示例#1
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         $private = array('comments' => array('index', 'edit', 'delete', 'save'), 'posts' => array('new', 'edit', 'save', 'create', 'delete'), 'users' => array('search', 'new', 'edit', 'save', 'create', 'delete', 'logout'));
         foreach ($private as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         $public = array('index' => array('index'), 'posts' => array('index', 'search', 'show', 'comment', 'feed'), 'users' => array('login', 'index'), 'js' => array('jquery'));
         foreach ($public as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($roles as $role) {
             foreach ($public as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         foreach ($private as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#2
0
文件: Security.php 项目: sify21/pmail
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = ['admin' => new Phalcon\Acl\Role('admin'), 'dispatcher' => new Phalcon\Acl\Role('dispatcher'), 'handler' => new Phalcon\Acl\Role('handler'), 'assessor' => new Phalcon\Acl\Role('assessor')];
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //All resources
         $resources = ['admin' => ['*'], 'assessor' => ['*'], 'common' => ['*'], 'dispatcher' => ['*'], 'handler' => ['*']];
         foreach ($resources as $controller => $actions) {
             //Resource类对应某个Controller
             $acl->addResource(new Phalcon\Acl\Resource($controller), $actions);
         }
         //Grant access to users
         $acl->allow('admin', 'admin', '*');
         $acl->allow('assessor', 'assessor', '*');
         $acl->allow('dispatcher', 'dispatcher', '*');
         $acl->allow('handler', 'handler', '*');
         foreach ($roles as $role) {
             $acl->allow($role->getName(), 'common', '*');
         }
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         //Creamos la instancia de ACL para crear los roles
         $acl = new Phalcon\Acl\Adapter\Memory();
         //Por defecto sera negar el acceso a cualquier zona
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Registramos los roles que deseamos tener en nuestra aplicacion
         $roles = array('admin' => new Phalcon\Acl\Role('Admin'), 'registered' => new Phalcon\Acl\Role('Registered'), 'guest' => new Phalcon\Acl\Role('Guest'));
         //Añadimos los roles al acl
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Zonas accesibles solo para el rol admin
         //$adminAreas = array('admin' => array('index', 'save')
         $adminAreas = array('admin' => array('tipo', 'get'));
         //Añadimos las zonas de administrador a los recursos de la aplicación
         foreach ($adminAreas as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Zonas protegidas sólo para usuarios registrados de la aplicación
         $registeredAreas = array('dashboard' => array('index'), 'profile' => array('index', 'edit'));
         //Añadimos las zonas para usuarios registrados a los recursos de la aplicación
         foreach ($registeredAreas as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Zonas públicas de la aplicación
         $publicAreas = array('index' => array('index', 'register', 'login', 'end'));
         //Añadimos las zonas públicas a los recursos de la aplicación
         foreach ($publicAreas as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Damos acceso a todos los usuarios a las zonas públicas de la aplicación
         foreach ($roles as $role) {
             foreach ($publicAreas as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         //damos acceso a la zona de admins solo a rol Admin
         foreach ($adminAreas as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Admin', $resource, $action);
             }
         }
         //damos acceso a las zonas de registro tanto a los usuarios registrados como al admin
         foreach ($registeredAreas as $resource => $actions) {
             //damos acceso a los registrados
             foreach ($actions as $action) {
                 $acl->allow('Registered', $resource, $action);
             }
             //damos acceso al admin
             foreach ($actions as $action) {
                 $acl->allow('Admin', $resource, $action);
             }
         }
         //El acl queda almacenado en sesión
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#4
0
 public function getAcl()
 {
     //if (!isset($this->persistent->acl)) {
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     //Register roles
     $rol = Role::find(array("cache" => array("key" => "role")));
     foreach ($rol as $ros) {
         $roles[strtolower($ros->name)] = new Phalcon\Acl\Role($ros->name);
     }
     foreach ($roles as $role) {
         $acl->addRole($role);
