function __construct($role_id, $locale_code = "en-us", $config = null, $restricted = null)
{
// TODO: finish changing this into a params array being passed in
// $this->role_id = $params['role_id'];
// $this->locale_code = $params['locale_code'];
$this->role_id = $role_id;
$this->locale_code = $locale_code;
if (is_array($this->role_id))
{
$all_roles = $this->role_id;
}
else
{
$all_roles = array($this->role_id);
}
$roles_table = new Roles();
foreach ($all_roles as $role)
{
$all_roles = array_merge($all_roles, $roles_table->getAllAncestors($role));
}
$this->all_roles = array_unique($all_roles);
return parent::__construct($config);
}
function __construct($role_id, $locale_code = "en-us", $config = null, $restricted = null)
{
$this->locale_code = $locale_code;
$this->role_id = $role_id;
if (is_array($this->role_id)) {
$all_roles = $this->role_id;
} else {
$all_roles = array($this->role_id);
}
$roles_table = new Roles();
foreach ($all_roles as $role) {
$all_roles = array_merge($all_roles, $roles_table->getAllAncestors($role));
}
$this->all_roles = array_unique($all_roles);
return parent::__construct($config);
}
static function isAllowed($resource,$module = "default",$username = null,$controller = null){
$users_roles_table = new UsersRoles();
$roles_table = new Roles();
if(!is_null($username)){
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?",$username));
if(count($users_roles_db) > 0){
$user_roles = array();
$users_roles_db = $users_roles_db->toArray();
foreach($users_roles_db as $role){
$ancs = $roles_table->getAllAncestors($role['role_id']);
foreach ($ancs as $anc => $value) {
$user_roles[] = $value;
}
array_push($user_roles, $role['role_id']);
}
$user_roles = array_unique($user_roles);
}
} else {
$user_roles = array($roles_table->getIdByShortname("guest"));
}
if (is_null($controller)) {
$controller = "@@EXTRA";
}
$resource_name = $module ."-". $controller ."-". $resource;
$out = array();
if(Zend_Registry::isRegistered('acl')){
$acl = Zend_Registry::get('acl');
if($acl->has($resource_name)){
foreach($user_roles as $role){
if($acl->isAllowed($role, $resource_name)){
$out[] = $role;
}
}
}
}
return $out;
}
protected function _checkMatch($match) {
$roles_resources_table = new RolesResources();
$roles_table = new Roles();
$this_access = array();
$request = $this->getRequest();
$resource_name = $request->getModuleName() . "-" .ucfirst(strtolower($request->getControllerName())) . "-" .$request->getActionName();
if(Zend_Registry::isRegistered('acl')){
$acl = Zend_Registry::get('acl');
if($acl->has($resource_name)){
if($acl->isAllowed($match, $resource_name)){
$this_access[] = $match;
}
$indirect = $roles_table->getAllAncestors($match); //maybe they inherit access
$indirect_access = array();
foreach($indirect as $role){
if($acl->isAllowed($role, $resource_name)){
$this_access[] = $role;
$this_access[] = $match;
}
}
}
}
return array_unique($this_access); // in not null, they inherit access
}
function editAction()
{
$request = new Bolts_Request($this->getRequest());
$roles_table = new Roles();
$role = null;
if ($request->has('id')) {
if (!is_null($request->id)) {
$role = $roles_table->fetchRow($roles_table->select()->where("id = ?", $request->id));
if (!is_null($role)) {
// we do not edit the guest role
if ($role->shortname == "guest") {
$this->_redirect("/bolts/role");
}
$this->view->role = $role->toArray();
$this->view->role_tree = $roles_table->getRoleTree(null, $role->id);
$this->view->inherited_ids = $roles_table->getInheritedRoles($role->id);
}
}
}
if (is_null($role)) {
$this->view->role_tree = $roles_table->getRoleTree();
}
if ($this->getRequest()->isPost()) {
$errors = array();
if ($request->has('inherit_role')) {
$parents = array();
foreach ($request->inherit_role as $inherit_role) {
$parents = array_merge($parents, $roles_table->getAllAncestors($inherit_role));
}
$inherit_ids = array();
foreach ($request->inherit_role as $inherit_role) {
if (!in_array($inherit_role, $parents)) {
$inherit_ids[] = $inherit_role;
}
}
}
if ($request->has('shortname')) {
$shortname = $request->shortname;
if (!Bolts_Validate::checkLength($request->shortname, 1, 255)) {
$errors[] = $this->_T("Shortname must be between 1 and 255 chars.");
}
} else {
$errors[] = $this->_T("Shortname is a requried field.");
}
$description = $request->description;
$isadmin = (int) $request->checkbox('isadmin');
if (count($errors) == 0) {
$data = array('shortname' => $shortname, 'description' => $description, 'isadmin' => $isadmin);
//If we have an id, this is an update.
