/** * lógica para crear una aplicación con roles de usuarios */ public function getAcl() { if (!isset($this->persistent->acl)) { //creamos la instancia de acl para crear los roles $acl = new Phalcon\Acl\Adapter\Memory(); //por defecto la acción será denegar el acceso a cualquier zona $acl->setDefaultAction(Phalcon\Acl::DENY); //----------------------------ROLES----------------------------------- //registramos los roles que deseamos tener en nuestra aplicación**** $listaRoles = Rol::find(); foreach ($listaRoles as $rol) { $acl->addRole(new \Phalcon\Acl\Role($rol->rol_nombre)); //Recupero todas las paginas de cada rol $query = $this->modelsManager->createQuery("SELECT pagina.* FROM Acceso AS acceso,Pagina AS pagina,Rol AS rol WHERE rol.rol_id=" . $rol->rol_id . " and rol.rol_id=acceso.rol_id and acceso.pagina_id=pagina.pagina_id"); $listaPaginasPorRol = $query->execute(); foreach ($listaPaginasPorRol as $pagina) { $acl->addResource(new Resource($pagina->pagina_nombreControlador), $pagina->pagina_nombreAccion); $acl->allow($rol->rol_nombre, $pagina->pagina_nombreControlador, $pagina->pagina_nombreAccion); } } //El acl queda almacenado en sesión $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Public area resources $publicResources = array('index' => array('*'), 'admin' => array('login')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { //Creamos la instancia de ACL para crear los roles $acl = new Phalcon\Acl\Adapter\Memory(); //Por defecto sera negar el acceso a cualquier zona $acl->setDefaultAction(Phalcon\Acl::DENY); //Registramos los roles que deseamos tener en nuestra aplicacion $roles = array('admin' => new Phalcon\Acl\Role('Admin'), 'registered' => new Phalcon\Acl\Role('Registered'), 'guest' => new Phalcon\Acl\Role('Guest')); //Añadimos los roles al acl foreach ($roles as $role) { $acl->addRole($role); } //Zonas accesibles solo para el rol admin //$adminAreas = array('admin' => array('index', 'save') $adminAreas = array('admin' => array('tipo', 'get')); //Añadimos las zonas de administrador a los recursos de la aplicación foreach ($adminAreas as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Zonas protegidas sólo para usuarios registrados de la aplicación $registeredAreas = array('dashboard' => array('index'), 'profile' => array('index', 'edit')); //Añadimos las zonas para usuarios registrados a los recursos de la aplicación foreach ($registeredAreas as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Zonas públicas de la aplicación $publicAreas = array('index' => array('index', 'register', 'login', 'end')); //Añadimos las zonas públicas a los recursos de la aplicación foreach ($publicAreas as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Damos acceso a todos los usuarios a las zonas públicas de la aplicación foreach ($roles as $role) { foreach ($publicAreas as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } //damos acceso a la zona de admins solo a rol Admin foreach ($adminAreas as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Admin', $resource, $action); } } //damos acceso a las zonas de registro tanto a los usuarios registrados como al admin foreach ($registeredAreas as $resource => $actions) { //damos acceso a los registrados foreach ($actions as $action) { $acl->allow('Registered', $resource, $action); } //damos acceso al admin foreach ($actions as $action) { $acl->allow('Admin', $resource, $action); } } //El acl queda almacenado en sesión $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = ['admin' => new Phalcon\Acl\Role('admin'), 'dispatcher' => new Phalcon\Acl\Role('dispatcher'), 'handler' => new Phalcon\Acl\Role('handler'), 'assessor' => new Phalcon\Acl\Role('assessor')]; foreach ($roles as $role) { $acl->addRole($role); } //All resources $resources = ['admin' => ['*'], 'assessor' => ['*'], 'common' => ['*'], 'dispatcher' => ['*'], 'handler' => ['*']]; foreach ($resources as $controller => $actions) { //Resource类对应某个Controller $acl->addResource(new Phalcon\Acl\Resource($controller), $actions); } //Grant access to users $acl->allow('admin', 'admin', '*'); $acl->allow('assessor', 'assessor', '*'); $acl->allow('dispatcher', 'dispatcher', '*'); $acl->allow('handler', 'handler', '*'); foreach ($roles as $role) { $acl->allow($role->getName(), 'common', '*'); } $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function testIssues1513() { try { $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $acl->addRole(new \Phalcon\Acl\Role('11')); $acl->addResource(new \Phalcon\Acl\Resource('11'), array('index')); $this->assertTrue(TRUE); } catch (Exception $e) { $this->assertTrue(FALSE); } }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } $private = array('comments' => array('index', 'edit', 'delete', 'save'), 'posts' => array('new', 'edit', 'save', 'create', 'delete'), 'users' => array('search', 'new', 'edit', 'save', 'create', 'delete', 'logout')); foreach ($private as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } $public = array('index' => array('index'), 'posts' => array('index', 'search', 'show', 'comment', 'feed'), 'users' => array('login', 'index'), 'js' => array('jquery')); foreach ($public as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } foreach ($roles as $role) { foreach ($public as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } foreach ($private as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } $this->persistent->acl = $acl; } return $this->persistent->acl; }
