public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$this->_initAcl();
if ($this->_auth->hasIdentity()) {
$ident = $this->_auth->getIdentity();
$date = new Zend_Date();
$ident->last_login = $date->get(DATABASE_DATE_FORMAT);
$ident->save();
}
if ($request->getControllerName() != 'admin' && $request->getModuleName() != 'admin') {
return;
}
// if this is not admin skip the rest
if (!$this->_auth->hasIdentity() && !($request->getControllerName() == 'auth' && $request->getActionName() == 'login' && $request->getModuleName() == 'admin')) {
$redirect = new Zend_Controller_Action_Helper_Redirector();
$redirect->gotoSimple('login', 'auth', 'admin');
}
if ($request->getModuleName() == 'user' && $request->getControllerName() == 'admin' && $request->getActionName() == 'profile') {
return;
}
// the profile is a free resource
$resource = $request->getModuleName() . '_' . $request->getControllerName();
$hasResource = $this->_acl->has($resource);
if ($hasResource && !$this->_acl->isAllowed('fansubcms_user_custom_role_logged_in_user', $resource, $request->getActionName())) {
throw new FansubCMS_Exception_Denied('The user is not allowd to do this');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ('company' == $request->getControllerName()) {
$tsn = $request->tsn ? $request->tsn : $_COOKIE['tsn'];
if ($tsn) {
$token = Token::create($tsn);
$token->update_sync_time();
} else {
$token = Token::create_abstract('123');
}
if ($token->is_logined() == true) {
if ($token->is_expire()) {
$token->destroy();
include_once LIB_PATH . '/view_helper/BuildUrl.php';
$url_builder = new Zend_View_Helper_BuildUrl();
$referer = SearchFilter::slashes($url_builder->buildUrl($request->getActionName(), $request->getControllerName(), $request->getModuleName()));
$login_url = $url_builder->buildUrl('login', 'auth', 'index', array('redirect' => $referer));
$redirector = new Zend_Controller_Action_Helper_Redirector();
$redirector->gotoUrl($login_url);
return;
}
$token->register();
} else {
if ('auth' != $request->getActionName()) {
$token->destroy();
$request->setModuleName('index');
$request->setControllerName('auth');
$request->setActionName('login');
}
}
}
}
protected function _checkSkipAcl(Zend_Controller_Request_Abstract $request, $type)
{
// verificação de requisicao - Caso ajax, verifica se a action é delete, senao, SKIP nele.
if ($request->isXmlHttpRequest() && !in_array($request->getActionName(), $this->_arrAjaxNotSkip)) {
return TRUE;
}
$configs = Zend_Registry::get('configs');
$skip = $configs['security']['skip'][$type];
$result = FALSE;
$result = in_array($request->getActionName(), $skip);
foreach ($skip as $routers) {
$route = explode('/', $routers);
switch (count($route)) {
case 1:
// action
$result = in_array($request->getActionName(), $skip);
break;
case 2:
// controller/action
$result = in_array($request->getControllerName() . '/' . $request->getActionName(), $skip);
break;
case 3:
// module/controller/action
$result = in_array($request->getModuleName() . '/' . $request->getControllerName() . '/' . $request->getActionName(), $skip);
break;
}
if ($result) {
return TRUE;
}
}
return $result;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$storage = new Zend_Auth_Storage_Session();
$data = $storage->read();
$role = $data['emprole'];
if ($role == 1) {
$role = 'admin';
}
$request->getModuleName();
$request->getControllerName();
$request->getActionName();
$module = $request->getModuleName();
$resource = $request->getControllerName();
$privilege = $request->getActionName();
$this->id_param = $request->getParam('id');
$allowed = false;
$acl = $this->_getAcl();
$moduleResource = "{$module}:{$resource}";
if ($resource == 'profile') {
$role = 'viewer';
}
if ($resource == 'services') {
$role = 'services';
}
if ($role != '') {
if ($acl->has($moduleResource)) {
$allowed = $acl->isAllowed($role, $moduleResource, $privilege);
}
if (!$allowed) {
$request->setControllerName('error');
$request->setActionName('error');
}
}
}
/**
* checks if actual role has access for this request
*
* @param \Zend_Controller_Request_Abstract $request
*/
public function preDispatch(\Zend_Controller_Request_Abstract $request)
{
$accessManager = AccessManager::singleton();
if ($this->isGroupCheckEnabled()) {
$resource = strtolower($request->getControllerName());
$privilege = strtolower($request->getActionName());
if (!$accessManager->isAllowed($resource, $privilege)) {
if ($accessManager->hasIdentityRoleGuest($accessManager->getIdentityAsArray(), true)) {
\Cms\ExceptionStack::addException(new \Cms\Exception(5));
} else {
\Cms\ExceptionStack::addException(new \Cms\Exception(4, __METHOD__, __LINE__, array('resource' => $resource, 'privilege' => $request->getActionName())));
}
}
}
/**
* Sind Fehler aufgetreten, so muss hier explizit auf den Error-Controller
* verwiesen werden.