     }
     foreach (Action::find(array("cache" => array("key" => "action"))) as $actions) {
         $acl->addResource(new Phalcon\Acl\Resource($actions->controller->name), $actions->name);
     }
     //Grant access to public areas to both users and guests
     foreach ($rol as $role) {
         foreach ($role->action as $action) {
             $roledann[$role->name][$action->controller->name][] = $action->name;
         }
     }
     // print_r($roledann);
     foreach ($roledann as $keys => $dann) {
         foreach ($dann as $key => $dan) {
             $acl->allow($keys, $key, $dan);
         }
     }
     //The acl is stored in session, APC would be useful here too
     //$this->persistent->acl = $acl;
     //	}
     //return $this->persistent->acl;
     return $acl;
 }
示例#5
0
 /**
  * lógica para crear una aplicación con roles de usuarios
  */
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         //creamos la instancia de acl para crear los roles
         $acl = new Phalcon\Acl\Adapter\Memory();
         //por defecto la acción será denegar el acceso a cualquier zona
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //----------------------------ROLES-----------------------------------
         //registramos los roles que deseamos tener en nuestra aplicación****
         $listaRoles = Rol::find();
         foreach ($listaRoles as $rol) {
             $acl->addRole(new \Phalcon\Acl\Role($rol->rol_nombre));
             //Recupero todas las paginas de cada rol
             $query = $this->modelsManager->createQuery("SELECT pagina.* FROM Acceso AS acceso,Pagina AS pagina,Rol AS rol WHERE rol.rol_id=" . $rol->rol_id . " and rol.rol_id=acceso.rol_id and acceso.pagina_id=pagina.pagina_id");
             $listaPaginasPorRol = $query->execute();
             foreach ($listaPaginasPorRol as $pagina) {
                 $acl->addResource(new Resource($pagina->pagina_nombreControlador), $pagina->pagina_nombreAccion);
                 $acl->allow($rol->rol_nombre, $pagina->pagina_nombreControlador, $pagina->pagina_nombreAccion);
             }
         }
         //El acl queda almacenado en sesión
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#6
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Public area resources
         $publicResources = array('index' => array('*'), 'admin' => array('login'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#7
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         ///
         $roles = array('customer' => new Phalcon\Acl\Role('customer'), 'guests' => new Phalcon\Acl\Role('Guests'), 'admin' => new Phalcon\Acl\Role('admin'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         ////
         $privateResources = array('operate' => array('index', 'addnews', 'add'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         ////
         $userResources = array('personal' => array('index', 'detail', 'loan'));
         foreach ($userResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         /////
         $publicResources = array('index' => array('index', 'verifycode', 'getdata'), 'news' => array('index'), 'about' => array('index', 'contact', 'culture'), 'service' => array('index', 'method', 'mode'), 'situation' => array('index'), 'college' => array('index', 'case', 'test'), 'account' => array('verify', 'register'), 'session' => array('index', 'start', 'end'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         foreach ($userResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('customer', $resource, $action);
             }
         }
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('admin', $resource, $action);
             }
         }
         //
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#8
0
 public function testMemory()
 {
     $acl = new \Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     $roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests'));
     $resources = array('welcome' => array('index', 'about'), 'account' => array('index'));
     foreach ($roles as $role => $object) {
         $acl->addRole($object);
     }
     foreach ($resources as $resource => $actions) {
         $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
     }
     /*		
     		$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$acl->allow('Admin', 'welcome', '*');
     
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$this->assertFalse($acl->isAllowed('Admin', 'account', 'index'));
     		$this->assertFalse($acl->isAllowed('Admin', 'account', 'about'));
     
     		$acl->allow('Admin', '*', '*');	
     
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$this->assertTrue($acl->isAllowed('Admin', 'account', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'account', 'about'));
     
