public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
$private = array('comments' => array('index', 'edit', 'delete', 'save'), 'posts' => array('new', 'edit', 'save', 'create', 'delete'), 'users' => array('search', 'new', 'edit', 'save', 'create', 'delete', 'logout'));
foreach ($private as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
$public = array('index' => array('index'), 'posts' => array('index', 'search', 'show', 'comment', 'feed'), 'users' => array('login', 'index'), 'js' => array('jquery'));
foreach ($public as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($roles as $role) {
foreach ($public as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
foreach ($private as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = ['admin' => new Phalcon\Acl\Role('admin'), 'dispatcher' => new Phalcon\Acl\Role('dispatcher'), 'handler' => new Phalcon\Acl\Role('handler'), 'assessor' => new Phalcon\Acl\Role('assessor')];
foreach ($roles as $role) {
$acl->addRole($role);
}
//All resources
$resources = ['admin' => ['*'], 'assessor' => ['*'], 'common' => ['*'], 'dispatcher' => ['*'], 'handler' => ['*']];
foreach ($resources as $controller => $actions) {
//Resource类对应某个Controller
$acl->addResource(new Phalcon\Acl\Resource($controller), $actions);
}
//Grant access to users
$acl->allow('admin', 'admin', '*');
$acl->allow('assessor', 'assessor', '*');
$acl->allow('dispatcher', 'dispatcher', '*');
$acl->allow('handler', 'handler', '*');
foreach ($roles as $role) {
$acl->allow($role->getName(), 'common', '*');
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
//Creamos la instancia de ACL para crear los roles
$acl = new Phalcon\Acl\Adapter\Memory();
//Por defecto sera negar el acceso a cualquier zona
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Registramos los roles que deseamos tener en nuestra aplicacion
$roles = array('admin' => new Phalcon\Acl\Role('Admin'), 'registered' => new Phalcon\Acl\Role('Registered'), 'guest' => new Phalcon\Acl\Role('Guest'));
//Añadimos los roles al acl
foreach ($roles as $role) {
$acl->addRole($role);
}
//Zonas accesibles solo para el rol admin
//$adminAreas = array('admin' => array('index', 'save')
$adminAreas = array('admin' => array('tipo', 'get'));
//Añadimos las zonas de administrador a los recursos de la aplicación
foreach ($adminAreas as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Zonas protegidas sólo para usuarios registrados de la aplicación
$registeredAreas = array('dashboard' => array('index'), 'profile' => array('index', 'edit'));
//Añadimos las zonas para usuarios registrados a los recursos de la aplicación
foreach ($registeredAreas as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Zonas públicas de la aplicación
$publicAreas = array('index' => array('index', 'register', 'login', 'end'));
//Añadimos las zonas públicas a los recursos de la aplicación
foreach ($publicAreas as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Damos acceso a todos los usuarios a las zonas públicas de la aplicación
foreach ($roles as $role) {
foreach ($publicAreas as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//damos acceso a la zona de admins solo a rol Admin
foreach ($adminAreas as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Admin', $resource, $action);
}
}
//damos acceso a las zonas de registro tanto a los usuarios registrados como al admin
foreach ($registeredAreas as $resource => $actions) {
//damos acceso a los registrados
foreach ($actions as $action) {
$acl->allow('Registered', $resource, $action);
}
//damos acceso al admin
foreach ($actions as $action) {
$acl->allow('Admin', $resource, $action);
}
}
//El acl queda almacenado en sesión
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
//if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$rol = Role::find(array("cache" => array("key" => "role")));
foreach ($rol as $ros) {
$roles[strtolower($ros->name)] = new Phalcon\Acl\Role($ros->name);
}
foreach ($roles as $role) {
$acl->addRole($role);
}
foreach (Action::find(array("cache" => array("key" => "action"))) as $actions) {
$acl->addResource(new Phalcon\Acl\Resource($actions->controller->name), $actions->name);
}
//Grant access to public areas to both users and guests
foreach ($rol as $role) {
foreach ($role->action as $action) {
$roledann[$role->name][$action->controller->name][] = $action->name;
}
}
// print_r($roledann);
foreach ($roledann as $keys => $dann) {
foreach ($dann as $key => $dan) {
$acl->allow($keys, $key, $dan);
}
}
//The acl is stored in session, APC would be useful here too
//$this->persistent->acl = $acl;
// }
//return $this->persistent->acl;
return $acl;
}
/**