* Da wir im preDespatch sind greift unsere normale Weiterleitung auf den
* Error-Controller bei nicht gefangenen Exception noch nicht.
*/
if (count(\Cms\ExceptionStack::getExceptions()) > 0) {
$request->setControllerName('Error');
$request->setActionName('error');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = "";
$action = "";
$module = "";
/* if($request->getControllerName() == "index" ){
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
else if ( !$this->_auth->hasIdentity() ) {
}*/
if (!$this->_isAuthorized($request->getControllerName(), $request->getActionName())) {
if (!$this->_auth->hasIdentity()) {
if (!in_array($request->getControllerName(), $this->_moRedirect) && !Application_Model_Redirect::hasRequestUri()) {
Application_Model_Redirect::saveRequestUri("/" . $request->getControllerName() . "/" . $request->getActionName());
}
$controller = $this->_notLoggedRoute['controller'];
$action = $this->_notLoggedRoute['action'];
$module = $this->_notLoggedRoute['module'];
} else {
$controller = $this->_forbiddenRoute['controller'];
$action = $this->_forbiddenRoute['action'];
$module = $this->_forbiddenRoute['module'];
}
} else {
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
$request->setControllerName($controller);
$request->setActionName($action);
$request->setModuleName($module);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$table = $request->getParam('table');
$acl = $this->_getAcl();
$identity = Zend_Auth::getInstance()->getIdentity();
$role = 'Todos';
$resource = strtolower($request->getModuleName());
$controller = $request->getControllerName();
$privilege = $controller . self::RESOURCE_SEPARATOR . $request->getActionName();
if (isset($identity->role)) {
$role = $identity->role;
}
if (!$acl->isAllowed($role, $resource, $privilege)) {
if ($controller == 'scaffold' && $table) {
$privilege = $table . self::RESOURCE_SEPARATOR . $request->getActionName();
if ($acl->isAllowed($role, $resource, $privilege)) {
return true;
}
}
if (isset($identity->role)) {
$request->setModuleName('default')->setControllerName('error')->setActionName('access');
return false;
}
$request->setModuleName('auth')->setControllerName('index')->setActionName('index');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$loginController = 'authentication';
$loginAction = 'login';
$auth = Zend_Auth::getInstance();
// If user is not logged in and is not requesting login page
// - redirect to login page.
if (!$auth->hasIdentity() && $request->getControllerName() != $loginController && $request->getActionName() != $loginAction) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit($loginAction, $loginController);
}
// User is logged in or on login page.
if ($auth->hasIdentity()) {
// Is logged in
// Let's check the credential
$acl = new Tynex_Models_TynexAcl();
$identity = $auth->getIdentity();
// role is a column in the user table (database)
$isAllowed = $acl->isAllowed($identity->role, $request->getControllerName(), $request->getActionName());
if (!$isAllowed) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoUrlAndExit('/');
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if (!in_array($request->getModuleName(), array('qg', 'painel'))) {
return;
}
$controller = "";
$action = "";
$module = "";
if (!$this->_auth->hasIdentity()) {
$controller = $this->_notLoggedRoute['controller'];
$action = $this->_notLoggedRoute['action'];
$module = $request->getModuleName();
} else {
if (!$this->_isAuthorized($request->getModuleName(), $request->getControllerName(), $request->getActionName())) {
$controller = $this->_forbiddenRoute['controller'];
$action = $this->_forbiddenRoute['action'];
$module = $request->getModuleName();
} else {
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
}
}
$request->setControllerName($controller);
$request->setActionName($action);
$request->setModuleName($module);
}
/**
* checks whether a user needs a login and is loggedin
* otherwise redirect to login page
*
* @return void
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// allways allow silent update (for easy cronjob)
if ($request->getControllerName() == 'update' && $request->getActionName() == 'silent') {
return;
}
// show login
if ($request->getParam('login', false) !== false) {
$request->setControllerName('index');
$request->setActionName('login');
return;
}
// logout?