public static function getInstanceAccess() { if (!static::$_INSTANCE_ACCESS) { $access = new \Phalcon\Acl\Adapter\Memory(); $access->setDefaultAction(\Phalcon\Acl::DENY); foreach (json_decode(file_get_contents(sprintf('%s/access.json', ROOT_PATH))) as $rule) { $access->addRole(new \Phalcon\Acl\Role($rule->role)); foreach ($rule->resources as $resource) { $access->addResource(new \Phalcon\Acl\Resource($resource->name), $resource->list); foreach ($resource->list as $item) { $access->allow($rule->role, $resource->name, $item); } } } static::$_INSTANCE_ACCESS = $access; } return static::$_INSTANCE_ACCESS; }
protected function _getAcl() { if (!isset($this->persistent->acl)) { $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $roles = [self::GUEST => new \Phalcon\Acl\Role(self::GUEST), self::USER => new \Phalcon\Acl\Role(self::USER), self::ADMIN => new \Phalcon\Acl\Role(self::ADMIN)]; foreach ($roles as $role) { $acl->addRole($role); } // public resources foreach ($this->_publicResources as $resource => $action) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $action); } // overons resources foreach ($this->_userResources as $resource => $action) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $action); } // admin resources foreach ($this->_adminResources as $resource => $action) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $action); } // Allow all roles to access the public Resources foreach ($roles as $role) { foreach ($this->_publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } // Allow User and Admin to access the overons Resources foreach ($this->_userResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow(self::USER, $resource, $action); $acl->allow(self::ADMIN, $resource, $action); } } // allow Admin to access the admin Resources foreach ($this->_adminResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow(self::ADMIN, $resource, $action); } } $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); /// $roles = array('customer' => new Phalcon\Acl\Role('customer'), 'guests' => new Phalcon\Acl\Role('Guests'), 'admin' => new Phalcon\Acl\Role('admin')); foreach ($roles as $role) { $acl->addRole($role); } //// $privateResources = array('operate' => array('index', 'addnews', 'add')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //// $userResources = array('personal' => array('index', 'detail', 'loan')); foreach ($userResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } ///// $publicResources = array('index' => array('index', 'verifycode', 'getdata'), 'news' => array('index'), 'about' => array('index', 'contact', 'culture'), 'service' => array('index', 'method', 'mode'), 'situation' => array('index'), 'college' => array('index', 'case', 'test'), 'account' => array('verify', 'register'), 'session' => array('index', 'start', 'end')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } // foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } foreach ($userResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('customer', $resource, $action); } } foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('admin', $resource, $action); } } // $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { //if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $rol = Role::find(array("cache" => array("key" => "role"))); foreach ($rol as $ros) { $roles[strtolower($ros->name)] = new Phalcon\Acl\Role($ros->name); } foreach ($roles as $role) { $acl->addRole($role); } foreach (Action::find(array("cache" => array("key" => "action"))) as $actions) { $acl->addResource(new Phalcon\Acl\Resource($actions->controller->name), $actions->name); } //Grant access to public areas to both users and guests foreach ($rol as $role) { foreach ($role->action as $action) { $roledann[$role->name][$action->controller->name][] = $action->name; } } // print_r($roledann); foreach ($roledann as $keys => $dann) { foreach ($dann as $key => $dan) { $acl->allow($keys, $key, $dan); } } //The acl is stored in session, APC would be useful here too //$this->persistent->acl = $acl; // } //return $this->persistent->acl; return $acl; }