* lógica para crear una aplicación con roles de usuarios
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
//creamos la instancia de acl para crear los roles
$acl = new Phalcon\Acl\Adapter\Memory();
//por defecto la acción será denegar el acceso a cualquier zona
$acl->setDefaultAction(Phalcon\Acl::DENY);
//----------------------------ROLES-----------------------------------
//registramos los roles que deseamos tener en nuestra aplicación****
$listaRoles = Rol::find();
foreach ($listaRoles as $rol) {
$acl->addRole(new \Phalcon\Acl\Role($rol->rol_nombre));
//Recupero todas las paginas de cada rol
$query = $this->modelsManager->createQuery("SELECT pagina.* FROM Acceso AS acceso,Pagina AS pagina,Rol AS rol WHERE rol.rol_id=" . $rol->rol_id . " and rol.rol_id=acceso.rol_id and acceso.pagina_id=pagina.pagina_id");
$listaPaginasPorRol = $query->execute();
foreach ($listaPaginasPorRol as $pagina) {
$acl->addResource(new Resource($pagina->pagina_nombreControlador), $pagina->pagina_nombreAccion);
$acl->allow($rol->rol_nombre, $pagina->pagina_nombreControlador, $pagina->pagina_nombreAccion);
}
}
//El acl queda almacenado en sesión
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Public area resources
$publicResources = array('index' => array('*'), 'admin' => array('login'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
///
$roles = array('customer' => new Phalcon\Acl\Role('customer'), 'guests' => new Phalcon\Acl\Role('Guests'), 'admin' => new Phalcon\Acl\Role('admin'));
foreach ($roles as $role) {
$acl->addRole($role);
}
////
$privateResources = array('operate' => array('index', 'addnews', 'add'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
////
$userResources = array('personal' => array('index', 'detail', 'loan'));
foreach ($userResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
/////
$publicResources = array('index' => array('index', 'verifycode', 'getdata'), 'news' => array('index'), 'about' => array('index', 'contact', 'culture'), 'service' => array('index', 'method', 'mode'), 'situation' => array('index'), 'college' => array('index', 'case', 'test'), 'account' => array('verify', 'register'), 'session' => array('index', 'start', 'end'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
foreach ($userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('customer', $resource, $action);
}
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('admin', $resource, $action);
}
}
//
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function testMemory()
{
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests'));
$resources = array('welcome' => array('index', 'about'), 'account' => array('index'));
foreach ($roles as $role => $object) {
$acl->addRole($object);
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
/*
$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about'));
$acl->allow('Admin', 'welcome', '*');
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
$this->assertFalse($acl->isAllowed('Admin', 'account', 'index'));
$this->assertFalse($acl->isAllowed('Admin', 'account', 'about'));
$acl->allow('Admin', '*', '*');
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
$this->assertTrue($acl->isAllowed('Admin', 'account', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'account', 'about'));
$acl->deny('Admin', '*', '*');
foreach ($roles as $role => $object) {
$this->assertFalse($acl->isAllowed($role, 'welcome', 'about'));
}
*/
$acl->allow("*", "welcome", "index");
foreach ($roles as $role => $object) {
$this->assertTrue($acl->isAllowed($role, 'welcome', 'index'));
}
$acl->deny("*", "welcome", "index");
foreach ($roles as $role => $object) {
$this->assertFalse($acl->isAllowed($role, 'welcome', 'index'));
}
/*
$acl->allow('Admin', '*', 'index');
foreach ($resources as $resource => $actions) {
$this->assertTrue($acl->isAllowed('admin', $resource, 'index'));
}
$acl->allow('*', '*', 'index');
$acl->allow('*', '*', '*');
*/
}
protected function _getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = [self::GUEST => new \Phalcon\Acl\Role(self::GUEST), self::USER => new \Phalcon\Acl\Role(self::USER), self::ADMIN => new \Phalcon\Acl\Role(self::ADMIN)];
foreach ($roles as $role) {
$acl->addRole($role);
}
// public resources
foreach ($this->_publicResources as $resource => $action) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
}
// overons resources
foreach ($this->_userResources as $resource => $action) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
}
// admin resources
foreach ($this->_adminResources as $resource => $action) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $action);
}
// Allow all roles to access the public Resources