if ($request->getParam('logout', false) !== false) {
Zend_Registry::get('session')->__unset('authenticated');
$request->setControllerName('index');
$request->setActionName('login');
return;
}
// disallow readonly mode if user has option public not set
if (Zend_Registry::get('session')->authenticated === 'readonly' && Zend_Registry::get('session')->public != 1) {
Zend_Registry::get('session')->authenticated = false;
}
// check whether user loggedin or public access allowed
if (Zend_Registry::get('session')->authenticated !== true && Zend_Registry::get('session')->authenticated !== 'readonly') {
// no login required?
$users = new application_models_users();
if (!$users->getUsername()) {
Zend_Registry::get('session')->authenticated = true;
// public access allowed? start public mode
} elseif (Zend_Registry::get('session')->public == 1) {
Zend_Registry::get('session')->authenticated = 'readonly';
// unallowed access -> show login window
} else {
$request->setControllerName('index');
$request->setActionName('login');
return;
}
}
// load default values 4 readonly mode
if (Zend_Registry::get('session')->authenticated === 'readonly') {
$priorityStart = Zend_Registry::get('session')->priorityStart;
$priorityEnd = Zend_Registry::get('session')->priorityEnd;
// reset session with default config from config.ini
Zend_Registry::get('bootstrap')->resetSession(false);
// set priority slider
Zend_Registry::get('session')->currentPriorityStart = $priorityStart;
Zend_Registry::get('session')->currentPriorityEnd = $priorityEnd;
Zend_Registry::get('session')->priorityStart = $priorityStart;
Zend_Registry::get('session')->priorityEnd = $priorityEnd;
}
// don't allow any changings in readonly mode
if (Zend_Registry::get('session')->authenticated !== true) {
if ($request->getControllerName() != 'error' && $request->getControllerName() != 'index' && $request->getControllerName() != 'patch' && !($request->getControllerName() == 'item' && $request->getActionName() == 'list') && !($request->getControllerName() == 'item' && $request->getActionName() == 'listmore') && !($request->getControllerName() == 'update' && $request->getActionName() == 'silent')) {
die('access denied');
}
}
}
public static function getModulesIdsByRequest(Zend_Controller_Request_Abstract $request)
{
$map = self::getMapModules();
if (isset($map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()])) {
return $map[$request->getModuleName()][$request->getControllerName()][$request->getActionName()];
} else {
return false;
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
try {
$this->_statusRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'));
$this->_aclRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'), $request->getQuery());
$this->_workflowRules($request->getModuleName(), $request->getControllerName(), $request->getActionName(), $request->getParam('resourceStack'));
} catch (Saf_Controller_Front_Plugin_RouteRules_Exception $e) {
Saf_Debug::out('Enforcing Routing Rule: ' . $e->getMessage());
$request->setModuleName($e->getModuleName());
$request->setControllerName($e->getControllerName());
$request->setActionName($e->getActionName());
$request->setParam('resourceStack', $e->getResourceStack());
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
$layout = Zend_Layout::getMvcInstance();
$layoutConfig = Zend_Json::decode(file_get_contents(APPLICATION_PATH . '/configs/layout.json'), true);
$layoutName = 'layout';
if (isset($layoutConfig[$request->getControllerName()])) {
if (is_array($layoutConfig[$request->getControllerName()]) && isset($layoutConfig[$request->getControllerName()][$request->getActionName()])) {
$layoutName = $layoutConfig[$request->getControllerName()][$request->getActionName()];
} else {