     		$acl->deny('Admin', '*', '*');	
     
     		foreach ($roles as $role => $object) {
     			$this->assertFalse($acl->isAllowed($role, 'welcome', 'about'));
     		}
     */
     $acl->allow("*", "welcome", "index");
     foreach ($roles as $role => $object) {
         $this->assertTrue($acl->isAllowed($role, 'welcome', 'index'));
     }
     $acl->deny("*", "welcome", "index");
     foreach ($roles as $role => $object) {
         $this->assertFalse($acl->isAllowed($role, 'welcome', 'index'));
     }
     /*		
     		$acl->allow('Admin', '*', 'index');
     
     		foreach ($resources as $resource => $actions) {
     			$this->assertTrue($acl->isAllowed('admin', $resource, 'index'));
     		}
     
     		$acl->allow('*', '*', 'index');
     
     		$acl->allow('*', '*', '*');
     */
 }
示例#9
0
 protected function _getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new \Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         $roles = [self::GUEST => new \Phalcon\Acl\Role(self::GUEST), self::USER => new \Phalcon\Acl\Role(self::USER), self::ADMIN => new \Phalcon\Acl\Role(self::ADMIN)];
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         // public resources
         foreach ($this->_publicResources as $resource => $action) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
         }
         // overons resources
         foreach ($this->_userResources as $resource => $action) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
         }
         // admin resources
         foreach ($this->_adminResources as $resource => $action) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
         }
         // Allow all roles to access the public Resources
         foreach ($roles as $role) {
             foreach ($this->_publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         // Allow User and Admin to access the overons Resources
         foreach ($this->_userResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow(self::USER, $resource, $action);
                 $acl->allow(self::ADMIN, $resource, $action);
             }
         }
         // allow Admin to access the admin Resources
         foreach ($this->_adminResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow(self::ADMIN, $resource, $action);
             }
         }
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#10
0
 public function getAcl()
 {
     if (!$this->_acl) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('Admin' => new Phalcon\Acl\Role('Admin'), 'Supervisor' => new Phalcon\Acl\Role('Supervisor'), 'User' => new Phalcon\Acl\Role('User'), 'Guest' => new Phalcon\Acl\Role('Guest'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         $adminResources = array('Admin' => array('index', 'organisationEdit', 'organisationNew', 'userEdit', 'userNew', 'dashboardEdit', 'dashboardNew', 'payment_methodEdit', 'payment_methodNew', 'calendar_eventEdit', 'calendar_eventNew', 'canvasEdit', 'canvasNew'));
         foreach ($adminResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         $supervisorResources = array('Supervisor/index' => array('index'));
         foreach ($supervisorResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //User area resources
         $userResources = array('Canvas' => array('builder', 'dashboard'), 'widget' => array('builder', 'update'), 'index' => array('*'), 'dashboard' => array('index'), 'profile' => array('edit'), 'calendar' => array('index'), 'report' => array('index'), 'support' => array('index', 'send'));
         foreach ($userResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Private area resources
         $publicResources = array('logins' => array('*'), 'session' => array('index', 'register', 'start', 'end'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         //Grant acess to private area to role Users
         foreach ($userResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('User', $resource, $action);
                 $acl->allow('Admin', $resource, $action);
                 $acl->allow('Supervisor', $resource, $action);
             }
         }
         foreach ($supervisorResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Supervisor', $resource, $action);
                 $acl->allow('Admin', $resource, $action);
             }
         }
         foreach ($adminResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Admin', $resource, $action);
             }
         }
         $this->_acl = $acl;
     }
     return $this->_acl;
 }
示例#11
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('Common' => new Phalcon\Acl\Role('Common'), 'Person' => new Phalcon\Acl\Role('Person'), 'Company' => new Phalcon\Acl\Role('Company'), 'Guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail'));
