/** * Hook into action controller preDispatch() workflow * * @return void */ public function preDispatch() { $role = Zend_Registry::get('config')->acl->defaultRole; if ($this->_auth->hasIdentity()) { $user = $this->_auth->getIdentity(); if (is_object($user) && !empty($user->role)) { $role = $user->role; } } $request = $this->_action->getRequest(); $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); $this->_controllerName = $controller; $resource = $controller; $privilege = $action; if (!$this->_acl->has($resource)) { $resource = null; } if ($resource == 'error' && $privilege == 'error') { return; } if (!$this->_acl->isAllowed($role, $resource, $privilege)) { $request->setModuleName('default')->setControllerName('auth')->setActionName('noaccess'); $request->setDispatched(false); return; } }
protected function _isAuthorized($resource, $action) { $user = $this->_auth->hasIdentity() ? $this->_auth->getIdentity() : 'guest'; if (!$this->_acl->has($resource) || !$this->_acl->isAllowed($user, $resource, $action)) { return false; } return true; }
/** Get the person's identity * @access public * @return boolean */ public function getPerson() { if ($this->_auth->hasIdentity()) { return $this->_auth->getIdentity(); } else { return false; } }
protected function _isAuthorized($controller, $action) { $this->_acl = Zend_Registry::get('acl'); $user = $this->_auth->getIdentity(); if (!$this->_acl->has($controller) || !$this->_acl->isAllowed($user, $controller, $action)) { return false; } return true; }
/** Get the user's role * @access public * @return string */ public function getRole() { if ($this->_auth->hasIdentity()) { $user = $this->_auth->getIdentity(); $role = $user->role; } else { $role = 'public'; } return $role; }
/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { if ($this->_auth->hasIdentity()) { $html = '<h4>Current Identity</h4>'; $html .= $this->_cleanData($this->_auth->getIdentity()); return $html; } return ''; }
/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { $username = '******'; $role = 'Unknown Role'; if ($this->_auth->hasIdentity()) { foreach ($this->_auth->getIdentity() as $property => $value) { $this->message->addRow(array((string) $property, (string) $value)); } } else { // $this->message->setMessage('Not authorized'); } return ''; }
/** *(non-PHPdoc) * * @see Zend_Controller_Plugin_Abstract::preDispatch() */ public function preDispatch(Zend_Controller_Request_Abstract $request) { /** * Recupera a identidade do usuario logado * * @var Array */ $role = $this->auth->getIdentity(); /** * Recursos que se deseja acesso * * @var String */ $resource = $this->getRequest()->getModuleName(); /** * Ação permitida dentro de um resource * * @var String */ $action = $this->getRequest()->getModuleName() != 'admin' && $this->getRequest()->getModuleName() != 'sac' ? null : $this->getRequest()->getControllerName(); // Verificação condicional para os controllers e actions de upload if (!($request->getActionName() == 'upload' || $request->getControllerName() == 'upload')) { // Verifica se ha lixo na autenticacao if (!is_array($role)) { // Parametros $params = array(); // Destroi qualquer instancia de autenticacao $this->auth->clearIdentity(); // Altera a rota de destino $request->setModuleName('admin')->setControllerName('login')->setActionName('index'); return; } // Verifica se o recurso existe e se o usuario logado tem acesso if (!$this->acl->has($resource) || !$this->acl->isAllowed($role['usuario'], $resource, $action)) { // Parametros $params = array(); // Redireciona para o controller de login if ($role['usuario'] != 'visitante') { $params['erro'] = 'Você não possui permissão de acesso a este recurso.'; $request->setModuleName('admin')->setControllerName('index')->setActionName('index')->setParams($params); } else { if ($this->getRequest()->getModuleName() == "sac") { $request->setModuleName('sac')->setControllerName('login')->setActionName('index')->setParams($params); } else { $request->setModuleName('admin')->setControllerName('login')->setActionName('index')->setParams($params); } } return; } } }