$layoutName = $layoutConfig[$request->getControllerName()];
}
}
$layout->setLayout('layouts/' . $layoutName);
parent::routeShutdown($request);
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
if ($request->getModuleName() == 'admin') {
if (!$this->_auth->hasIdentity()) {
if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') {
return true;
}
$this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index/login');
} else {
if ($request->getControllerName() == 'index' && $request->getActionName() == 'login') {
$this->getResponse()->setRedirect(Zend_Controller_Front::getInstance()->getBaseUrl() . '/' . 'admin/index');
}
}
}
}
/**
* routeShutdown
* 在 路由器 完成请求的路由后被调用
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
/**
* 检测请求的Content-type类型
*/
$pathinfo = $request->getPathInfo();
if (!empty($pathinfo)) {
if ($extension = pathinfo($pathinfo, PATHINFO_EXTENSION)) {
if (preg_match('/^[-a-z0-9]+$/i', $extension)) {
$request->setParam(static::KEY_EXT, strtolower($extension));
}
}
}
/**
* 检测是否支持json响应
*/
if ($request->getParam(static::KEY_EXT) == '') {
$accept = $request->getServer('HTTP_ACCEPT');
if (!empty($accept)) {
if (strpos($accept, 'json') !== false) {
$request->setParam(static::KEY_EXT, 'json');
}
}
}
/**
* 格式化请求目标信息,不允许[-a-zA-Z0-9]以外的字符
*/
$pattern = '/[^-a-zA-Z0-9].*/';
$request->setModuleName(preg_replace($pattern, '', $request->getModuleName()));
$request->setControllerName(preg_replace($pattern, '', $request->getControllerName()));
$request->setActionName(preg_replace($pattern, '', $request->getActionName()));
}
public function postDispatch(Zend_Controller_Request_Abstract $request)
{
$layout = Zend_Layout::getMvcInstance();
// the name "maintenanceMode" is also referred to in the Admin_MaintenanceController,
// so if you change the filename, it needs to be changed there too
$maintenanceModeFileName = 'maintenanceMode';
$register = new Ot_Config_Register();
$identity = Zend_Auth::getInstance()->getIdentity();
$role = empty($identity->role) ? $register->defaultRole->getValue() : $identity->role;
if (isset($identity->masquerading) && $identity->masquerading == true && isset($identity->realAccount) && !is_null($identity->realAccount) && isset($identity->realAccount->role)) {
$role = $identity->realAccount->role;
}
$acl = Zend_Registry::get('acl');
$view = $layout->getView();
$viewRenderer = Zend_Controller_Action_HelperBroker::getExistingHelper('ViewRenderer');
if (is_file(APPLICATION_PATH . '/../overrides/' . $maintenanceModeFileName) && (!$request->isXmlHttpRequest() && !$viewRenderer->getNeverRender())) {
if (!$acl->isAllowed($role, 'ot_maintenance', 'index')) {
if (!($request->getModuleName() == 'ot' && $request->getControllerName() == 'login' && $request->getActionName() == 'index')) {
$response = $this->getResponse();
$layout->disableLayout();
$response->setBody($view->maintenanceMode()->publicLayout());
}
} else {
$response = $this->getResponse();
// there's no point in setting text here if it's a redirect
if ($response->isRedirect()) {
$response->setBody('');
} else {
$response->setBody($view->maintenanceMode()->header() . $response->getBody());
}
}
}
}
/**
* Predispatch method to authenticate user
*
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
//user only to login for access to admin functions
/*if ('admin' != $request->getModuleName()) {
return;
}
if (App_Model_Users::isLoggedIn() && App_Model_Users::isAdmin()) {
//user is logged in and allowed to access admin functions
return;
}*/
if ('admin' == $request->getModuleName()) {
return;
}
/**
* User not logged in or not allowed to access admin ... redirect to login.
* Note: if user is logged in but not authorised, we redirect to login
* to allow user to login as a different user with the right permissions.