         //Grant resources to role users
         $privateACL = array('Common' => array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest')), 'Person' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')), 'Company' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('user' => array('index', 'register', 'login', 'loginSubmit', 'registerSubmit', 'loginout', 'applyInvest', 'applyPerson', 'applyPersonSubmit', 'applyCompany', 'applyCompanySubmit', 'applyTest', 'imgVerity', 'img_verity'), 'index' => array('index'), 'file' => array('upload'), 'invest' => array('index', 'pjCenter'), 'raise_funds' => array('index'), 'raise_product' => array('index', 'pdShow'), 'user_raise_basic' => array('ajaxGetType'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, $actions);
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateACL as $roleUser => $privateResources) {
             foreach ($privateResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($roleUser, $resource, $action);
                 }
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#12
0
 protected function _getAcl()
 {
     if (!$this->acl) {
         $acl = new \Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(\Phalcon\Acl::DENY);
         $acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PUBLIC));
         $acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PRIVATE));
         // Allow All Roles to access the Public resources
         foreach ($this->publicEndpoints as $endpoint) {
             $acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint);
             $acl->allow(self::ROLE_PUBLIC, self::RESOURCE_API, $endpoint);
             $acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint);
         }
         foreach ($this->privateEndpoints as $endpoint) {
             $acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint);
             $acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint);
         }
         $this->acl = $acl;
     }
     return $this->acl;
 }
示例#13
0
 /**
  * Creates ACL (Access Control List) if not already created
  */
 public function getACL($isRefresh)
 {
     if ($isRefresh || !isset($this->persistent->acl)) {
         //not yet created, make it
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //register roles
         $roles = array('guests' => new Phalcon\Acl\Role('Guests'), 'users' => new Phalcon\Acl\Role('Users'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources (the controller then actions)
         $privateResources = array('profile' => array('index', 'other'), 'session' => array('logout'), 'creategoal' => array('index'), 'goal' => array('create', 'browse', 'view', 'edit'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'session' => array('login', 'register', 'logout', 'sendconf', 'completeReg'), 'admin' => array('index', 'updateAcl'), 'test' => array('index'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 foreach ($actions as $action) {
                     $acl->allow($role->getName(), $resource, $action);
                 }
             }
         }
         //Grant access to private area only to those logged in
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //store new ACL
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#14
0
 private function _getAcl()
 {
     $this->persistent->destroy();
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array(Core_UserCenter_Enum::ADMIN => new Phalcon\Acl\Role(Core_UserCenter_Enum::ADMIN), Core_UserCenter_Enum::USERS => new Phalcon\Acl\Role(Core_UserCenter_Enum::USERS), Core_UserCenter_Enum::GUESTS => new Phalcon\Acl\Role(Core_UserCenter_Enum::GUESTS));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('xadmin' => array('index'), 'stock' => array('manage'), 'auth' => array('logout'), 'pupil' => array('add'), 'config' => array('edit'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('auth' => array('login', 'switch'), 'index' => array('index'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($publicResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('*', $resource, $action);
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow(Core_UserCenter_Enum::USERS, $resource, $action);
                 $acl->allow(Core_UserCenter_Enum::ADMIN, $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#15
0
文件: Auth.php 项目: kofeinstyle/coc
 private function initAcl()
 {
     if (empty($this->acl)) {
         // Создаем ACL
         $acl = new \Phalcon\Acl\Adapter\Memory();
         // Действием по умолчанию будет запрет
         $acl->setDefaultAction(\Phalcon\Acl::DENY);
         // Регистрируем две роли. Users - это зарегистрированные пользователи,
         // а Guests - неидентифициорованные посетители.