/** * Called before an action is dispatched by Zend_Controller_Dispatcher. * * This callback allows for proxy or filter behavior. By altering the * request and resetting its dispatched flag (via * {@link Zend_Controller_Request_Abstract::setDispatched() setDispatched(false)}), * the current action may be skipped. * * @param Zend_Controller_Request_Abstract $request * @return void */ public function preDispatch(Zend_Controller_Request_Abstract $request) { // reset role & resource Zend_Registry::set('Role', 'guest'); Zend_Registry::set('Resource', ''); // check if ErrorHandler wasn't fired if ($request->getParam('error_handler')) { return; } $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $pathInfo = $request->getPathInfo(); $allow = false; if ($this->_auth->hasIdentity()) { $userId = $this->_auth->getIdentity(); $roleId = $this->_auth->getRoleId(); $rolesList = $this->_em->find('Roles', $roleId); $roleName = $rolesList->getRoleName(); $role = new Zend_Acl_Role($roleName); } else { $roleName = 'guest'; $role = new Zend_Acl_Role($roleName); } $resource = $action == '' ? trim($controller) . '/index' : trim($controller) . '/' . trim($action); $resource = $module == 'default' ? $resource : $module . "/" . $resource; // on main page resource might be empty if ($resource == '') { $resource = 'index/index'; } // if resource not exist in db then check permission for controller if (!$this->_acl->has($resource) && $action != '') { $resource = trim($controller); } // check if user is allowed to see the page $allow = $this->_acl->isAllowed($role, $resource); if ($allow == false && $this->_auth->hasIdentity()) { // user logged in but denied permission $request->setModuleName('default'); $request->setControllerName('error'); $request->setActionName('forbidden'); /* $this->_response->setHeader('Content-type', 'text/html'); $this->_response->setHttpResponseCode(403); $this->_response->setBody('<h1>403 - Forbidden</h1>'); $this->_response->sendResponse(); */ } Zend_Registry::set('Role', $role); Zend_Registry::set('Resource', $resource); }
/** * Get authenticated users info * * @param object $inf (optional) * @return logged users info */ public function authInfo($info = null) { if ($this->_zendAuth === null) { $this->_zendAuth = Zend_Auth::getInstance(); } if ($info === null) { return $this; } if (false === $this->isLoggedIn()) { return null; } $arrayObj = new ArrayObject($this->_zendAuth->getIdentity()); $iterator = $arrayObj->getIterator(); return $iterator[$info]; }
public function preDispatch(Zend_Controller_Request_Abstract $request) { if ($request->getParam('sid') !== null && $request->getParam('PHPSESSID') === null) { $request->setParam('PHPSESSID', $request->getParam('sid')); } if ($request->getParam('PHPSESSID') === null) { $module = strtolower($request->getModuleName()); $controller = strtolower($request->getControllerName()); $action = strtolower($request->getActionName()); $route = $module . '/' . $controller . '/' . $action; if (!in_array($route, $this->_whitelist)) { if (is_null($this->_auth)) { $auth = Zend_Auth::getInstance(); $auth->setStorage(new Zend_Auth_Storage_Session($this->getStorage())); $this->_auth = $auth; } if (!$this->_auth->hasIdentity()) { $errorHandler = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS); $errorHandler->type = 'EXCEPTION_NOT_ALLOWED'; $errorHandler->exception = new Zend_Controller_Action_Exception('No credentials available'); $errorHandler->request = clone $request; $request->setParam('error_handler', $errorHandler)->setModuleName($this->getErrorHandlerModule())->setControllerName($this->getErrorHandlerController())->setActionName($this->getErrorHandlerAction()); } else { $this->_auth->getIdentity()->connect(); $this->_auth->getIdentity()->refresh(); } } } }
/** * Hook into action controller preDispatch() workflow * * @return void */ public function preDispatch() { $role = 'guest'; // die($role); if ($this->_auth->hasIdentity()) { $user = $this->_auth->getIdentity(); if (is_object($user)) { $role = $this->_auth->getIdentity()->role; } } $request = $this->_action->getRequest(); $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); // $this->view->getLayout()->setLayout($module); $this->_controllerName = $controller; $resource = $controller; $privilege = $action; if (!$this->_acl->has($resource)) { $resource = null; } if (!$this->_acl->isAllowed($role, $resource, $privilege)) { if (!$this->_auth->hasIdentity()) { $noPermsAction = $this->_acl->getNoAuthAction(); } else { $noPermsAction = $this->_acl->getNoAclAction(); } $request->setModuleName($noPermsAction['module']); $request->setControllerName($noPermsAction['controller']); $request->setActionName($noPermsAction['action']); $request->setDispatched(false); } }