*/
Zend_Session::destroy(true);
if ($request->getActionName() != 'logincheck') {
$request->setModuleName('default')->setControllerName('login')->setActionName('index');
//->setDispatched(FALSE);
header("Location:http://" . $_SERVER['HTTP_HOST'] . "/login/index");
}
}
/**
*
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$options = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getApplication()->getOptions();
$config = new Zend_Config($options);
$acl = new My_Acl($config);
$role = 'guest';
if (Zend_Auth::getInstance()->hasIdentity()) {
$role = 'user';
if (Zend_Auth::getInstance()->hasIdentity()) {
return;
} else {
$login = Zend_Auth::getInstance()->getIdentity();
$user = My_Model::get('Users')->getUserByEmail($login);
if ($user->admin == 1) {
$role = 'admin';
}
}
}
$controller = $request->getControllerName();
$action = $request->getActionName();
$resource = $controller;
$privilege = $action;
if (!$acl->has($resource)) {
$resource = null;
}
if (is_null($privilege)) {
$privilege = 'index';
}
if (!$acl->isAllowed($role, $resource, $privilege)) {
// $flash = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger');
// $flash->addMessage('Access Denied');
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit('login', 'admin');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$publicPages = array();
$publicPages['controllers'] = array('login');
$publicPages['actions'] = array();
$controllerName = $request->getControllerName();
if ($auth->hasIdentity() || in_array($controllerName, $publicPages['controllers'])) {
return true;
}
throw new WebVista_App_AuthException('You must be authenticated to access the system.');
$roleId = $auth->getIdentity()->roleId;
$acl = WebVista_Acl::getInstance();
if (!$acl->hasRole($roleId)) {
$error = "Sorry, the requested user role '" . $roleId . "' does not exist";
}
if (!$acl->has($request->getModuleName() . '_' . $request->getControllerName())) {
$error = "Sorry, the requested controller '" . $request->getControllerName() . "' does not exist as an ACL resource";
}
if (!$acl->isAllowed($roleId, $request->getModuleName() . '_' . $request->getControllerName(), $request->getActionName())) {
$error = "Sorry, the page you requested does not exist or you do not have access";
}
if (isset($error)) {
throw new WebVista_App_AuthException('You must be authenticated to access the system.');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$isAllowed = false;
$controller = $request->getControllerName();
$action = $request->getActionName();
// Generate the resource name
$resourceName = $controller . '/' . $action;
// Don't block errors
if ($resourceName == 'error/error') {
return;
}
$resources = $this->acl->getResources();
if (!in_array($resourceName, $resources)) {
$request->setControllerName('error')->setActionName('error')->setDispatched(true);
throw new Zend_Controller_Action_Exception('This page does not exist', 404);
return;
}
// Check if user can access this resource or not
$isAllowed = $this->acl->isAllowed(Zend_Registry::get('role'), $resourceName);
// Forward user to access denied or login page if this is guest
if (!$isAllowed) {
if (!Zend_Auth::getInstance()->hasIdentity()) {
$forwardAction = 'login';
} else {
$forwardAction = 'deny';
}
$request->setControllerName('index')->setActionName($forwardAction)->setDispatched(true);
}
}
protected function _init(Zend_Controller_Request_Abstract $request)
{
$this->_module = $request->getModuleName();
$this->_controller = $request->getControllerName();
$this->_action = $request->getActionName();
$this->_resource = $this->_module . ':' . $this->_controller;
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
//clear session from search session
//$this->clearSession();
$session_user = new Zend_Session_Namespace('auth');
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$url = $module . "/" . $controller . "/" . $action;
$_url = "";
//have login
if (isset($session_user->arr_acl)) {
$arr_acl = $session_user->arr_acl;
$valid_action = FALSE;
foreach ($arr_acl as $acl) {
if ($module == $acl["module"] && $controller == $acl["controller"]) {
$valid_action = TRUE;
break;
} elseif ($module === "rsvAcl" && $controller === "user" && $action === "change-password") {
//all user level can change password all
$valid_action = TRUE;
break;
} elseif ($module === "rsvAcl" && $session_user->level === "1") {
//user level 1 can access all action in module "rsvAcl"
$valid_action = TRUE;
