acl instanceof \Zend\Permissions\Acl\Acl) {
         return null;
     }
     $userService = $this->getServiceLocator()->get('User\\Service\\User');
     /*@var $userService \User\Service\User */
     if (!$userService->hasIdentity()) {
         return null;
     }
     $user = $userService->getUser();
     if (in_array($user->getRole(), [\User\Model\User::ROLE_ADMIN, \User\Model\User::ROLE_SUPERADMIN, \User\Model\User::ROLE_GUEST])) {
         return null;
     }
     $dependence = $this->acl->getDependencies();
     $resources = null;
     if ($resources) {
         foreach ($resources as $resource) {
             if ($this->acl->hasResource($resource['resource'])) {
                 $this->acl->allow($user->getRole(), $resource['resource'], $resource['privilege']);
                 if (isset($dependence['/' . str_replace(':', '/', $resource['resource']) . '/' . $resource['privilege']])) {
                     foreach ($dependence['/' . str_replace(':', '/', $resource['resource']) . '/' . $resource['privilege']] as $depen) {
                         $arr = explode('/', $depen);
                         if (count($arr) == 4) {
                             if ($this->acl->hasResource($arr[1] . ':' . $arr[2])) {
                                 $this->acl->allow($user->getRole(), $arr[1] . ':' . $arr[2], $arr[3]);
                             }
                         }
                     }
                 }
             }
         }
     }
     return $this->acl;
 }
Exemplo n.º 5
0
 /**
  * @param string|\Zend\Permissions\Acl\Resource\ResourceInterface $resource
  * @return bool|void
  */
 public function hasResource($resource)
 {
     if (is_null($this->acl)) {
         $this->init();
     }
     return $this->acl->hasResource($resource);
 }
Exemplo n.º 6
0
 /**
  * autentica o usuário
  */
 public function autenticaAction()
 {
     if ($this->getRequest()->isPost()) {
         $this->adapter->setOptions(array('object_manager' => Conn::getConn(), 'identity_class' => 'MyClasses\\Entities\\AclUsuario', 'identity_property' => 'login', 'credential_property' => 'senha'));
         $this->adapter->setIdentityValue($this->getRequest()->getPost('login'));
         $this->adapter->setCredentialValue(sha1($this->getRequest()->getPost('senha')));
         $result = $this->auth->authenticate($this->adapter);
         if ($result->isValid()) {
             $equipes = $result->getIdentity()->getEquipes();
             $acl = new Acl();
             $acl->addRole(new Role($equipes[0]->getPerfil()));
             $recursos = $equipes[0]->getRecursos();
             foreach ($recursos as $recurso) {
                 if (!$acl->hasResource($recurso->getRecurso())) {
                     /* echo "add recurso: ".
                        $perfil->getPerfil().", ".
                        $recurso->getRecurso()->getRecurso().", ".