$id = (int) $this->_request->getPost('id');
if ($id != 0) {
$where = 'id = ' . $id;
$roles_table->update($data, $where);
} else {
//We don't, this is an insert.
$id = $roles_table->insert($data);
}
$roles_table->removeInheritedRole($id);
foreach ($inherit_ids as $in_id) {
$roles_table->setInheritedRole($id, $in_id);
}
$this->_redirect("/bolts/role");
} else {
$this->view->errors = $errors;
}
}
if ($request->has('id')) {
// this is an edit
$id = $request->id;
if ($id > 0) {
$this->view->role = $roles_table->fetchRow('id = ' . $id)->toArray();
}
$this->view->inherited_ids = $roles_table->getInheritedRoles($id);
} else {
foreach ($roles_table->fetchAll()->toArray() as $role) {
$role_choices[$role['id']] = $role['shortname'];
}
$this->view->role_choices = $role_choices;
}
}
protected function isExtraResourceInherited($module, $resource, $role_id)
{
$inheritsResource = false;
$roles_table = new Roles();
$roles_roles_table = new RolesRoles();
$roles_res_extra_table = new RolesResourcesExtra();
$inherited_ids = $roles_table->getAllAncestors($role_id);
if (count($inherited_ids) > 0)
{
foreach ($inherited_ids as $inherited_id)
{
// determine if parent has access to this resource
$select = $roles_res_extra_table->select();
$select->where("role_id = ?", $inherited_id);
$select->where("module = ?", $module);
$select->where("resource = ?", $resource);
$roles_resource = $roles_res_extra_table->fetchRow($select);
if (!is_null($roles_resource))
{
//parent has it, role is inherited
$inheritsResource = true;
}
}
}
return $inheritsResource;
}
function init()
{
$params = array('username' => null);
$modules_table = new Modules("core");
$roles_table = new Roles();
$enabled_modules = $modules_table->getEnabledModules();
foreach ($enabled_modules as $enabled_module) {
$this->view->{"module_" . $enabled_module} = true;
}
if (!empty($_SERVER['HTTPS'])) {
$this->view->is_ssl = true;
$this->_is_ssl = true;
} else {
$this->view->is_ssl = false;
$this->_is_ssl = false;
}
$this->_uri = $_SERVER['REQUEST_URI'];
$this->_host_id = Zend_Registry::get('host_id');
$this->view->host_id = $this->_host_id;
$this->view->session_id = Zend_Session::getId();
$this->view->site_url = Bolts_Registry::get('site_url');
$this->view->site_name = Bolts_Registry::get('site_name');
$this->registry = Zend_Registry::getInstance();
$this->session = new Zend_Session_Namespace('Default');
$this->_mca = $this->_request->getModuleName() . "_" . $this->_request->getControllerName() . "_" . $this->_request->getActionName();
$this->view->mca = str_replace("_", "-", $this->_mca);
$this->view->controller_name = $this->_request->getControllerName();
$this->module_name = $this->_request->getModuleName();
$this->view->module_name = $this->_request->getModuleName();
$this->view->action_name = $this->_request->getActionName();
$this->_auth = Zend_Auth::getInstance();
if ($this->_auth->hasIdentity()) {
$this->_identity = $this->_auth->getIdentity();
$this->view->isLoggedIn = true;
$params['username'] = $this->_identity->username;
$users_table = new Users();
$loggedInUser = $users_table->fetchByUsername($this->_identity->username);
if (!is_null($loggedInUser)) {
$this->_loggedInUser = $loggedInUser;
$this->view->loggedInUser = $loggedInUser->toArray();
}
$this->view->loggedInUsername = $this->_identity->username;
$this->view->loggedInFullName = $this->_identity->full_name;
$loggedInRoleIds = $roles_table->getRoleIdsByUsername($this->_identity->username);
$this->view->loggedInRoleIds = $loggedInRoleIds;
foreach ($loggedInRoleIds as $role_id) {
$role = $roles_table->fetchRow('id = ' . $role_id);
if ((bool) $role->isadmin) {
$this->view->isAdmin = true;
$this->_identity->isAdmin = true;
}
}
} else {
$this->_identity = null;
$this->view->isLoggedIn = false;
}
$appNamespace = new Zend_Session_Namespace('Bolts_Temp');
$this->view->last_login = $appNamespace->last_login;
$this->_Bolts_plugin = Bolts_Plugin::getInstance();
$this->_theme_locations = Zend_Registry::get('theme_locations');
// Theme filter block: Allow plugin's to alter the current theme based on request, locale, etc.