/** * @param Event $event * @param Dispatcher $dispatcher * @return boolean */ public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //var_dump($acl->getRoles());exit; $controllerName = $dispatcher->getControllerName(); $actionName = $dispatcher->getActionName(); $url = "{$controllerName}/{$actionName}"; $session = $this->session; if ($this->canAccess($session, $controllerName, $actionName)) { file_put_contents('a2.txt', $url, FILE_APPEND); return true; } else { $url = "{$controllerName}/{$actionName}"; file_put_contents('a1.txt', $url, FILE_APPEND); $dispatcher->forward(array('controller' => 'mainBoard', 'action' => 'lock')); return false; } }
protected function _getAcl() { if (!$this->acl) { $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); $acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PUBLIC)); $acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PRIVATE)); // Allow All Roles to access the Public resources foreach ($this->publicEndpoints as $endpoint) { $acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint); $acl->allow(self::ROLE_PUBLIC, self::RESOURCE_API, $endpoint); $acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint); } foreach ($this->privateEndpoints as $endpoint) { $acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint); $acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint); } $this->acl = $acl; } return $this->acl; }
private function _getAcl() { $this->persistent->destroy(); if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array(Core_UserCenter_Enum::ADMIN => new Phalcon\Acl\Role(Core_UserCenter_Enum::ADMIN), Core_UserCenter_Enum::USERS => new Phalcon\Acl\Role(Core_UserCenter_Enum::USERS), Core_UserCenter_Enum::GUESTS => new Phalcon\Acl\Role(Core_UserCenter_Enum::GUESTS)); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('xadmin' => array('index'), 'stock' => array('manage'), 'auth' => array('logout'), 'pupil' => array('add'), 'config' => array('edit')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('auth' => array('login', 'switch'), 'index' => array('index')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('*', $resource, $action); } } //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow(Core_UserCenter_Enum::USERS, $resource, $action); $acl->allow(Core_UserCenter_Enum::ADMIN, $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('Common' => new Phalcon\Acl\Role('Common'), 'Person' => new Phalcon\Acl\Role('Person'), 'Company' => new Phalcon\Acl\Role('Company'), 'Guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')); //Grant resources to role users $privateACL = array('Common' => array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest')), 'Person' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')), 'Company' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail'))); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('user' => array('index', 'register', 'login', 'loginSubmit', 'registerSubmit', 'loginout', 'applyInvest', 'applyPerson', 'applyPersonSubmit', 'applyCompany', 'applyCompanySubmit', 'applyTest', 'imgVerity', 'img_verity'), 'index' => array('index'), 'file' => array('upload'), 'invest' => array('index', 'pjCenter'), 'raise_funds' => array('index'), 'raise_product' => array('index', 'pdShow'), 'user_raise_basic' => array('ajaxGetType')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, $actions); } } //Grant acess to private area to role Users foreach ($privateACL as $roleUser => $privateResources) { foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($roleUser, $resource, $action); } } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
/** * Creates ACL (Access Control List) if not already created */ public function getACL($isRefresh) { if ($isRefresh || !isset($this->persistent->acl)) { //not yet created, make it $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //register roles $roles = array('guests' => new Phalcon\Acl\Role('Guests'), 'users' => new Phalcon\Acl\Role('Users')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources (the controller then actions) $privateResources = array('profile' => array('index', 'other'), 'session' => array('logout'), 'creategoal' => array('index'), 'goal' => array('create', 'browse', 'view', 'edit')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'session' => array('login', 'register', 'logout', 'sendconf', 'completeReg'), 'admin' => array('index', 'updateAcl'), 'test' => array('index')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } //Grant access to private area only to those logged in foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //store new ACL $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { /* * Buscar ACL en cache */ // $acl = $this->cache->get('acl-cache'); // if (!