                        $recurso->getPermissao(); */
                     $acl->addResource(new Resource($recurso->getRecurso()));
                     $acl->allow($equipes[0]->getPerfil(), $recurso->getRecurso());
                 }
             }
             $this->auth->getStorage()->write(array($result->getIdentity(), $equipes[0]->getPerfil(), $acl));
             $this->layout()->id = $result->getIdentity()->getId();
             $this->layout()->nome = $result->getIdentity()->getNome();
             return new ViewModel(array('nome' => $result->getIdentity()->getNome()));
         } else {
             return new ViewModel(array('erro' => array_pop($result->getMessages())));
         }
     }
 }
Exemplo n.º 7
0
 /**
  * @param Acl $acl
  * @param $resource
  */
 protected function addAclResource(ZendAcl $acl, AclResource $resource)
 {
     if (!$acl->hasResource($resource->getResource())) {
         $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource->getResource()));
     }
     return $this;
 }
Exemplo n.º 8
0
 /**
  * getAcl - This cannot be called before resources are parsed
  *
  * @param string $resourceId resourceId
  * @param string $providerId  @deprecated No Longer Required - providerId
  *
  * @return Acl
  */
 public function getAcl($resourceId, $providerId)
 {
     if (!isset($this->acl)) {
         $this->buildAcl();
     }
     /* resources privileges
            we load the every time so they maybe updated dynamically
        */
     $resources = $this->getResources($resourceId, $providerId);
     foreach ($resources as $resource) {
         if (!$this->acl->hasResource($resource)) {
             $this->acl->addResource($resource, $resource->getParentResource());
         }
         $privileges = $resource->getPrivileges();
         if (!empty($privileges)) {
             foreach ($privileges as $privilege) {
                 if (!$this->acl->hasResource($privilege)) {
                     $this->acl->addResource($privilege, $resource);
                 }
             }
         }
     }
     // get only for resources
     $rules = $this->getRules($resources);
     /** @var AclRule $aclRule */
     foreach ($rules as $aclRule) {
         if ($aclRule->getRule() == AclRule::RULE_ALLOW) {
             $this->acl->allow($aclRule->getRoleId(), $aclRule->getResourceId(), $aclRule->getPrivileges(), $aclRule->getAssertion());
         } elseif ($aclRule->getRule() == AclRule::RULE_DENY) {
             $this->acl->deny($aclRule->getRoleId(), $aclRule->getResourceId(), $aclRule->getPrivileges(), $aclRule->getAssertion());
         }
     }
     return $this->acl;
 }
 public function createService(ServiceLocatorInterface $serviceLocator)
 {
     $config = $serviceLocator->get('config.helper')->get('acl');
     $acl = new Acl();
     foreach ($config['roles'] as $role => $parents) {
         if (empty($parents)) {
             $parents = null;
         }
         $role = new GenericRole($role);
         $acl->addRole($role, $parents);
     }
     foreach ($config['resources'] as $permission => $controllers) {
         foreach ($controllers as $controller => $actions) {
             if (!$acl->hasResource($controller)) {
                 $acl->addResource(new GenericResource($controller));
             }
             foreach ($actions as $action => $role) {
                 if ($action == '*') {
                     $action = null;
                 }
                 if ($permission == 'allow') {
                     $acl->allow($role, $controller, $action);
                 } elseif ($permission == 'deny') {
                     $acl->deny($role, $controller, $action);
                 } else {
                     throw new Exception('No valid permission defined: ' . $permission);
                 }
             }
         }
     }
     if (class_exists('Zend\\View\\Helper\\Navigation')) {
         Navigation::setDefaultAcl($acl);
     }
     return $acl;
 }
Exemplo n.º 10
0
 /**
  * Create the service using the configuration from the modules config-file
  *
  * @param ServiceLocator $services The ServiceLocator
  *
  * @see \Zend\ServiceManager\FactoryInterface::createService()
  * @return Hybrid_Auth
  */
 public function createService(ServiceLocatorInterface $serviceLocator)
 {
     $config = $serviceLocator->get('config');
     $config = $config['acl'];
     if (!isset($config['roles']) || !isset($config['resources'])) {
         throw new \Exception('Invalid ACL Config found');
     }
     $roles = $config['roles'];