$theme_params = array('request' => $this->_request, 'admin' => array('current_theme' => $this->_theme_locations['admin']['current_theme']), 'frontend' => array('current_theme' => $this->_theme_locations['frontend']['current_theme']));
$theme_params = $this->_Bolts_plugin->doFilter('current_themes', $theme_params);
// FILTER HOOK
if (file_exists($theme_params['admin']['current_theme']['path'])) {
$this->_theme_locations['admin']['current_theme'] = $theme_params['admin']['current_theme'];
}
if (file_exists($theme_params['frontend']['current_theme']['path'])) {
$this->_theme_locations['frontend']['current_theme'] = $theme_params['frontend']['current_theme'];
$template_path = $this->_theme_locations['frontend']['current_theme']['path'] . "/modules/" . $this->getRequest()->getModuleName();
$this->view->setScriptPath($template_path);
}
// Theme filter block: End.
$this->view->theme_path = $this->_theme_locations['frontend']['current_theme']['path'];
$this->view->theme_url = $this->_theme_locations['frontend']['current_theme']['url'];
$this->view->theme_global_path = $this->_theme_locations['frontend']['current_theme']['path'] . "/global";
$this->view->theme_global = $this->view->theme_global_path;
$this->view->theme_controller_path = $this->_theme_locations['frontend']['current_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName() . "/" . $this->getRequest()->getControllerName();
$this->view->theme_module_path = $this->_theme_locations['frontend']['current_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName();
$this->view->default_theme_path = $this->_theme_locations['frontend']['default_theme']['path'];
$this->view->default_theme_url = $this->_theme_locations['frontend']['default_theme']['url'];
$this->view->default_theme_global_path = $this->_theme_locations['frontend']['default_theme']['path'] . "/global";
$this->view->default_theme_controller_path = $this->_theme_locations['frontend']['default_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName() . "/" . $this->getRequest()->getControllerName();
$this->view->default_theme_module_path = $this->_theme_locations['frontend']['default_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName();
Bolts_Log::report("Current path " . $this->_mca, null, Zend_Log::INFO);
$this->view->isAdminController = false;
$this->view->title_prefix = Bolts_Registry::get('title_prefix');
$locale_is_valid = true;
$default_locale_code = str_replace('_', '-', trim(strtolower(Bolts_Registry::get('default_locale'))));
$this->locale_code = $default_locale_code;
if (Bolts_Registry::get('enable_localization') == '1') {
// to set the locale code, look in the URL, not in the cookie
// the only thing that should check the cookie is the home page and optionally the locale chooser page
$locales_table = new Locales();
$db_locales_full = $locales_table->getLocaleCodesArray(true);
$db_locales = array_keys($db_locales_full);
// Get the locales allowed in the config
$allowed_locales = explode(',', Bolts_Registry::get('allowed_locales'));
if (!empty($allowed_locales) && (bool) array_filter($allowed_locales)) {