$acl) { // No existe, crear objeto ACL $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); // $acl = $this->acl; $userroles = Role::find(); $modelManager = Phalcon\DI::getDefault()->get('modelsManager'); $sql = "SELECT Resource.name AS resource, Action.name AS action \n FROM Action\n JOIN Resource ON (Action.idResource = Resource.idResource)"; $results = $modelManager->executeQuery($sql); $userandroles = $modelManager->executeQuery('SELECT Role.name AS rolename, Resource.name AS resname, Action.name AS actname FROM Allowed JOIN Role ON (Role.idRole = Allowed.idRole) JOIN Action ON (Action.idAction = Allowed.idAction) JOIN Resource ON (Action.idResource = Resource.idResource)'); //Registrando roles foreach ($userroles as $role) { $acl->addRole(new Phalcon\Acl\Role($role->name)); } //Registrando recursos $resources = array(); foreach ($results as $key) { if (!isset($resources[$key['resource']])) { $resources[$key['resource']] = array($key['action']); } $resources[$key['resource']][] = $key['action']; } foreach ($resources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Relacionando roles y recursos desde la base de datos foreach ($userandroles as $role) { $acl->allow($role->rolename, $role->resname, $role->actname); } // $this->cache->save('acl-cache', $acl); // } // Retornar ACL $this->_dependencyInjector->set('acl', $acl); return $acl; }
private function initAcl() { if (empty($this->acl)) { // Создаем ACL $acl = new \Phalcon\Acl\Adapter\Memory(); // Действием по умолчанию будет запрет $acl->setDefaultAction(\Phalcon\Acl::DENY); // Регистрируем две роли. Users - это зарегистрированные пользователи, // а Guests - неидентифициорованные посетители. $roles = array('users' => new \Phalcon\Acl\Role('users'), 'guests' => new \Phalcon\Acl\Role('guests')); foreach ($roles as $role) { $acl->addRole($role); } // Приватные ресурсы (бакенд) $privateResources = ['user' => ['index', 'profile'], 'clan' => ['index']]; // Публичные ресурсы (фронтенд) $publicResources = array('index' => ['index'], 'session' => ['index', 'start', 'end'], 'user' => ['register']); foreach ($privateResources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } foreach ($publicResources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } // Предоставляем пользователям и гостям доступ к публичным ресурсам foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, $actions); } } // Доступ к приватным ресурсам предоставляем только пользователям foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('users', $resource, $action); } } $this->acl = $acl; } }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('dashboard' => array('index'), 'agenda' => array('index')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index', 'login', 'logout')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { if (!$this->_acl) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources $privateResources = array('news' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'post' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'inter' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'comment' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'insertion' => array('index', 'profile')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'), 'article' => array('index', 'show')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, '*'); } } //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } $this->_acl = $acl; } return $this->_acl; }
public function getACL() { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('users' => new Phalcon\Acl\Role("Administrators", "Super-User role"), 'guests' => new Phalcon\Acl\Role("Guests")); foreach ($roles as $role) { $acl->addRole($role); } //Private area resources // Define the "NiuUsrInfo" resource //$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo"); $privateResources = array('NiuUsrInfo' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile')); // Add "NiuUsrInfo" resource with a couple of operations // $acl->addResource($customersResource, array("search", "update", "create")); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Public area resources $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } // Set access level for roles into resources $acl->allow("Guests", "NiuUsrInfo", "search"); $acl->deny("Guests", "NiuUsrInfo", "create"); //Grant acess to private area to role Users foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('Users', $resource, $action); } } }