     if (!isset($roles[self::DEFAULT_ROLE])) {
         $roles[self::DEFAULT_ROLE] = '';
     }
     $this->admins = $config['admins'];
     if (!isset($this->admins)) {
         throw new \UnexpectedValueException('No admin-user set');
     }
     $acl = new Acl();
     foreach ($roles as $name => $parent) {
         if (!$acl->hasRole($name)) {
             if (empty($parent)) {
                 $parent = array();
             } else {
                 $parent = explode(',', $parent);
             }
             $acl->addRole(new Role($name), $parent);
         }
     }
     foreach ($config['resources'] as $permission => $controllers) {
         foreach ($controllers as $controller => $actions) {
             if ($controller == 'all') {
                 $controller = null;
             } else {
                 if (!$acl->hasResource($controller)) {
                     $acl->addResource(new Resource($controller));
                 }
             }
             foreach ($actions as $action => $role) {
                 if ($action == 'all') {
                     $action = null;
                 }
                 $assert = null;
                 if (is_array($role)) {
                     $assert = $serviceLocator->get($role['assert']);
                     $role = $role['role'];
                 }
                 $role = explode(',', $role);
                 foreach ($role as $roleItem) {
                     if ($permission == 'allow') {
                         $acl->allow($roleItem, $controller, $action, $assert);
                     } elseif ($permission == 'deny') {
                         $acl->deny($roleItem, $controller, $action, $assert);
                     } else {
                         continue;
                     }
                 }
             }
         }
     }
     return $acl;
 }
Exemplo n.º 11
0
 private function addResources(Acl $acl)
 {
     foreach ($this->modules as $module) {
         if (!$acl->hasResource($module)) {
             $acl->addResource(strtolower($module));
         }
     }
 }
Exemplo n.º 12
0
 public function getResourcesACL(\Zend\Permissions\Acl\Acl $acl, \Doctrine\ORM\EntityManager $em)
 {
     $repo = $em->getRepository('Security\\Entity\\RecursoSistema');
     foreach ($repo->fetchPairs() as $recurso) {
         $acl->addResource($recurso);
     }
     // carrega os recurso desprotegidos
     foreach ($this->getRecursosDesprotegidos() as $recurso) {
         if (!$acl->hasResource($recurso)) {
             $acl->addResource($recurso);
         }
     }
     return $acl;
 }
Exemplo n.º 13
0
 /**
  */
 private function initAcl()
 {
     if (!is_null($this->acl)) {
         return;
     }
     $this->acl = new Acl();
     $config = $this->getServiceLocator()->get('Config');
     $roles = $config['acl']['roles'];
     $allResources = array();
     foreach ($roles as $role => $resources) {
         $role = new GenericRole($role);
         $this->acl->addRole($role);
         $allResources = array_merge($resources, $allResources);
         foreach ($resources as $resource) {
             if (!$this->acl->hasResource($resource)) {
                 $this->acl->addResource(new GenericResource($resource));
             }
         }
         foreach ($allResources as $resource) {
             $this->acl->allow($role, $resource);
         }
     }
 }
Exemplo n.º 14
0
 /**
  * Tests basic Resource inheritance
  *
  * @return void
  */
 public function testResourceInherits()
 {
     $resourceCity = new Resource\GenericResource('city');
     $resourceBuilding = new Resource\GenericResource('building');
     $resourceRoom = new Resource\GenericResource('room');
     $this->_acl->addResource($resourceCity)->addResource($resourceBuilding, $resourceCity->getResourceId())->addResource($resourceRoom, $resourceBuilding);
     $this->assertTrue($this->_acl->inheritsResource($resourceBuilding, $resourceCity, true));
     $this->assertTrue($this->_acl->inheritsResource($resourceRoom, $resourceBuilding, true));
     $this->assertTrue($this->_acl->inheritsResource($resourceRoom, $resourceCity));
     $this->assertFalse($this->_acl->inheritsResource($resourceCity, $resourceBuilding));
     $this->assertFalse($this->_acl->inheritsResource($resourceBuilding, $resourceRoom));
     $this->assertFalse($this->_acl->inheritsResource($resourceCity, $resourceRoom));
     $this->_acl->removeResource($resourceBuilding);
     $this->assertFalse($this->_acl->hasResource($resourceRoom));
 }
Exemplo n.º 15
0
 /**