$allowed_locales = array_map('trim', $allowed_locales);
$allowed_locales = array_map('strtolower', $allowed_locales);
$allowed_locales = str_replace('_', '-', $allowed_locales);
} else {
throw new Exception('Localization is enabled, but no locales are set in `allowed_locales`');
}
// Load the allowed locales into Smarty for the admin drop down
$all_locales = array();
foreach ($db_locales_full as $code => $name) {
if (in_array($code, $allowed_locales)) {
$all_locales[$code] = $name;
}
}
$this->view->locale_codes = $all_locales;
// Get the locales allowed on the frontend in the config
$live_locales = explode(',', Bolts_Registry::get('live_locales'));
if (!empty($live_locales) && (bool) array_filter($live_locales)) {
$live_locales = array_map('trim', $live_locales);
$live_locales = array_map('strtolower', $live_locales);
$live_locales = str_replace('_', '-', $live_locales);
$this->live_locales = $live_locales;
} else {
throw new Exception('Localization is enabled, but no locales are set in `live_locales`');
}
if ($this->_request->has('locale') && $this->_request->locale != '') {
$locale_code = $this->_request->get('locale');
if ($locale_code !== $default_locale_code) {
if (ereg("^..-.{2,5}", $locale_code) !== false) {
// Get the locales out of the database
if (!in_array($locale_code, $db_locales) || !in_array($locale_code, $allowed_locales)) {
$locale_is_valid = false;
}
if ($this->view->isAdmin !== true) {
if (!in_array($locale_code, $this->live_locales)) {
$locale_is_valid = false;
}
}
} else {
$locale_is_valid = false;
}
}
if ($locale_is_valid) {
$store_locales = explode(',', Bolts_Registry::get('store_enabled_locales'));
if (!empty($store_locales) && (bool) array_filter($store_locales)) {
$store_locales = array_map('trim', $store_locales);
$store_locales = array_map('strtolower', $store_locales);
$store_locales = str_replace('_', '-', $store_locales);
if (!in_array($locale_code, $store_locales)) {
$this->view->store_enabled = false;
} else {
$this->view->store_enabled = true;
}
} else {
$this->view->store_enabled = false;
}
}
$locale_params = array('request' => $this->_request, 'locale_code' => $locale_code, 'locale_is_valid' => $locale_is_valid);
$locale_params = $this->_Bolts_plugin->doFilter('validate_locale', $locale_params);
// FILTER HOOK
$locale_code = $locale_params['locale_code'];
$locale_is_valid = $locale_params['locale_is_valid'];
if ($locale_is_valid == true) {
// The locale is good.
$this->locale_code = $locale_code;
$this->default_locale_code = $default_locale_code;
$this->view->locale_code = $locale_code;
$this->view->default_locale_code = $default_locale_code;
$this->view->request_locale = $locale_code;
$this->view->default_locale_code = $default_locale_code;
} else {
if (strtolower($locale_code) !== $locale_code) {
// The locale is probably just upper case. Try lower case.
$this->locale_code = strtolower($locale_code);
$url = str_replace("/{$locale_code}/", '/', $_SERVER['REDIRECT_URL']);
// See Apache Quirks: http://framework.zend.com/manual/en/zend.controller.request.html
$this->_redirect($url, array('code' => 301));
} else {
// This locale is just bad.