         $roles = array('users' => new \Phalcon\Acl\Role('users'), 'guests' => new \Phalcon\Acl\Role('guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         // Приватные ресурсы (бакенд)
         $privateResources = ['user' => ['index', 'profile'], 'clan' => ['index']];
         // Публичные ресурсы (фронтенд)
         $publicResources = array('index' => ['index'], 'session' => ['index', 'start', 'end'], 'user' => ['register']);
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         // Предоставляем пользователям и гостям доступ к публичным ресурсам
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, $actions);
             }
         }
         // Доступ к приватным ресурсам предоставляем только пользователям
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('users', $resource, $action);
             }
         }
         $this->acl = $acl;
     }
 }
示例#16
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'about' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#17
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('dashboard' => array('index'), 'agenda' => array('index'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index', 'login', 'logout'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
 public function getACL()
 {
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     //Register roles
     $roles = array('users' => new Phalcon\Acl\Role("Administrators", "Super-User role"), 'guests' => new Phalcon\Acl\Role("Guests"));
     foreach ($roles as $role) {
         $acl->addRole($role);
     }
     //Private area resources // Define the "NiuUsrInfo" resource //$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
     $privateResources = array('NiuUsrInfo' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
     // Add "NiuUsrInfo" resource with a couple of operations // $acl->addResource($customersResource, array("search", "update", "create"));
     foreach ($privateResources as $resource => $actions) {
         $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
     }
     //Public area resources
     $publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
     foreach ($publicResources as $resource => $actions) {
         $acl->addResource(new Resource($resource), $actions);
     }
     //Grant access to public areas to both users and guests
     foreach ($roles as $role) {
         foreach ($publicResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow($role->getName(), $resource, $action);
             }
         }
     }
     // Set access level for roles into resources $acl->allow("Guests", "NiuUsrInfo", "search");		$acl->deny("Guests", "NiuUsrInfo", "create");
     //Grant acess to private area to role Users
     foreach ($privateResources as $resource => $actions) {
         foreach ($actions as $action) {
             $acl->allow('Users', $resource, $action);
         }
     }
 }
示例#19
0
 public function getAcl()
 {
     if (!$this->_acl) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //Private area resources
         $privateResources = array('news' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'post' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'inter' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'comment' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'insertion' => array('index', 'profile'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Public area resources
         $publicResources = array('index' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'), 'article' => array('index', 'show'));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, '*');
             }
         }
         //Grant acess to private area to role Users
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('Users', $resource, $action);
             }
         }
         $this->_acl = $acl;
     }
     return $this->_acl;
 }
示例#20
0
 private function _getAcl()
 {
     //используется только при дебаге, чтобы всегда ACL был новый
     $this->persistent->destroy();
     if (!isset($this->persistent->acl)) {
         $userEnum = Core_UserCenter_Enum::getInstance();
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Регистрация роллей из Core_UserCenter_Enum
         foreach ($userEnum->getAll() as $name => $value) {
             $acl->addRole($name);
         }
         //Public area resources
         $publicResources = ['test' => ['index'], 'auth' => ['login']];
         $privateResources = ['test' => ['bla', 'getlist'], 'index' => ['index'], 'auth' => ['logout']];
         foreach (array_merge_recursive($privateResources, $publicResources) as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($publicResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow('*', $resource, $action);
             }
         }
         foreach ($privateResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow($userEnum->getName($userEnum::ADMIN), $resource, $action);
             }
         }
         //Разрешаем для группы ADMIN ВЕЗДЕ доступ
         $acl->allow($userEnum->getName($userEnum::ADMIN), '*', '*');
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#21
0
 public function getAcl()
 {
     /*