break;
}
}
//redirect to homepage
if (!$valid_action) {
//just open block below
if ($url !== "default/index/index" && $url !== "default/error/error" && $url !== "default/index/changepassword" && $url !== "default/index/logout") {
$_url = '/';
}
$_have = false;
foreach ($this->_exception_url as $i => $val) {
if ($url === $val) {
$_have = true;
break;
}
}
if (!$_have) {
$_url = '/';
}
} else {
$_url = $this->rewriteUrl($url);
}
} else {
//no login
//redirect to login page
if ($url !== "default/index/index") {
$_url = "/";
}
}
if (!empty($_url)) {
// echo"url here". $_url;exit();
$_url = "/home";
Application_Form_FrmMessage::redirectUrl($_url);
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ($this->_auth->hasIdentity()) {
$role = $this->_auth->role;
} else {
$role = 'guest';
}
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
if (!$this->_acl->has($module)) {
$module = null;
}
if (!$this->acl->isAllowed($role, $module)) {
if (!$this->auth->hasIdentity()) {
$controller = $this->_noauth['controller'];
$action = $this->_noauth['action'];
} else {
$controller = $this->_noacl['controller'];
$action = $this->_noacl['action'];
}
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role(Model_Role::GUEST));
$acl->addRole(new Zend_Acl_Role(Model_Role::ADMIN), Model_Role::GUEST);
$acl->addResource(new Zend_Acl_Resource('admin'));
$acl->addResource(new Zend_Acl_Resource('blog'));
$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->allow(Model_Role::GUEST, 'blog');
$acl->allow(Model_Role::GUEST, 'error');
$acl->allow(Model_Role::GUEST, 'index');
$acl->allow(Model_Role::GUEST, 'admin', array('login'));
$acl->allow(Model_Role::ADMIN, 'admin');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$user = new Model_User($auth->getIdentity());
$role = $user->role_id;
} else {
$role = Model_Role::GUEST;
}
$resource = $request->getControllerName();
$privilege = $request->getActionName();
if (!$acl->isAllowed($role, $resource, $privilege)) {
$this->_request->setControllerName('admin')->setActionName('login');
$this->_response->setRedirect('/admin/login/');
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$resource = $request->getActionName();
$privilegio = $request->getControllerName();
$modulo = $request->getModuleName();
$privilegio = $modulo . ':' . $privilegio;
$storageObj = $this->_authEngine->getStorage()->read();
$role = 'visitante';
if ($this->_authEngine->hasIdentity()) {
$auth = $this->_authEngine->getStorage()->read();
$id = $auth['usuario_id'];
$usuarioModel = new Application_Model_Usuario();
$usuario = $usuarioModel->find($id)->current();
$role = $usuario['tipo'];
}
try {
if (!$this->_acl->has($privilegio)) {
throw new Zend_Exception('Recurso não encontrado: ' . $privilegio);
}
if (!$this->_acl->isAllowed($role, $privilegio, $resource)) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoUrlAndExit('/error/errorpermission');
}
} catch (Zend_Exception $e) {
// echo $e->getMessage();
} catch (Zend_Acl_Exception $e) {
// echo $e->getMessage();
}
}
/**
* Hlavni logika ACL
*
* @param $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$acl = new Zend_Acl();
$identity = $auth->getIdentity();
$acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner');
if ($identity->owner == true) {
$inherit = 'owner';
} elseif ($identity->administrator == true) {
$inherit = 'admin';
} else {
$inherit = 'user';
}
$acl->addRole(new Zend_Acl_Role($identity->email), $inherit);
$projekt = $request->getParam('projekt');
// Zakladni resource
foreach ($this->_resources as $val => $key) {
$acl->add(new Zend_Acl_Resource($key));
}
// Prava pro zakladni resource
$acl->allow('owner');
$acl->deny('admin', 'account');
$acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir'));
$acl->deny('user', 'account');
$acl->deny('user', 'project', $this->_create);
$acl->deny('user', 'people', $this->_create);
$acl->deny('user', 'project', $this->_manage);
$acl->deny('user', 'people', $this->_manage);
if ($request->id == $identity->iduser) {
$acl->allow('user', 'people', $this->_manage);
}
// Resource pro projektovou podsekci
$this->_projectAcl($acl, $identity);
Zend_Registry::set('acl', $acl);
if ($identity->administrator == 1) {
$isAllowed = true;
} elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName());
} elseif (in_array($request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName());
} else {
$isAllowed = false;
}
$error = $request->getParam('error_handler');