foreach ($roles as $role) {
foreach ($this->_publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
// Allow User and Admin to access the overons Resources
foreach ($this->_userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(self::USER, $resource, $action);
$acl->allow(self::ADMIN, $resource, $action);
}
}
// allow Admin to access the admin Resources
foreach ($this->_adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(self::ADMIN, $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!$this->_acl) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('Admin' => new Phalcon\Acl\Role('Admin'), 'Supervisor' => new Phalcon\Acl\Role('Supervisor'), 'User' => new Phalcon\Acl\Role('User'), 'Guest' => new Phalcon\Acl\Role('Guest'));
foreach ($roles as $role) {
$acl->addRole($role);
}
$adminResources = array('Admin' => array('index', 'organisationEdit', 'organisationNew', 'userEdit', 'userNew', 'dashboardEdit', 'dashboardNew', 'payment_methodEdit', 'payment_methodNew', 'calendar_eventEdit', 'calendar_eventNew', 'canvasEdit', 'canvasNew'));
foreach ($adminResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
$supervisorResources = array('Supervisor/index' => array('index'));
foreach ($supervisorResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//User area resources
$userResources = array('Canvas' => array('builder', 'dashboard'), 'widget' => array('builder', 'update'), 'index' => array('*'), 'dashboard' => array('index'), 'profile' => array('edit'), 'calendar' => array('index'), 'report' => array('index'), 'support' => array('index', 'send'));
foreach ($userResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Private area resources
$publicResources = array('logins' => array('*'), 'session' => array('index', 'register', 'start', 'end'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('User', $resource, $action);
$acl->allow('Admin', $resource, $action);
$acl->allow('Supervisor', $resource, $action);
}
}
foreach ($supervisorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Supervisor', $resource, $action);
$acl->allow('Admin', $resource, $action);
}
}
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Admin', $resource, $action);
}
}
$this->_acl = $acl;
}
return $this->_acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('Common' => new Phalcon\Acl\Role('Common'), 'Person' => new Phalcon\Acl\Role('Person'), 'Company' => new Phalcon\Acl\Role('Company'), 'Guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail'));
//Grant resources to role users
$privateACL = array('Common' => array('user' => array('center', 'changeAvatar', 'changePassword', 'applyInvest', 'applyPerson', 'applyCompany', 'applyTest')), 'Person' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')), 'Company' => array('user' => array('center', 'changeAvatar', 'changePassword'), 'raise_funds' => array('create'), 'invest' => array('makeOrder', 'submitOrder', 'payForm', 'payFinish', 'payCallback'), 'user_raise_basic' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'newcompany', 'editcompany', 'saveCompany', 'remain', 'status', 'protocol', 'result'), 'user_raise_idea' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_market' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_qa' => array('index', 'indexQa', 'search', 'new', 'edit', 'create', 'save', 'delete', 'ajaxRemsg'), 'user_raise_team' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_updates' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_around' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete'), 'user_raise_investor' => array('index', 'search', 'new', 'edit', 'create', 'save', 'delete', 'detail')));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('user' => array('index', 'register', 'login', 'loginSubmit', 'registerSubmit', 'loginout', 'applyInvest', 'applyPerson', 'applyPersonSubmit', 'applyCompany', 'applyCompanySubmit', 'applyTest', 'imgVerity', 'img_verity'), 'index' => array('index'), 'file' => array('upload'), 'invest' => array('index', 'pjCenter'), 'raise_funds' => array('index'), 'raise_product' => array('index', 'pdShow'), 'user_raise_basic' => array('ajaxGetType'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
//Grant acess to private area to role Users
foreach ($privateACL as $roleUser => $privateResources) {
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($roleUser, $resource, $action);
}
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
protected function _getAcl()
{
if (!$this->acl) {
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PUBLIC));
$acl->addRole(new \Phalcon\Acl\Role(self::ROLE_PRIVATE));
// Allow All Roles to access the Public resources
foreach ($this->publicEndpoints as $endpoint) {
$acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint);
$acl->allow(self::ROLE_PUBLIC, self::RESOURCE_API, $endpoint);
$acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint);
}
foreach ($this->privateEndpoints as $endpoint) {
$acl->addResource(new \Phalcon\Acl\Resource(self::RESOURCE_API), $endpoint);
$acl->allow(self::ROLE_PRIVATE, self::RESOURCE_API, $endpoint);
}
$this->acl = $acl;
}
return $this->acl;
}
/**
* Creates ACL (Access Control List) if not already created
*/
public function getACL($isRefresh)
{
if ($isRefresh || !isset($this->persistent->acl)) {
//not yet created, make it
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//register roles
$roles = array('guests' => new Phalcon\Acl\Role('Guests'), 'users' => new Phalcon\Acl\Role('Users'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources (the controller then actions)
$privateResources = array('profile' => array('index', 'other'), 'session' => array('logout'), 'creategoal' => array('index'), 'goal' => array('create', 'browse', 'view', 'edit'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'session' => array('login', 'register', 'logout', 'sendconf', 'completeReg'), 'admin' => array('index', 'updateAcl'), 'test' => array('index'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
//Grant access to private area only to those logged in
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//store new ACL
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
private function _getAcl()
{
$this->persistent->destroy();
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array(Core_UserCenter_Enum::ADMIN => new Phalcon\Acl\Role(Core_UserCenter_Enum::ADMIN), Core_UserCenter_Enum::USERS => new Phalcon\Acl\Role(Core_UserCenter_Enum::USERS), Core_UserCenter_Enum::GUESTS => new Phalcon\Acl\Role(Core_UserCenter_Enum::GUESTS));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('xadmin' => array('index'), 'stock' => array('manage'), 'auth' => array('logout'), 'pupil' => array('add'), 'config' => array('edit'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('auth' => array('login', 'switch'), 'index' => array('index'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('*', $resource, $action);
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(Core_UserCenter_Enum::USERS, $resource, $action);
$acl->allow(Core_UserCenter_Enum::ADMIN, $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
private function initAcl()
{
if (empty($this->acl)) {
// Создаем ACL
$acl = new \Phalcon\Acl\Adapter\Memory();
// Действием по умолчанию будет запрет
$acl->setDefaultAction(\Phalcon\Acl::DENY);
// Регистрируем две роли. Users - это зарегистрированные пользователи,
// а Guests - неидентифициорованные посетители.
$roles = array('users' => new \Phalcon\Acl\Role('users'), 'guests' => new \Phalcon\Acl\Role('guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
// Приватные ресурсы (бакенд)
$privateResources = ['user' => ['index', 'profile'], 'clan' => ['index']];
// Публичные ресурсы (фронтенд)
$publicResources = array('index' => ['index'], 'session' => ['index', 'start', 'end'], 'user' => ['register']);
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
// Предоставляем пользователям и гостям доступ к публичным ресурсам
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
// Доступ к приватным ресурсам предоставляем только пользователям
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('users', $resource, $action);
}
}
$this->acl = $acl;
}
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('dashboard' => array('index'), 'agenda' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index', 'login', 'logout'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getACL()
{
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role("Administrators", "Super-User role"), 'guests' => new Phalcon\Acl\Role("Guests"));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources // Define the "NiuUsrInfo" resource //$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
$privateResources = array('NiuUsrInfo' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'invoices' => array('index', 'profile'));
// Add "NiuUsrInfo" resource with a couple of operations // $acl->addResource($customersResource, array("search", "update", "create"));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'about' => array('index'), 'register' => array('index'), 'errors' => array('show401', 'show404', 'show500'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Set access level for roles into resources $acl->allow("Guests", "NiuUsrInfo", "search"); $acl->deny("Guests", "NiuUsrInfo", "create");
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