      * Buscar ACL en cache
      */
     //		$acl = $this->cache->get('acl-cache');
     //		if (!$acl) {
     // No existe, crear objeto ACL
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     //			$acl = $this->acl;
     $userroles = Role::find();
     $modelManager = Phalcon\DI::getDefault()->get('modelsManager');
     $sql = "SELECT Resource.name AS resource, Action.name AS action \n                                    FROM Action\n                                            JOIN Resource ON (Action.idResource = Resource.idResource)";
     $results = $modelManager->executeQuery($sql);
     $userandroles = $modelManager->executeQuery('SELECT Role.name AS rolename, Resource.name AS resname, Action.name AS actname
                                                                                                          FROM Allowed
                                                                                                             JOIN Role ON (Role.idRole = Allowed.idRole) 
                                                                                                             JOIN Action ON (Action.idAction = Allowed.idAction) 
                                                                                                             JOIN Resource ON (Action.idResource = Resource.idResource)');
     //Registrando roles
     foreach ($userroles as $role) {
         $acl->addRole(new Phalcon\Acl\Role($role->name));
     }
     //Registrando recursos
     $resources = array();
     foreach ($results as $key) {
         if (!isset($resources[$key['resource']])) {
             $resources[$key['resource']] = array($key['action']);
         }
         $resources[$key['resource']][] = $key['action'];
     }
     foreach ($resources as $resource => $actions) {
         $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
     }
     //Relacionando roles y recursos desde la base de datos
     foreach ($userandroles as $role) {
         $acl->allow($role->rolename, $role->resname, $role->actname);
     }
     //			$this->cache->save('acl-cache', $acl);
     //		}
     // Retornar ACL
     $this->_dependencyInjector->set('acl', $acl);
     return $acl;
 }
示例#22
0
 public static function getInstanceAccess()
 {
     if (!static::$_INSTANCE_ACCESS) {
         $access = new \Phalcon\Acl\Adapter\Memory();
         $access->setDefaultAction(\Phalcon\Acl::DENY);
         foreach (json_decode(file_get_contents(sprintf('%s/access.json', ROOT_PATH))) as $rule) {
             $access->addRole(new \Phalcon\Acl\Role($rule->role));
             foreach ($rule->resources as $resource) {
                 $access->addResource(new \Phalcon\Acl\Resource($resource->name), $resource->list);
                 foreach ($resource->list as $item) {
                     $access->allow($rule->role, $resource->name, $item);
                 }
             }
         }
         static::$_INSTANCE_ACCESS = $access;
     }
     return static::$_INSTANCE_ACCESS;
 }
示例#23
0
 public function getAcl()
 {
     // Create the ACL
     $acl = new Phalcon\Acl\Adapter\Memory();
     // The default action is DENY access
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     // Register roles
     $roles = array('admin' => new Phalcon\Acl\Role('admin'), 'user' => new Phalcon\Acl\Role('user'));
     // Adding Roles to the ACL
     foreach ($roles as $role) {
         $acl->addRole($role);
     }
     // Adding Resources (controllers/actions)
     // resources allowed for all groups
     $publicResources = array('index' => array('index', 'notFound', 'forbidden', 'internalServerError'), 'user' => array('myProfile', 'changePassword'), 'country' => array('index', 'add', 'edit', 'delete'), 'area' => array('index', 'add', 'wfs'));
     $privateResources = array('user' => array('index', 'add', 'edit', 'delete', 'resetPassword'));
     foreach ($publicResources as $resource => $actions) {
         $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
     }
     foreach ($privateResources as $resource => $actions) {
         $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
     }
     // Defining Access Controls
     // Grant access to public areas to all roles
     foreach ($roles as $role) {
         foreach ($publicResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow($role->getName(), $resource, $action);
             }
         }
     }
     // Grant access to private area only to certain roles
     foreach ($privateResources as $resource => $actions) {
         foreach ($actions as $action) {
             $acl->allow($roles['admin']->getName(), $resource, $action);
         }
     }
     return $acl;
 }
示例#24
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('admin' => new Phalcon\Acl\Role("M"), 'leader' => new Phalcon\Acl\Role("L"), 'pm' => new Phalcon\Acl\Role('P'), 'examinee' => new Phalcon\Acl\Role("E"), 'interviewer' => new Phalcon\Acl\Role("I"), 'guests' => new Phalcon\Acl\Role('G'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //manager area resources
         $privateResources = array('admin' => array('index'), 'examinee' => array('index'), 'interviewer' => array('index'), 'leader' => array('index'), 'pm' => array('index'), 'test' => array('index'));