/** * Hook into action controller preDispatch() workflow * * @return void */ public function preDispatch() { $role = 'public'; if ($this->_auth->hasIdentity()) { $user = $this->_auth->getIdentity(); if (is_object($user)) { $role = $this->_auth->getIdentity()->role; } } $request = $this->_action->getRequest(); $controller = $request->getControllerName(); $action = $request->getActionName(); $module = $request->getModuleName(); $this->_controllerName = $controller; $resource = $controller; $privilege = $action; if (!$this->_acl->has($resource)) { $resource = null; } if (!$this->_acl->isAllowed($role, $resource, $privilege)) { $request->setModuleName('default'); $request->setControllerName('error'); $request->setActionName('error'); $request->setDispatched(false); } /** if (!$this->_acl->isAllowed($role, $resource, $privilege)){ throw new Pas_Exception_NotAuthorised('Not authorised'); } ***/ }
/** * Delete user * * @param Newscoop\Entity\User $user * * @return void */ public function delete(User $user) { if ($this->auth->getIdentity() == $user->getId()) { throw new \InvalidArgumentException("You can't delete yourself"); } $this->getRepository()->delete($user); }
/** * Allows the ACL tighter integration with the identity * * @return string */ public function getIdentity() { if (null == $this->_identity && $this->_auth->hasIdentity()) { $this->_identity = $this->_auth->getIdentity(); } return $this->_identity; }
public function getCopyrights() { $copyrights = new Copyrights(); $copy = $copyrights->getTypes(); $auth = Zend_Auth::getInstance(); $this->_auth = $auth; if ($this->_auth->hasIdentity()) { $user = $this->_auth->getIdentity(); if (is_null($user->fullname)) { $userCopyright = $user->forename . ' ' . $user->surname; } else { $userCopyright = $user->fullname; } } $personal = array($userCopyright => $userCopyright); return array_merge($copy, $personal); }
/** * 判断是否登陆 * * @param Zend_Controller_Request_Abstract $request * @return void */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { if ($this->_auth->hasIdentity()) { if (false !== ($user = $this->_checkIdentity($this->_auth->getIdentity()->user_name))) { Zend_Registry::set('user', $user); } else { if (!$this->_isAllowedAnonymous($request)) { $request->setModuleName('default')->setControllerName('index')->setActionName('forbidden'); } $this->_auth->clearIdentity(); } } else { if (!$this->_isAllowedAnonymous($request)) { // 如果当前请求的Url地址不允许匿名访问,则跳转到登陆页面。 $request->setModuleName('default')->setControllerName('login')->setActionName('index'); } } }
/** * Fetches the current user from the auth object. * * @return array Returns a user spec array on success. * @throws Erfurt_Ac_Exception Throws an exception if no valid user is given. */ private function _getUser() { if ($this->_auth->hasIdentity()) { // Identity exists; get it return $this->_auth->getIdentity(); } else { require_once 'Erfurt/Ac/Exception.php'; throw new Erfurt_Ac_Exception('No valid user was given.'); } }
/** * Gets content panel for the Debug Bar * * @return string */ public function getPanel() { if (!$this->auth->hasIdentity()) { $html = '<h4>No identity</h4>'; } else { $html = '<h4>Identity</h4>'; $html .= $this->cleanData($this->auth->getIdentity()); } return $html; }
/** Creation of the login page * @access public * @return void */ public function indexAction() { if (null === $this->_auth->getIdentity()) { $form = new LoginForm(); $this->view->form = $form; if ($this->_request->isPost() && $form->isValid($this->_request->getPost())) { $authAdapter = $form->username->getValidator('Authorise')->getAuthAdapter(); $data = $authAdapter->getResultRowObject(NULL, 'password'); $this->_auth->getStorage()->write($data); $this->redirect($this->_helper->loginRedirect()); } else { $this->_auth->clearIdentity(); // $this->getFlash()->addMessage('Sorry, there was a // problem with your submission. Please check and try again'); $form->populate($this->_request->getPost()); } } else { $this->redirect(self::REDIRECT); } }
/** * function preDispatch() * * @todo Control request access * @param Zend_Controller_Request_Abstract $request * @return null */ public function preDispatch(Zend_Controller_Request_Abstract $request) { // get info of request $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); // get role of current user if ($this->_auth->hasIdentity()) { // logined $identity = $this->_auth->getIdentity(); switch ($identity->Role) { case 0: // Super Admin $role = "SuperAdmin"; break; case 1: // Admin $role = "Admin"; break; case 2: // IT $role = "IT"; break; case 3: default: // User $role = "User"; break; } if ($this->_acl->isAllowed($role, $module . ':' . $controller, $action) == FALSE) { // Not allowed access $request->setModuleName('front')->setControllerName('auth')->setActionName('nopermission'); // } else { // Allowed access } } else { // not login $role = NULL; $request->setModuleName('front')->setControllerName('auth')->setActionName('login'); } }