}
public function getAcl()
{
if (!$this->_acl) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('users' => new Phalcon\Acl\Role('Users'), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array('news' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'post' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'inter' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'comment' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), 'insertion' => array('index', 'profile'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Public area resources
$publicResources = array('index' => array('index'), 'session' => array('index', 'register', 'start', 'end'), 'contact' => array('index', 'send'), 'article' => array('index', 'show'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant acess to private area to role Users
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Users', $resource, $action);
}
}
$this->_acl = $acl;
}
return $this->_acl;
}
private function _getAcl()
{
//используется только при дебаге, чтобы всегда ACL был новый
$this->persistent->destroy();
if (!isset($this->persistent->acl)) {
$userEnum = Core_UserCenter_Enum::getInstance();
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Регистрация роллей из Core_UserCenter_Enum
foreach ($userEnum->getAll() as $name => $value) {
$acl->addRole($name);
}
//Public area resources
$publicResources = ['test' => ['index'], 'auth' => ['login']];
$privateResources = ['test' => ['bla', 'getlist'], 'index' => ['index'], 'auth' => ['logout']];
foreach (array_merge_recursive($privateResources, $publicResources) as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('*', $resource, $action);
}
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($userEnum->getName($userEnum::ADMIN), $resource, $action);
}
}
//Разрешаем для группы ADMIN ВЕЗДЕ доступ
$acl->allow($userEnum->getName($userEnum::ADMIN), '*', '*');
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
/*
* Buscar ACL en cache
*/
// $acl = $this->cache->get('acl-cache');
// if (!$acl) {
// No existe, crear objeto ACL
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
// $acl = $this->acl;
$userroles = Role::find();
$modelManager = Phalcon\DI::getDefault()->get('modelsManager');
$sql = "SELECT Resource.name AS resource, Action.name AS action \n FROM Action\n JOIN Resource ON (Action.idResource = Resource.idResource)";
$results = $modelManager->executeQuery($sql);
$userandroles = $modelManager->executeQuery('SELECT Role.name AS rolename, Resource.name AS resname, Action.name AS actname
FROM Allowed
JOIN Role ON (Role.idRole = Allowed.idRole)
JOIN Action ON (Action.idAction = Allowed.idAction)
JOIN Resource ON (Action.idResource = Resource.idResource)');
//Registrando roles
foreach ($userroles as $role) {
$acl->addRole(new Phalcon\Acl\Role($role->name));
}
//Registrando recursos
$resources = array();
foreach ($results as $key) {
if (!isset($resources[$key['resource']])) {
$resources[$key['resource']] = array($key['action']);
}
$resources[$key['resource']][] = $key['action'];
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Relacionando roles y recursos desde la base de datos
foreach ($userandroles as $role) {
$acl->allow($role->rolename, $role->resname, $role->actname);
}
// $this->cache->save('acl-cache', $acl);
// }
// Retornar ACL
$this->_dependencyInjector->set('acl', $acl);
return $acl;
}
public static function getInstanceAccess()
{
if (!static::$_INSTANCE_ACCESS) {
$access = new \Phalcon\Acl\Adapter\Memory();
$access->setDefaultAction(\Phalcon\Acl::DENY);
foreach (json_decode(file_get_contents(sprintf('%s/access.json', ROOT_PATH))) as $rule) {
$access->addRole(new \Phalcon\Acl\Role($rule->role));
foreach ($rule->resources as $resource) {
$access->addResource(new \Phalcon\Acl\Resource($resource->name), $resource->list);
foreach ($resource->list as $item) {
$access->allow($rule->role, $resource->name, $item);
}
}
}
static::$_INSTANCE_ACCESS = $access;
}
return static::$_INSTANCE_ACCESS;
}
public function getAcl()
{
// Create the ACL
$acl = new Phalcon\Acl\Adapter\Memory();
// The default action is DENY access
$acl->setDefaultAction(Phalcon\Acl::DENY);
// Register roles
$roles = array('admin' => new Phalcon\Acl\Role('admin'), 'user' => new Phalcon\Acl\Role('user'));
// Adding Roles to the ACL
foreach ($roles as $role) {
$acl->addRole($role);
}
// Adding Resources (controllers/actions)
// resources allowed for all groups
$publicResources = array('index' => array('index', 'notFound', 'forbidden', 'internalServerError'), 'user' => array('myProfile', 'changePassword'), 'country' => array('index', 'add', 'edit', 'delete'), 'area' => array('index', 'add', 'wfs'));
