protected function _initAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(Infra_AclHelper::ROLE_GUEST);
     $currentRole = Infra_AclHelper::getCurrentRole();
     $currentPermissions = Infra_AclHelper::getCurrentPermissions();
     if (!$acl->hasRole($currentRole)) {
         $acl->addRole($currentRole);
     }
     $accessItems = Zend_Registry::get('config')->access;
     $allAccess = array();
     foreach ($accessItems as $resource => $accessConfig) {
         if (!$accessConfig instanceof Zend_Config) {
             $requiredPermissions = $accessConfig;
         } else {
             if (isset($accessConfig->all)) {
                 $requiredPermissions = $accessConfig->all;
             } else {
                 continue;
             }
         }
         $acl->addResource(new Zend_Acl_Resource($resource));
         if ($requiredPermissions) {
             $allow = true;
             if ($requiredPermissions != '*') {
                 $allAccess[$resource] = $requiredPermissions;
                 $requiredPermissions = array_map('trim', explode(',', $requiredPermissions));
                 foreach ($requiredPermissions as $required) {
                     if (!in_array($required, $currentPermissions, true)) {
                         $allow = false;
                         break;
                     }
                 }
             }
             if ($allow) {
                 $acl->allow($currentRole, $resource);
             } else {
                 $acl->deny($currentRole, $resource);
             }
         }
     }
     foreach ($accessItems as $resource => $accessConfig) {
         if ($accessConfig instanceof Zend_Config) {
             foreach ($accessConfig as $action => $requiredPermissions) {
                 if ($action == 'all') {
                     continue;
                 }
                 $acl->addResource(new Zend_Acl_Resource($resource . $action), $resource);
                 $allow = true;
                 if ($requiredPermissions != '*') {
                     if (isset($allAccess[$resource])) {
                         $requiredPermissions .= ',' . $allAccess[$resource];
                     }
                     $requiredPermissions = array_map('trim', explode(',', $requiredPermissions));
                     foreach ($requiredPermissions as $required) {
                         if (!in_array($required, $currentPermissions, true)) {
                             $allow = false;
                             break;
                         }
                     }
                 } else {
                     //If no special permission is required to view this resource, it should be added to the whitelisted resources
                     $resourceUrl = "{$resource}/{$action}";
                     Infra_AuthPlugin::addToWhitelist($resourceUrl);
                 }
                 if ($allow) {
                     $acl->allow($currentRole, $resource, $action);
                 } else {
                     $acl->deny($currentRole, $resource, $action);
                 }
             }
         }
     }
     Zend_Registry::set('acl', $acl);
 }
示例#2
0
 /**
  * Define the default action when login failed
  * @param string $url
  */
 public static function setDefaultAction($controller, $action = 'index')
 {
     self::$defaultController = $controller;
     self::$defaultAction = $action;
 }