$this->locale_code = $default_locale_code;
$this->view->locale_code = $default_locale_code;
// Checking hasIdentity() here would be incorrect, as guests do not have identities, but may have access to this action
if (@Bolts_ResourceCheck::isAllowed("choose", "default", $this->_identity->username, 'Locale')) {
$this->_redirect("/bolts/locale/choose/");
} else {
if (empty($this->_request->locale)) {
$this->_redirect("/", array('code' => 301));
} else {
$this->_redirect("/bolts/auth/missing/");
}
}
}
}
} elseif ($this->_mca == "default_index_index" && isset($_COOKIE['locale_code'])) {
$this->_redirect("/" . $_COOKIE['locale_code'] . "/", array(), false);
} else {
// Checking hasIdentity() here would be incorrect, as guests do not have identities, but may have access to this action
if (@Bolts_ResourceCheck::isAllowed("choose", "default", $this->_identity->username, 'Locale')) {
$this->_redirect($default_locale_code . "/bolts/locale/choose/");
} else {
$this->_redirect($default_locale_code . "/bolts/auth/missing/");
}
}
}
$this->view->custom_metadata = Bolts_Registry::get('custom_metadata');
$language = substr($this->locale_code, 0, strpos($this->locale_code, '-'));
// TODO - these should not be hardcoded here
switch ($language) {
case 'de':
$this->view->format_date = "%e. %b. %Y, %l:%M Uhr";
$this->view->format_datetime = "%A, %e. %B %Y um %l:%M:%S%p Uhr";
$this->view->format_datetime_small = "%e %b %Y, %l:%M%p";
break;
case 'fr':
$this->view->format_date = "%e %b %Y, %l:%M:%S";
$this->view->format_datetime = "%A %e %B %Y à %l:%M:%S%p";
$this->view->format_datetime_small = "%e %b %Y, %l:%M%p";
break;
default:
$this->view->format_date = Bolts_Registry::get('format_date');
$this->view->format_datetime = Bolts_Registry::get('format_datetime');
$this->view->format_datetime_small = Bolts_Registry::get('format_datetime_small');
break;
}
$this->view->current_year = date("Y");
// SAVED FOR FUTURE USE - changing the language pack based on locale
// $locale_table = new Locales();
// $locale_data = $locale_table->fetchByLocaleCode($this->view->locale_code);
// if (count($locale_data) > 0) {
// $this->locale_data = $locale_data['0'];
// $this->view->locale_data = $this->locale_data;
// $lan_pk = $this->locale_data['language_code'].'_'.$this->locale_data['country_code'].'.UTF-8';
// setlocale(LC_ALL, $lan_pk);
// setlocale(LC_NUMERIC, 'en_US.UTF-8');
// setlocale(LC_COLLATE, 'en_US.UTF-8');
// }
// this is a way to force the browser to reload some scripts
if (Bolts_Registry::get('uncache_css_js_version')) {
$this->view->uncache_version = "?v=" . Bolts_Registry::get('uncache_css_js_version');
}
if (Bolts_Registry::get('uncache_flash_version')) {
$this->view->uncache_flash = "?v=" . Bolts_Registry::get('uncache_flash_version');
}
// Set the content type to UTF-8
header('Content-type: text/html; charset=UTF-8');
// get navigation items from database or cache
// check for role of identity, if we don't have one, use guest.
// TODO - move this to the place where role is determined, there should only be one place
if ($this->_auth->hasIdentity()) {
$tmp_ids = $loggedInRoleIds;
$this->my_roles = $roles_table->fetchRolesByUsername($this->_identity->username)->toArray();
$username = $this->_identity->username;
$this->view->username = $username;
} else {
$tmp_ids = array($roles_table->getIdByShortname("guest"));
$this->my_roles = array(0 => array("id" => "1", "shortname" => "guest", "description" => "Guest", "is_admin" => "0", "isguest" => "1", "isdefault" => "0"));
}
$this->view->my_roles = $this->my_roles;
// find the parent roles, add the parent role IDs to the nav_role_ids for inheritance.