$privateResources = array('user' => array('index', 'add', 'edit', 'delete', 'resetPassword'));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
// Defining Access Controls
// Grant access to public areas to all roles
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($role->getName(), $resource, $action);
}
}
}
// Grant access to private area only to certain roles
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow($roles['admin']->getName(), $resource, $action);
}
}
return $acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('admin' => new Phalcon\Acl\Role("M"), 'leader' => new Phalcon\Acl\Role("L"), 'pm' => new Phalcon\Acl\Role('P'), 'examinee' => new Phalcon\Acl\Role("E"), 'interviewer' => new Phalcon\Acl\Role("I"), 'guests' => new Phalcon\Acl\Role('G'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//manager area resources
$privateResources = array('admin' => array('index'), 'examinee' => array('index'), 'interviewer' => array('index'), 'leader' => array('index'), 'pm' => array('index'), 'test' => array('index'));
//Public area resources
$publicResources = array('managerlogin' => array('index', 'login', 'logout'), 'examinee' => array('login'), 'index' => array('index'), 'test' => array('index'));
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
$acl->allow('M', 'admin', '*');
$acl->allow('E', 'examinee', '*');
$acl->allow('P', 'pm', '*');
$acl->allow('L', 'leader', '*');
$acl->allow('I', 'interviewer', '*');
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
/* update values here */
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$roles = array("GUEST" => new Acl\Role("GUEST"), "USER" => new Acl\Role("USER"), "COORDINATOR" => new Acl\Role("COORDINATOR"), "ADMIN" => new Acl\Role("ADMIN"));
foreach ($roles as $key => $role) {
switch ($key) {
case "GUEST":
$acl->addRole($role);
break;
case "USER":
$acl->addRole($role, $roles['GUEST']);
break;
case "COORDINATOR":
$acl->addRole($role, $roles['USER']);
break;
case "ADMIN":
$acl->addRole($role, $roles['COORDINATOR']);
break;
}
}
//Resources of admin (cms)
$adminResources = array("config" => array('index', "saveorder"), "tags" => array("delete"), "user" => array("deleteuser", "newuser", "index", "saveuser", "edit", "inactive"), "sections" => array("index", "home", "feedpost", "updatesection", "orderpostsections"), "category" => array("index", "new", "edit", "delete", "validatecategory"));
foreach ($adminResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$coordinatorResources = array("index" => array("index"), "course" => array("index", "new", "delete", "validateurl", "uploadimage", "save", "edit", "inactive", "update"), "instructor" => array("index", "new", "delete", "uploadfile", "save", "edit", "inactive", "update", "view"));
foreach ($coordinatorResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$userResources = array("index" => array("index"), "user" => array('index', "profile", "updateuser", "updatepassword", "updateuserimage", "uploadimage", "socialmedia", "validateemail", "validateusername", "editnote"));
foreach ($userResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$publicResources = array("login" => array('index', "logout", "session"));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("GUEST", $resource, $action);
}
}
foreach ($userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("USER", $resource, $action);
$acl->allow("COORDINATOR", $resource, $action);
$acl->allow("ADMIN", $resource, $action);
$acl->deny("USER", "login", "index");
}
}
foreach ($coordinatorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("COORDINATOR", $resource, $action);
$acl->allow("ADMIN", $resource, $action);
$acl->deny("COORDINATOR", "login", "index");
}
}
//Grant acess to adminResources area to role ADMIN
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("ADMIN", $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
return new FunctionPlugin();
});
$di->setShared('totp', function () {
$totp = new Rych\OTP\TOTP(Rych\OTP\Seed::generate(32));
return $totp;
});
$di['oauth'] = function () {
$oauth = new Cucu\Phalcon\Oauth2\Plugin\OauthPlugin();
$oauth->initAuthorizationServer();
$oauth->initResourceServer();
$oauth->enableAllGrants();
return $oauth;
};
$di['acl'] = function () {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
// Create some roles
//$roleAdmins = new Phalcon\Acl\Role("Administrators", "Super-User role");
$roleGuests = new Phalcon\Acl\Role("Guests");
// Add "Guests" role to ACL
$acl->addRole($roleGuests);
// Define the "NiuUsrInfo" resource
$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
// Add "NiuUsrInfo" resource with a couple of operations
