/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return unknown_type */ protected function _checkAcl($object, $function) { if (!$this->_acl) { return true; } if ($object) { $isObject = is_object($object); $class = $isObject ? get_class($object) : $object; if (!$this->_acl->hasResource($class)) { $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class)); } if (method_exists($object, 'initAcl')) { // if initAcl returns false, no ACL check if ($isObject && $object->initAcl($this->_acl)) { return true; } elseif ($class::initAcl($this->_acl)) { return true; } } } else { $class = null; } $auth = $this->getAuthService(); if ($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if ($this->_acl->hasRole(Constants::GUEST_ROLE)) { $role = Constants::GUEST_ROLE; } else { throw new Exception\RuntimeException("Unauthenticated access not allowed"); } } if ($this->_acl->isAllowed($role, $class, $function)) { return true; } else { throw new Exception\RuntimeException("Access not allowed"); } }
/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return unknown_type */ protected function _checkAcl($object, $function) { if (!$this->_acl) { return true; } if ($object) { $class = is_object($object) ? get_class($object) : $object; if (!$this->_acl->hasResource($class)) { $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class)); } $call = array($object, "initAcl"); if (is_callable($call) && !call_user_func($call, $this->_acl)) { // if initAcl returns false, no ACL check return true; } } else { $class = null; } $auth = $this->getAuthService(); if ($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if ($this->_acl->hasRole(Constants::GUEST_ROLE)) { $role = Constants::GUEST_ROLE; } else { throw new Exception("Unauthenticated access not allowed"); } } if ($this->_acl->isAllowed($role, $class, $function)) { return true; } else { throw new Exception("Access not allowed"); } }