  * @deprecated this method will be removed in BjyAuthorize 2.0.x
  *
  * @param string[]|\Zend\Permissions\Acl\Resource\ResourceInterface[] $resources
  * @param mixed|null                                                  $parent
  */
 protected function loadResource(array $resources, $parent = null)
 {
     foreach ($resources as $key => $value) {
         if (is_string($key)) {
             $key = new GenericResource($key);
         } elseif (is_int($key)) {
             $key = new GenericResource($value);
         }
         if (is_array($value)) {
             $this->acl->addResource($key, $parent);
             $this->loadResource($value, $key);
         } elseif (!$this->acl->hasResource($key)) {
             $this->acl->addResource($key, $parent);
         }
     }
 }
Exemplo n.º 16
0
 /**
  * @deprecated this method will be removed in BjyAuthorize 2.0.x
  *
  * @param string[]|\Zend\Permissions\Acl\Resource\ResourceInterface[] $resources
  * @param mixed|null                                                  $parent
  */
 protected function loadResource($resources, $parent = null)
 {
     if (!is_array($resources) && !$resources instanceof \Traversable) {
         throw new \InvalidArgumentException('Resources argument must be traversable: ' . print_r($resources, true));
     }
     foreach ($resources as $key => $value) {
         if ($value instanceof ResourceInterface) {
             $key = $value;
         } elseif (is_string($key)) {
             $key = new GenericResource($key);
         } elseif (is_int($key)) {
             $key = new GenericResource($value);
         }
         if (is_array($value) || $value instanceof \Traversable) {
             $this->acl->addResource($key, $parent);
             $this->loadResource($value, $key);
         } elseif (!$this->acl->hasResource($key)) {
             $this->acl->addResource($key, $parent);
         }
     }
 }
Exemplo n.º 17
0
 /**
  * set Roles and Resource for ACL
  *
  * @return Acl
  */
 protected function setAcl()
 {
     $guestRole = new Role(self::DEFAULT_ROLE);
     $userRole = new Role(self::USER_ROLE);
     $adminRole = new Role(self::ADMIN_ROLE);
     $this->acl->addRole($guestRole);
     $this->acl->addRole($userRole, $guestRole);
     $this->acl->addRole($adminRole, $userRole);
     $roleResource = new RoleResourcePermissionFromArray();
     $roles = $roleResource->getListRoleResourcePermission();
     foreach ($roles as $role => $roleResource) {
         //adding resources
         foreach ($roleResource as $permission => $resources) {
             foreach ($resources as $resource) {
                 if (!$this->acl->hasResource($resource['resource'])) {
                     $this->acl->addResource(new Resource($resource['resource']));
                 }
                 if (count($resource['permission']) > 0 && $permission != 'deny') {
                     $this->acl->allow($role, $resource['resource'], $resource['permission']);
                 } else {
                     $this->acl->deny($role, $resource['resource'], $resource['permission']);
                 }
             }
         }
     }
     /*
     foreach ($roles['deny'] as $role => $resources) {
         //adding resources
         foreach ($resources as $resource) {
             if (!$this->acl->hasResource($resource['resource']))
                 $this->acl->addResource(new Resource($resource['resource']));
     
             if (count($resource['permission']) > 0)
                 $this->acl->deny($role, $resource['resource'], $resource['permission']);
         }
     }
     */
     return $this->acl;
 }
 /**
  * Builds ACL from base ACL + database table acl_allow
  * @return Zend\Permissions\Acl $acl
  */
 public function buildAcl()
 {
     // 2015-03-19 DB: ACL is now built completely from the ground up
     $acl = new Acl();
     // NOTE: roles are defined in config/autoload/roles.global.php
     foreach ($this->rolesInheritance as $key => $value) {
         if ($value) {
             $acl->addRole($key, $value);
         } else {
             $acl->addRole($key);
         }
     }
     // get list of resources
     $allowList = $this->aclAllowTable->fetchAll();
     // add resources to ACL
     foreach ($allowList as $item) {
         $resource = $item->controller;
         if (!$acl->hasResource($resource)) {
             $acl->addResource($resource);
         }
         $acl->allow($item->role, $resource, explode(',', $item->actions));
     }
     return $acl;
 }
Exemplo n.º 19
0
 /**
  * Create acl instance