/** Reset a password * @access public * @return void */ public function resetpasswordAction() { if (!is_null($this->_auth->getIdentity())) { $this->redirect('users/account/'); } $form = new ResetPasswordKeyForm(); $this->view->form = $form; if ($this->getRequest()->isPost() && $form->isValid($this->_request->getPost())) { $this->_users->resetPassword($form->getValues()); $this->getFlash()->addMessage('Your password has been reset.'); $this->redirect('users/account/success/'); } else { $form->populate($form->getValues()); $this->getFlash()->addMessage('Please review and correct problems'); } }
/** * Retrieve user object with session data. * * @return Auth_Model_DbTable_User */ public function getIdentity() { if ($this->hasIdentity() === true) { if (null === $this->_identity) { if (is_array(parent::getIdentity())) { $this->getStorage()->write((object) parent::getIdentity()); } $this->_identity = Centurion_Db::getSingleton('auth/user')->findOneById(parent::getIdentity()->id); } } else { if (null === $this->_identity) { $this->_identity = Centurion_Db::getSingleton('auth/user')->findOneByUsername('anonymous'); } } return $this->_identity; }
/** * Gets menu tab for the Debugbar * * @return string */ public function getTab() { $username = '******'; $role = 'Unknown Role'; if (!$this->_auth->hasIdentity()) { return 'Not authorized'; } $identity = $this->_auth->getIdentity(); if (is_object($identity)) { $username = $this->_auth->getIdentity()->{$this->_user}; $role = $this->_auth->getIdentity()->{$this->_role}; } else { $username = $this->_auth->getIdentity(); $role = ''; } return "{$username}"; }
/** * init acl * @return void */ protected function _initAcl() { $ch = FansubCMS_Cache_Helper::getInstance(); # add a navigation cache if (!$ch->hasCacheTemplate('Acl_Settings')) { $frontend = array('name' => 'Core', 'options' => array('lifetime' => 300, 'automatic_serialization' => true)); # add a new cache template for this module $ch->setCacheTemplate('Acl_Settings', $frontend); } $cache = $ch->getCache('Acl_Settings'); $config = $cache->load('Acl'); if (!$config) { $config = array(); $modules = glob(APPLICATION_PATH . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR . '*' . DIRECTORY_SEPARATOR . 'configs' . DIRECTORY_SEPARATOR . 'module.ini'); foreach ($modules as $module) { $cleanName = str_replace(APPLICATION_PATH . DIRECTORY_SEPARATOR . 'modules' . DIRECTORY_SEPARATOR, '', $module); $cleanName = str_replace(DIRECTORY_SEPARATOR . 'configs' . DIRECTORY_SEPARATOR . 'module.ini', '', $cleanName); try { $ini = new Zend_Config_Ini($module, 'acl'); $config[$cleanName] = $ini->toArray(); } catch (Zend_Config_Exception $e) { // there is just no config or no acl block } } $cache->save($config); } $acl = new FansubCMS_Acl(); foreach ($config as $options) { $acl->setOptions($options); } if ($this->_auth->hasIdentity()) { $ident = $this->_auth->getIdentity(); $role = new Zend_Acl_Role('fansubcms_user_custom_role_logged_in_user'); $inherit = $ident->getRoles(); $inherit[] = 'fansubcms_custom_role_default'; // every user is in this role foreach ($inherit as $key => $value) { if (!$acl->hasRole($value)) { unset($inherit[$key]); } } $acl->addRole($role, $inherit); } Zend_Registry::set('Zend_Acl', $acl); $this->_acl = $acl; }
/** * Gets menu tab for the Debugbar * * @return string */ public function getTab() { $username = '******'; $role = 'Unknown Role'; if (!$this->_auth->hasIdentity()) { return 'Not authorized'; } $identity = $this->_auth->getIdentity(); if (is_object($identity)) { $username = $this->_auth->getIdentity()->{$this->_user}; $role = $this->_auth->getIdentity()->{$this->_role}; } else { $username = $this->_auth->getIdentity(); $role = ''; } if (!empty($this->_callback) && is_callable($this->_callback)) { $username = call_user_func($this->_callback, $username); } return $username . ' (' . $role . ')'; }