if (is_null($error)) {
if (!$isAllowed) {
$module = $this->_noacl['module'];
$controller = $this->_noacl['controller'];
$action = $this->_noacl['action'];
}
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}
/**
* @param Zend_Controller_Request_Abstract $oHttpRequest
*/
public function preDispatch(Zend_Controller_Request_Abstract $oHttpRequest)
{
$sControllerName = $oHttpRequest->getControllerName();
$sActionName = $oHttpRequest->getActionName();
$aRequestedParams = $oHttpRequest->getUserParams();
$sQuery = '';
unset($aRequestedParams['controller']);
unset($aRequestedParams['action']);
// Define user role
if (Zend_Auth::getInstance()->hasIdentity()) {
$aData = Zend_Auth::getInstance()->getStorage()->read();
$sRole = $aData['role'];
} else {
// Default role
$sRole = 'guest';
}
// Check access
if (!$this->_oAcl->isAllowed($sRole, $sControllerName, $sActionName)) {
$oHttpRequest->setParam('referer_controller', $sControllerName);
$oHttpRequest->setParam('referer_action', $sActionName);
$aParams = array();
if (count($aRequestedParams)) {
foreach ($aRequestedParams as $sKey => $sValue) {
$aParams[] = $sKey;
$aParams[] = $sValue;
}
$sQuery = implode('/', $aParams) . '/';
}
$oHttpRequest->setParam('query', $sQuery);
$oHttpRequest->setControllerName('auth')->setActionName('login');
$this->_response->setHttpResponseCode(401);
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// Kiem tra neu chua dang nhap thi bo qua
$identity = Digitalus_Auth::getIdentity();
if (!$identity) {
return;
}
////////////////////////////////////////
// $this->_cache = ZendX_Cache_Manager::getInstance();
$this->_cache = Digitalus_Cache_Manager::getInstance();
// La la cac phuong thuc khac get() no se khong lay tu content tu cache ra
if (!$request->isGet()) {
self::$doNotCache = true;
return;
}
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$path = $request->getPathInfo();
// co loi o day , xem link de biet cach sua
$this->_key = md5($path);
$this->_keyTags = array($module, "{$module}_{$controller}", "{$module}_{$controller}_{$action}");
if (false !== ($data = $this->getCache())) {
$response = $this->getResponse();
$response->setBody($data['default']);
$response->sendResponse();
exit;
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
if ($request->isXmlHttpRequest()) {
return;
}
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$isAllowed = false;
if (Zend_Auth::getInstance()->hasIdentity()) {
$user = Zend_Auth::getInstance()->getIdentity();
require_once APPLICATION_PATH . '/modules/core/services/Acl.php';
$acl = Core_Services_Acl::getInstance();
if (in_array(strtolower($module . '_' . $controller . '_' . $action), array('default_index_index', 'identity_account_logout'))) {
$isAllowed = true;
} else {
$isAllowed = $acl->isUserOrRoleAllowed($user, $module, $controller, $action);
}
}
if (!$isAllowed) {
if (Zend_Auth::getInstance()->hasIdentity()) {
$forwardAction = 'deny';
} else {
$forwardAction = 'login';
}
$sReturn = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$sReturn = base64_encode($sReturn);
$request->setModuleName('core')->setControllerName('Auth')->setActionName($forwardAction)->setParam('returnUrl', $sReturn)->setDispatched(true);
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
//starten des Zend_Layouts
$layout = Zend_Layout::startMvc(array('layoutPath' => '../application/modules/default/views/layouts'));
$contollerName = $request->getControllerName();
$modulName = $request->getModuleName();
if ($contollerName == 'make' and $modulName == 'annotation' or $contollerName == 'browse' and $modulName == 'annotation' and $request->getActionName() != 'index') {
$layout->disableLayout();
//setLayout('flexlayout');
} elseif ($modulName == 'service') {
$layout->disableLayout();
} elseif ($modulName == 'image' and $contollerName == 'index') {
$layout->disableLayout();
} else {
$layout->setLayout('layout');
}
// der view Voreinstellungen übergeben
$view = $layout->getView();
$view->doctype('XHTML1_TRANSITIONAL');
$view->headLink(array('href' => '/styles/index.css', 'rel' => 'stylesheet', 'type' => 'text/css', 'media' => 'screen'));
$view->headLink(array('href' => '/images/website/favicon.ico', 'rel' => 'shortcut icon'));
$view->headTitle(Zend_Registry::get('APP_NAME'));
//??$view->headMeta()->appendName('http-equiv','text/html; charset=utf-8');
// register the MESSAGE key
$registry = Zend_Registry::getInstance();
$registry->MESSAGE = '';
}