$acl->addResource($customersResource, array("search", "update", "create"));
// Set access level for roles into resources
$acl->allow("Guests", "NiuUsrInfo", "search");
$acl->deny("Guests", "NiuUsrInfo", "create");
$acl->allow("Guests", "NiuUsrInfo", "update");
return $acl;
};
public function testOptionsWithAcl()
{
$I = $this->tester;
$_SERVER['REQUEST_METHOD'] = 'OPTIONS';
$resource = new \Phalcon\Acl\Resource('/foo');
$role = new \Phalcon\Acl\Role('foo');
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$acl->addResource($resource, []);
$acl->addRole($role);
$acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']);
$acl->allow($role->getName(), $resource->getName(), 'GET');
$acl->allow($role->getName(), $resource->getName(), 'POST');
$acl->isAllowed($role->getName(), $resource->getName(), 'GET');
$app = Rest\App::instance();
$app->setService('acl', $acl, true);
$controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']);
$controller->setDI($app->getDI());
$resp = $controller->handle();
$actual = $resp->getHeaders()->get('Allow');
$I->assertEquals('GET', $actual);
}
// 这里是继承,第一个参数是儿子,第二个参数是父亲
//$acl->addInherit('User','Guest');
/*
* 资源,定义访问的接口
* */
$arrResources = ['User' => ['UserController' => ['login', 'logout']], 'Admin' => []];
foreach ($arrResources as $arrResource) {
foreach ($arrResource as $controller => $arrMethods) {
$acl->addResource(new Phalcon\Acl\Resource($controller), $arrMethods);
}
}
foreach ($acl->getRoles() as $objRole) {
$roleName = $objRole->getName();
if ($roleName == 'Admin') {
foreach ($arrResources['Admin'] as $resource => $method) {
$acl->allow($roleName, $resource, $method);
}
}
if ($roleName == 'User') {
foreach ($arrResources['User'] as $resource => $method) {
$acl->allow($roleName, $resource, $method);
}
}
}
$app->before(function () use($app, $acl) {
$arrHandler = $app->getActiveHandler();
$controller = str_replace('Controller\\', '', get_class($arrHandler[0]));
$baseController = new BaseController();
$cacheToken = $baseController->verifyToken();
if (false == $cacheToken) {
$auth = 'User';
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Register roles
$roles = array('admin' => new Phalcon\Acl\Role("Admin"), 'manager' => new Phalcon\Acl\Role('Manager'), 'student' => new Phalcon\Acl\Role("Student"), 'guests' => new Phalcon\Acl\Role('Guests'));
foreach ($roles as $role) {
$acl->addRole($role);
}
//admin area resources
$adminResources = array('admin' => array('index'), 'import' => array('index'));
//manager area resources
$managerResources = array('index' => array('index'));
//student area resources
$studentResources = array('student' => array('index'));
//Public area resources
$publicResources = array('managerlogin' => array('index', 'checkuser', 'check', 'signin', 'signup', 'findpass', 'resetpassword', 'newpassword', 'logout'), 'stulogin' => array('index', 'check'), 'index' => array('index'));
foreach ($adminResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($managerResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($studentResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}
$acl->allow('Student', 'student', '*');
$acl->allow('Admin', 'admin', '*');
$acl->allow('Admin', 'import', '*');
$acl->allow('Manager', 'index', '*');
//Grant acess to private area to role Users
// foreach ($studentResources as $resource => $actions)
// {
// foreach ($actions as $action)
// {
// $acl->allow('Student', $resource, $action);
// }
// }
//Grant acess to private area to role Users
// foreach ($adminResources as $resource => $actions)
// {
// foreach ($actions as $action)
// {
// $acl->allow('Admin', $resource, $action);
// }
// }
//Grant acess to private area to role Users
// foreach ($managerResources as $resource => $actions)
// {
// foreach ($actions as $action)
// {
// $acl->allow('Manager', $resource, $action);
// }
// }
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
<?php
$acl = new Phalcon\Acl\Adapter\Memory();
//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Create some roles
$roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role');
$roleGuests = new Phalcon\Acl\Role('Guests');
//Add "Guests" role to acl
$acl->addRole($roleGuests);
//Add "Designers" role to acl
$acl->addRole('Designers');
//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');
//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));
//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');
//Check whether role has access to the operations
$acl->isAllowed('Guests', 'Customers', 'edit');
//Returns 0
$acl->isAllowed('Guests', 'Customers', 'search');
//Returns 1
$acl->isAllowed('Guests', 'Customers', 'create');
//Returns 1