/** * Called before teh disptach loop gets processed. * * This callback allows for proxy or filter behavior. By altering the * request and resetting its dispatched flag (via * {@link Zend_Controller_Request_Abstract::setDispatched() setDispatched(false)}), * the current action may be skipped. * * The method checks for an authenticated user. It does also compare the * authToken property of teh user with the auth_token field in the db - if the * authToken is set in the db and does not equal to the authToken in the session, * then it is assumed that another user has signed in with the same credentials, and * the user's current session will be invalidated. * * @param Zend_Controller_Request_Abstract $request * @return void */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { // check here if the user's authentity is already set if (!$this->auth->hasIdentity()) { /** * @see Conjoon_Keys */ require_once 'Conjoon/Keys.php'; if (isset($_COOKIE[Conjoon_Keys::COOKIE_REMEMBERME_UNAME]) && isset($_COOKIE[Conjoon_Keys::COOKIE_REMEMBERME_TOKEN])) { /** * @see Conjoon_Auth_Adapter_Db */ require_once 'Conjoon/Auth/Adapter/Db.php'; $authAdapter = new Conjoon_Auth_Adapter_Db(array('cookie' => array('name' => $_COOKIE[Conjoon_Keys::COOKIE_REMEMBERME_UNAME], 'remember_me_token' => $_COOKIE[Conjoon_Keys::COOKIE_REMEMBERME_TOKEN]))); // if the result is valid, the return value of the adapter will // be stored automatically in the supplied storage object // from the auth object $this->auth->authenticate($authAdapter); } } if ($this->auth->hasIdentity()) { // identity is set. Now check for auth token equality $currentUser = $this->auth->getIdentity(); /** * @see Conjoon_BeanContext_Decorator */ require_once 'Conjoon/BeanContext/Decorator.php'; /** * @see Conjoon_Modules_Default_User_Model_User */ require_once 'Conjoon/Modules/Default/User/Model/User.php'; $decorator = new Conjoon_BeanContext_Decorator(new Conjoon_Modules_Default_User_Model_User()); $tokenedUser = $decorator->getUserAsDto($currentUser->getId()); // check whether the token in the DB equals to the token in the session if ($tokenedUser->authToken != $currentUser->getAuthToken()) { // the application needs to query the registry. That's okay since no secret data will // be transported if the registry sees that there's no login if ($request->action == 'get.entries' && $request->controller == 'registry' && $request->module == 'default') { return; } // user wants to log out - this is needed to sign in again since the // active session will prevent from continue with using the app if ($request->action == 'logout' && $request->controller == 'reception' && $request->module == 'default') { return; } // does not equal - someone has logged in currently // with the same user credentials. // redirect to appropriate controller action $request->setModuleName('default'); $request->setControllerName('reception'); $request->setActionName('auth.token.failure'); } return; } // the user wants to login and requested the login controller's process // action. Let him pass! if ($request->action == 'process' && $request->controller == 'reception' && $request->module == 'default') { return; } // user wants to log out - okay if ($request->action == 'logout' && $request->controller == 'reception' && $request->module == 'default') { return; } // resource not available. if ($request->action == 'resource.not.available' && $request->controller == 'index' && $request->module == 'default') { return; } // the application needs to query the registry. That's okay since no secret data will // be transported if the registry sees that there's no login if ($request->action == 'get.entries' && $request->controller == 'registry' && $request->module == 'default') { return; } // anything other means the user is not logged in $request->setModuleName('default')->setControllerName('reception')->setActionName('index')->setDispatched(false); }
/** * ユーザー名の取得 * * @return mixed|null */ public function getIdentity() { return parent::getIdentity(); }
/** * Retorna el Rol del usuario actual * * @return string */ private function getRol() { return $this->_auth->hasIdentity() ? $this->_auth->getIdentity()->rol : 'invitado'; }
/** * Register acl plugin * * @param Zend_Auth $auth */ public function registerAclPlugin($auth) { $bootstrap = $this->Application()->Bootstrap(); if($this->acl === null) { $this->acl = $bootstrap->getResource('Acl'); } if($auth->hasIdentity()) { $identity = $auth->getIdentity(); $this->aclRole = $identity->role; } /** @var $engine Enlight_Template_Manager */ $engine = $bootstrap->getResource('Template'); $engine->unregisterPlugin( Smarty::PLUGIN_FUNCTION, 'acl_is_allowed' ); $engine->registerPlugin( Enlight_Template_Manager::PLUGIN_FUNCTION, 'acl_is_allowed', array($this, 'isAllowed') ); }