public function preDispatch(MvcEvent $event) { /** @var SessionManager $session */ $session = $event->getTarget()->getServiceLocator()->get('Zend\\Session\\SessionManager'); $oldSessionId = $this->getSessionIdFromRequest($event->getRequest()); if ($oldSessionId) { $session->setId($oldSessionId); } $container = new Container('initialized'); if ($container->offsetGet('init') === null) { $session->regenerateId(); $container->offsetSet('init', 1); } $auth = $this->getAuthPlugin(); $acl = $this->getAcl(); if ($auth->hasIdentity()) { $acl->setUserId($auth->getIdentity()); } /** @var AbstractActionController|SecureControllerInterface $controller */ $controller = $event->getTarget(); if ($controller instanceof SecureControllerInterface && !$acl->isAllowed($controller->getPrivileges())) { /** @var \Zend\Http\PhpEnvironment\Response $response */ $response = $controller->getResponse(); $response->setStatusCode(403); $response->setReasonPhrase("Permission denied"); $model = new ApiModel($response); $model->setSessionId($this->getSessionId()); $event->setViewModel($model); $event->stopPropagation(true); } }