private function _getAcl() { //используется только при дебаге, чтобы всегда ACL был новый $this->persistent->destroy(); if (!isset($this->persistent->acl)) { $userEnum = Core_UserCenter_Enum::getInstance(); $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Регистрация роллей из Core_UserCenter_Enum foreach ($userEnum->getAll() as $name => $value) { $acl->addRole($name); } //Public area resources $publicResources = ['test' => ['index'], 'auth' => ['login']]; $privateResources = ['test' => ['bla', 'getlist'], 'index' => ['index'], 'auth' => ['logout']]; foreach (array_merge_recursive($privateResources, $publicResources) as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow('*', $resource, $action); } } foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($userEnum->getName($userEnum::ADMIN), $resource, $action); } } //Разрешаем для группы ADMIN ВЕЗДЕ доступ $acl->allow($userEnum->getName($userEnum::ADMIN), '*', '*'); //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function getAcl() { // Create the ACL $acl = new Phalcon\Acl\Adapter\Memory(); // The default action is DENY access $acl->setDefaultAction(Phalcon\Acl::DENY); // Register roles $roles = array('admin' => new Phalcon\Acl\Role('admin'), 'user' => new Phalcon\Acl\Role('user')); // Adding Roles to the ACL foreach ($roles as $role) { $acl->addRole($role); } // Adding Resources (controllers/actions) // resources allowed for all groups $publicResources = array('index' => array('index', 'notFound', 'forbidden', 'internalServerError'), 'user' => array('myProfile', 'changePassword'), 'country' => array('index', 'add', 'edit', 'delete'), 'area' => array('index', 'add', 'wfs')); $privateResources = array('user' => array('index', 'add', 'edit', 'delete', 'resetPassword')); foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } // Defining Access Controls // Grant access to public areas to all roles foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($role->getName(), $resource, $action); } } } // Grant access to private area only to certain roles foreach ($privateResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow($roles['admin']->getName(), $resource, $action); } } return $acl; }
public function getAcl() { if (!isset($this->persistent->acl)) { /* update values here */ $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Acl::DENY); $roles = array("GUEST" => new Acl\Role("GUEST"), "USER" => new Acl\Role("USER"), "COORDINATOR" => new Acl\Role("COORDINATOR"), "ADMIN" => new Acl\Role("ADMIN")); foreach ($roles as $key => $role) { switch ($key) { case "GUEST": $acl->addRole($role); break; case "USER": $acl->addRole($role, $roles['GUEST']); break; case "COORDINATOR": $acl->addRole($role, $roles['USER']); break; case "ADMIN": $acl->addRole($role, $roles['COORDINATOR']); break; } } //Resources of admin (cms) $adminResources = array("config" => array('index', "saveorder"), "tags" => array("delete"), "user" => array("deleteuser", "newuser", "index", "saveuser", "edit", "inactive"), "sections" => array("index", "home", "feedpost", "updatesection", "orderpostsections"), "category" => array("index", "new", "edit", "delete", "validatecategory")); foreach ($adminResources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } $coordinatorResources = array("index" => array("index"), "course" => array("index", "new", "delete", "validateurl", "uploadimage", "save", "edit", "inactive", "update"), "instructor" => array("index", "new", "delete", "uploadfile", "save", "edit", "inactive", "update", "view")); foreach ($coordinatorResources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } $userResources = array("index" => array("index"), "user" => array('index', "profile", "updateuser", "updatepassword", "updateuserimage", "uploadimage", "socialmedia", "validateemail", "validateusername", "editnote")); foreach ($userResources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } $publicResources = array("login" => array('index', "logout", "session")); foreach ($publicResources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } foreach ($publicResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow("GUEST", $resource, $action); } } foreach ($userResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow("USER", $resource, $action); $acl->allow("COORDINATOR", $resource, $action); $acl->allow("ADMIN", $resource, $action); $acl->deny("USER", "login", "index"); } } foreach ($coordinatorResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow("COORDINATOR", $resource, $action); $acl->allow("ADMIN", $resource, $action); $acl->deny("COORDINATOR", "login", "index"); } } //Grant acess to adminResources area to role ADMIN foreach ($adminResources as $resource => $actions) { foreach ($actions as $action) { $acl->allow("ADMIN", $resource, $action); } } //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