         //Public area resources
         $publicResources = array('managerlogin' => array('index', 'login', 'logout'), 'examinee' => array('login'), 'index' => array('index'), 'test' => array('index'));
         foreach ($privateResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, $actions);
             }
         }
         $acl->allow('M', 'admin', '*');
         $acl->allow('E', 'examinee', '*');
         $acl->allow('P', 'pm', '*');
         $acl->allow('L', 'leader', '*');
         $acl->allow('I', 'interviewer', '*');
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#25
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         /* update values here */
         $acl = new \Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Acl::DENY);
         $roles = array("GUEST" => new Acl\Role("GUEST"), "USER" => new Acl\Role("USER"), "COORDINATOR" => new Acl\Role("COORDINATOR"), "ADMIN" => new Acl\Role("ADMIN"));
         foreach ($roles as $key => $role) {
             switch ($key) {
                 case "GUEST":
                     $acl->addRole($role);
                     break;
                 case "USER":
                     $acl->addRole($role, $roles['GUEST']);
                     break;
                 case "COORDINATOR":
                     $acl->addRole($role, $roles['USER']);
                     break;
                 case "ADMIN":
                     $acl->addRole($role, $roles['COORDINATOR']);
                     break;
             }
         }
         //Resources of admin (cms)
         $adminResources = array("config" => array('index', "saveorder"), "tags" => array("delete"), "user" => array("deleteuser", "newuser", "index", "saveuser", "edit", "inactive"), "sections" => array("index", "home", "feedpost", "updatesection", "orderpostsections"), "category" => array("index", "new", "edit", "delete", "validatecategory"));
         foreach ($adminResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         $coordinatorResources = array("index" => array("index"), "course" => array("index", "new", "delete", "validateurl", "uploadimage", "save", "edit", "inactive", "update"), "instructor" => array("index", "new", "delete", "uploadfile", "save", "edit", "inactive", "update", "view"));
         foreach ($coordinatorResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         $userResources = array("index" => array("index"), "user" => array('index', "profile", "updateuser", "updatepassword", "updateuserimage", "uploadimage", "socialmedia", "validateemail", "validateusername", "editnote"));
         foreach ($userResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         $publicResources = array("login" => array('index', "logout", "session"));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($publicResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("GUEST", $resource, $action);
             }
         }
         foreach ($userResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("USER", $resource, $action);
                 $acl->allow("COORDINATOR", $resource, $action);
                 $acl->allow("ADMIN", $resource, $action);
                 $acl->deny("USER", "login", "index");
             }
         }
         foreach ($coordinatorResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("COORDINATOR", $resource, $action);
                 $acl->allow("ADMIN", $resource, $action);
                 $acl->deny("COORDINATOR", "login", "index");
             }
         }
         //Grant acess to adminResources area to role ADMIN
         foreach ($adminResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("ADMIN", $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
    return new FunctionPlugin();
});
$di->setShared('totp', function () {
    $totp = new Rych\OTP\TOTP(Rych\OTP\Seed::generate(32));
    return $totp;
});
$di['oauth'] = function () {
    $oauth = new Cucu\Phalcon\Oauth2\Plugin\OauthPlugin();
    $oauth->initAuthorizationServer();
    $oauth->initResourceServer();
    $oauth->enableAllGrants();
    return $oauth;
};
$di['acl'] = function () {
    $acl = new Phalcon\Acl\Adapter\Memory();
    $acl->setDefaultAction(Phalcon\Acl::DENY);
    // Create some roles
    //$roleAdmins = new Phalcon\Acl\Role("Administrators", "Super-User role");
    $roleGuests = new Phalcon\Acl\Role("Guests");
    // Add "Guests" role to ACL
    $acl->addRole($roleGuests);
    // Define the "NiuUsrInfo" resource
    $customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
    // Add "NiuUsrInfo" resource with a couple of operations
    $acl->addResource($customersResource, array("search", "update", "create"));
    // Set access level for roles into resources
    $acl->allow("Guests", "NiuUsrInfo", "search");
    $acl->deny("Guests", "NiuUsrInfo", "create");
    $acl->allow("Guests", "NiuUsrInfo", "update");
    return $acl;
};
示例#27
0
 public function testOptionsWithAcl()
 {
     $I = $this->tester;
     $_SERVER['REQUEST_METHOD'] = 'OPTIONS';
     $resource = new \Phalcon\Acl\Resource('/foo');
     $role = new \Phalcon\Acl\Role('foo');