  *
  * @return Acl
  */
 public function buildAcl()
 {
     // create acl
     $acl = new Acl();
     $acl->addRole('guest');
     $acl->addRole('customer', 'guest');
     $acl->addRole('staff', 'customer');
     $acl->addRole('admin', 'staff');
     // loop through role data
     foreach ($this->config as $role => $resources) {
         // loop through resource data
         foreach ($resources as $resource => $rules) {
             // check for resource
             if (!$acl->hasResource($resource)) {
                 $acl->addResource($resource);
             }
             // loop trough rules
             foreach ($rules as $rule => $privileges) {
                 // add rule with privileges
                 $acl->{$rule}($role, $resource, $privileges);
             }
         }
     }
     // pass acl
     return $acl;
 }
 public function testBuildItemWillAddResourcesToAcl()
 {
     $this->assertFalse($this->acl->hasResource('logout'));
     $this->assertTrue($this->object->buildItem());
     $this->assertTrue($this->acl->hasResource('logout'));
 }
Exemplo n.º 21
0
 public function initAcl(MvcEvent $e)
 {
     $application = $e->getApplication();
     $sm = $application->getServiceManager();
     $acl = new Acl();
     $roles = $sm->get("Application\\Model\\RolesBO");
     $recursos = $sm->get("Application\\Model\\RecursosBO");
     $rolesRecursos = $sm->get("Application\\Model\\RolesRecursosBO");
     $usuarios = $sm->get("Application\\Model\\UsuariosBO");
     // Se listan todos los recursos y se los agrega a la ACL
     foreach ($recursos->obtenerTodos() as $recurso) {
         if (!$acl->hasResource($recurso->getRecursosID())) {
             $genericResource = new GenericResource($recurso->getRecursosID());
             $acl->addResource($genericResource);
         }
     }
     // Se registra el rol en la ACL
     $sesion = new Container("CoreAppSesion");
     if (!$acl->hasRole($sesion->user_rol_id)) {
         $genericRole = new GenericRole($sesion->user_rol_id);
         $acl->addRole($genericRole);
     }
     $services = $application->getServiceManager();
     // obtenemos todos los recuersosque tiene la ACL
     foreach ($acl->getResources() as $resource) {
         // Obtenemos los recursos disponibles para el rol
         foreach ($rolesRecursos->obtenerRecursosPorRol($sesion->user_rol_id) as $recursoAsignado) {
             // Si el recurso asignado es el mismo recurso de la ACL lo permitimos
             if ($resource == $recursoAsignado->getAppRecursosID()) {
                 $acl->allow($genericRole, $acl->getResource($resource));
             }
         }
     }
     // Si el recurso no esta permitido lo denegamos
     foreach ($acl->getResources() as $resource) {
         if (!$acl->isAllowed($genericRole, $acl->getResource($resource))) {
             $acl->deny($genericRole, $acl->getResource($resource));
         }
     }
     $this->acl = $acl;
 }
Exemplo n.º 22
0
 /**
  * Check if the ACL allows accessing the function or method
  *
  * @param string|object $object Object or class being accessed
  * @param string $function Function or method being accessed
  * @return unknown_type
  * @throws Exception\RuntimeException
  */
 protected function _checkAcl($object, $function)
 {
     if (!$this->_acl) {
         return true;
     }
     if ($object) {
         $isObject = is_object($object);
         $class = $isObject ? get_class($object) : $object;
         if (!$this->_acl->hasResource($class)) {
             $this->_acl->addResource(new Acl\Resource\GenericResource($class));
         }
         if (method_exists($object, 'initAcl')) {
             // if initAcl returns false, no ACL check
             if ($isObject) {
                 if (!$object->initAcl($this->_acl)) {
                     return true;
                 }
             } elseif (!$class::initAcl($this->_acl)) {
                 return true;
             }
         }
     } else {
         $class = null;
     }
     $auth = $this->getAuthService();
     if ($auth->hasIdentity()) {
         $role = $auth->getIdentity()->role;
     } else {
         if ($this->_acl->hasRole(Constants::GUEST_ROLE)) {
             $role = Constants::GUEST_ROLE;
         } else {
             throw new Exception\RuntimeException("Unauthenticated access not allowed");
         }
     }
     if ($this->_acl->isAllowed($role, $class, $function)) {
         return true;
     } else {
         throw new Exception\RuntimeException("Access not allowed");
     }
 }