$di->setShared('sfunc', function () { return new FunctionPlugin(); }); $di->setShared('totp', function () { $totp = new Rych\OTP\TOTP(Rych\OTP\Seed::generate(32)); return $totp; }); $di['oauth'] = function () { $oauth = new Cucu\Phalcon\Oauth2\Plugin\OauthPlugin(); $oauth->initAuthorizationServer(); $oauth->initResourceServer(); $oauth->enableAllGrants(); return $oauth; }; $di['acl'] = function () { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); // Create some roles //$roleAdmins = new Phalcon\Acl\Role("Administrators", "Super-User role"); $roleGuests = new Phalcon\Acl\Role("Guests"); // Add "Guests" role to ACL $acl->addRole($roleGuests); // Define the "NiuUsrInfo" resource $customersResource = new Phalcon\Acl\Resource("NiuUsrInfo"); // Add "NiuUsrInfo" resource with a couple of operations $acl->addResource($customersResource, array("search", "update", "create")); // Set access level for roles into resources $acl->allow("Guests", "NiuUsrInfo", "search"); $acl->deny("Guests", "NiuUsrInfo", "create"); $acl->allow("Guests", "NiuUsrInfo", "update"); return $acl;
<?php //Create an event manager $eventsManager = new Phalcon\Events\Manager(); //Attach a listener for type "acl" $eventsManager->attach("acl", function ($event, $acl) { if ($event->getType() == 'beforeCheckAccess') { echo $acl->getActiveRole(), $acl->getActiveResource(), $acl->getActiveAccess(); } }); $acl = new \Phalcon\Acl\Adapter\Memory(); //Setup the $acl //... //Bind the eventsManager to the acl component $acl->setEventsManager($eventManagers);
<?php //Create the ACL $acl = new Phalcon\Acl\Adapter\Memory(); //The default action is DENY access $acl->setDefaultAction(Phalcon\Acl::DENY); //Register two roles, Users is registered users //and guests are users without a defined identity $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests')); foreach ($roles as $role) { $acl->addRole($role); }
}); $path = new \stdClass(); $path->path = $config->general->path; $path->tmpfolder = $config->general->tmp; $di->set('path', $path); $di->set('hash', function () { $hash = new \Phalcon\Security(); //Set the password hashing factor to 12 rounds $hash->setWorkFactor(12); return $hash; }, true); $di->set('cache', function () use($config) { $frontCache = new \Phalcon\Cache\Frontend\Data(array("lifetime" => 172800)); if (class_exists('Memcache')) { $cache = new \Phalcon\Cache\Backend\Memcache($frontCache, array("host" => "localhost", "port" => "11211")); } else { $cache = new \Phalcon\Cache\Backend\File($frontCache, array("cacheDir" => $config->cache->acldir)); } return $cache; }); $di->set('acl', function () { $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); return $acl; }); //Handle the request $application = new \Phalcon\Mvc\Application($di); echo $application->handle()->getContent(); } catch (\Phalcon\Exception $e) { echo "PhalconException: ", $e->getMessage(); }
public function getAcl() { if (!isset($this->persistent->acl)) { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); //Register roles $roles = array('admin' => new Phalcon\Acl\Role("M"), 'leader' => new Phalcon\Acl\Role("L"), 'pm' => new Phalcon\Acl\Role('P'), 'examinee' => new Phalcon\Acl\Role("E"), 'interviewer' => new Phalcon\Acl\Role("I"), 'guests' => new Phalcon\Acl\Role('G')); foreach ($roles as $role) { $acl->addRole($role); } //manager area resources $privateResources = array('admin' => array('index'), 'examinee' => array('index'), 'interviewer' => array('index'), 'leader' => array('index'), 'pm' => array('index'), 'test' => array('index')); //Public area resources $publicResources = array('managerlogin' => array('index', 'login', 'logout'), 'examinee' => array('login'), 'index' => array('index'), 'test' => array('index')); foreach ($privateResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } foreach ($publicResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); } //Grant access to public areas to both users and guests foreach ($roles as $role) { foreach ($publicResources as $resource => $actions) { $acl->allow($role->getName(), $resource, $actions); } } $acl->allow('M', 'admin', '*'); $acl->allow('E', 'examinee', '*'); $acl->allow('P', 'pm', '*'); $acl->allow('L', 'leader', '*'); $acl->allow('I', 'interviewer', '*'); //The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; }
public function testOptionsWithAcl() { $I = $this->tester; $_SERVER['REQUEST_METHOD'] = 'OPTIONS'; $resource = new \Phalcon\Acl\Resource('/foo'); $role = new \Phalcon\Acl\Role('foo'); $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $acl->addResource($resource, []); $acl->addRole($role); $acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']); $acl->allow($role->getName(), $resource->getName(), 'GET'); $acl->allow($role->getName(), $resource->getName(), 'POST'); $acl->isAllowed($role->getName(), $resource->getName(), 'GET'); $app = Rest\App::instance(); $app->setService('acl', $acl, true); $controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']); $controller->setDI($app->getDI()); $resp = $controller->handle(); $actual = $resp->getHeaders()->get('Allow'); $I->assertEquals('GET', $actual); }