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     $acl->addResource($resource, []);
     $acl->addRole($role);
     $acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']);
     $acl->allow($role->getName(), $resource->getName(), 'GET');
     $acl->allow($role->getName(), $resource->getName(), 'POST');
     $acl->isAllowed($role->getName(), $resource->getName(), 'GET');
     $app = Rest\App::instance();
     $app->setService('acl', $acl, true);
     $controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']);
     $controller->setDI($app->getDI());
     $resp = $controller->handle();
     $actual = $resp->getHeaders()->get('Allow');
     $I->assertEquals('GET', $actual);
 }
// 这里是继承,第一个参数是儿子,第二个参数是父亲
//$acl->addInherit('User','Guest');
/*
 * 资源,定义访问的接口
 * */
$arrResources = ['User' => ['UserController' => ['login', 'logout']], 'Admin' => []];
foreach ($arrResources as $arrResource) {
    foreach ($arrResource as $controller => $arrMethods) {
        $acl->addResource(new Phalcon\Acl\Resource($controller), $arrMethods);
    }
}
foreach ($acl->getRoles() as $objRole) {
    $roleName = $objRole->getName();
    if ($roleName == 'Admin') {
        foreach ($arrResources['Admin'] as $resource => $method) {
            $acl->allow($roleName, $resource, $method);
        }
    }
    if ($roleName == 'User') {
        foreach ($arrResources['User'] as $resource => $method) {
            $acl->allow($roleName, $resource, $method);
        }
    }
}
$app->before(function () use($app, $acl) {
    $arrHandler = $app->getActiveHandler();
    $controller = str_replace('Controller\\', '', get_class($arrHandler[0]));
    $baseController = new BaseController();
    $cacheToken = $baseController->verifyToken();
    if (false == $cacheToken) {
        $auth = 'User';
示例#29
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         $acl = new Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Phalcon\Acl::DENY);
         //Register roles
         $roles = array('admin' => new Phalcon\Acl\Role("Admin"), 'manager' => new Phalcon\Acl\Role('Manager'), 'student' => new Phalcon\Acl\Role("Student"), 'guests' => new Phalcon\Acl\Role('Guests'));
         foreach ($roles as $role) {
             $acl->addRole($role);
         }
         //admin area resources
         $adminResources = array('admin' => array('index'), 'import' => array('index'));
         //manager area resources
         $managerResources = array('index' => array('index'));
         //student area resources
         $studentResources = array('student' => array('index'));
         //Public area resources
         $publicResources = array('managerlogin' => array('index', 'checkuser', 'check', 'signin', 'signup', 'findpass', 'resetpassword', 'newpassword', 'logout'), 'stulogin' => array('index', 'check'), 'index' => array('index'));
         foreach ($adminResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($managerResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($studentResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
         }
         //Grant access to public areas to both users and guests
         foreach ($roles as $role) {
             foreach ($publicResources as $resource => $actions) {
                 $acl->allow($role->getName(), $resource, $actions);
             }
         }
         $acl->allow('Student', 'student', '*');
         $acl->allow('Admin', 'admin', '*');
         $acl->allow('Admin', 'import', '*');
         $acl->allow('Manager', 'index', '*');
         //Grant acess to private area to role Users
         // foreach ($studentResources as $resource => $actions)
         // {
         //     foreach ($actions as $action)
         //     {
         //         $acl->allow('Student', $resource, $action);
         //     }
         // }
         //Grant acess to private area to role Users
         // foreach ($adminResources as $resource => $actions)
         // {
         //     foreach ($actions as $action)
         //     {
         //         $acl->allow('Admin', $resource, $action);
         //     }
         // }
         //Grant acess to private area to role Users
         // foreach ($managerResources as $resource => $actions)
         // {
         //     foreach ($actions as $action)
         //     {
         //         $acl->allow('Manager', $resource, $action);
         //     }
         // }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
示例#30
0
<?php

$acl = new Phalcon\Acl\Adapter\Memory();
//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Create some roles
$roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role');
$roleGuests = new Phalcon\Acl\Role('Guests');
//Add "Guests" role to acl
$acl->addRole($roleGuests);
//Add "Designers" role to acl
$acl->addRole('Designers');
//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');
//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));
//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');
//Check whether role has access to the operations
$acl->isAllowed('Guests', 'Customers', 'edit');
//Returns 0
$acl->isAllowed('Guests', 'Customers', 'search');
//Returns 1
$acl->isAllowed('Guests', 'Customers', 'create');
//Returns 1