$nav_parent_role_ids = array();
foreach ($tmp_ids as $nav_role) {
$nav_parent_role_ids = array_merge($nav_parent_role_ids, $roles_table->getAllAncestors($nav_role));
}
$nav_role_ids = array();
$nav_role_ids = array_merge($nav_parent_role_ids, $tmp_ids);
$unique_ids = array_unique($nav_role_ids);
sort($unique_ids);
$nav_table = new Navigation($unique_ids, $this->locale_code);
$cache_name = 'navigation_' . $this->locale_code . '-' . md5(implode($unique_ids, "-"));
// MD5 The Unique IDs to shorten the cache name
$cache_tags = array('navigation', $this->locale_code);
$nav_items_temp = false;
if (Bolts_Registry::get('enable_navigation_cache') == '1') {
$nav_items_temp = Bolts_Cache::load($cache_name);
}
if ($nav_items_temp === false || !isset($nav_items_temp)) {
$nav_items_temp = array();
foreach ($unique_ids as $nav_role_id) {
$nav_items_temp = array_merge($nav_items_temp, $nav_table->getNavTree($nav_role_id));
}
if (Bolts_Registry::get('enable_navigation_cache') == '1') {
Bolts_Cache::save($nav_items_temp, $cache_name, $cache_tags);
}
}
$navparams = array('nav_items' => $nav_items_temp, 'request' => $this->_request, 'locale_code' => $this->locale_code);
$navparams = $this->_Bolts_plugin->doFilter('controller_nav', $navparams);
// FILTER HOOK
$this->view->nav_items = $navparams['nav_items'];
// TODO - Rich fix this
// // VIEW STATES
// if (!$this->session->view_states) {
// $this->session->view_states = array();
// }
// // TODO - allow use of regular expressions such as /auth/*
// $last_visited_pages_filter = explode('|', Bolts_Registry::get('last_visited_pages_filter'));
// if (!in_array($this->_uri, $last_visited_pages_filter)) {
// $this->session->view_states['last_visited'] = $this->_uri;
// }
// $this->view->view_states = $this->session->view_states;
// CONTROLLER INIT HOOK
$params['request'] = $this->_request;
$params['locale_code'] = $this->locale_code;
$params['session'] = $this->session;
$additional = $this->_Bolts_plugin->doFilter('controller_init', $params);
// FILTER HOOK
unset($additional['request']);
// we don't want to send the request to the view
if (isset($additional['filter_redirect'])) {
$this->_redirect($additional['filter_redirect']);
}
foreach ($additional as $key => $value) {
$this->view->{$key} = $value;
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$frontController = Zend_Controller_Front :: getInstance();
$auth = Zend_Auth :: getInstance();
$roles_table = new Roles();
$appNamespace = new Zend_Session_Namespace('RivetyCore_Temp');
if (Zend_Registry :: isRegistered('acl'))
{
$acl = Zend_Registry :: get('acl');
}
else
{
$acl = new RivetyCore_Acl($auth);
Zend_Registry::set('acl', $acl);
}
// determine role
if ($auth->hasIdentity())
{
$user = Zend_Auth :: getInstance()->getIdentity();
$users_roles_table = new UsersRoles();
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username));
$user_roles = array();
if (count($users_roles_db) > 0)
{
foreach ($users_roles_db as $role)
{
$user_roles[] = $role->role_id;
$user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id));
}
}
$user_roles = array_unique($user_roles);
$user_is_guest = false;
$defaultNamespace = new Zend_Session_Namespace('Zend_Auth');
// REFRESH THE SESSION EXPIRATION
$defaultNamespace->setExpirationSeconds((int)RivetyCore_Registry::get('session_timeout'));
}
else
{
$user_roles = array($roles_table->getIdByShortname("guest"));
$user_is_guest = true;
}
$requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName();
$url = $frontController->getBaseUrl() . "/";
if (!$acl->has($requested))
{
// this doesn't exist, throw to 404
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('missing');
}
else
{
$isAllowed = array();
foreach ($user_roles as $user_role)
{
$isAllowed[$user_role] = $acl->isAllowed($user_role, $requested);
// if ($acl->isAllowed($user_role, $requested))
// {
// $isAllowed[$user_role] = true;
// }
// else
// {
// $isAllowed[$user_role] = false;
// }
}
if (!in_array(true, $isAllowed))
{
if ($user_is_guest)
{
$url .= $request->getModuleName() . "/";
$url .= $request->getControllerName() . "/";
$url .= $request->getActionName() . "/";
$params = $request->getParams();
while ($param = current($params))
{
if (key($params) != "module" && key($params) != "controller" && key($params) != "action") $url .= key($params) . '/' . $param . "/";
next($params);
}
if (substr($url,strlen($url) - 1, 1) == "/")
{
$url = substr($url, 0, strlen($url) - 1);
}
// place requested url in the session, unless this is the login controller
if ($request->getControllerName() != "auth")
{
$request->setParam('ourl', base64_encode($url));
// $appNamespace->requestedUrl = $url;
}
$blockedActions = RivetyCore_Registry::get('disable_login_redirect');
if (!empty($blockedActions)) $blockedActions = explode(',', $blockedActions);
$mca = $request->getModuleName() . "_" . $request->getControllerName() . "_" . $request->getActionName();
if (is_array($blockedActions) && in_array($mca, $blockedActions))
{
// forward to the 401 Unauthorized page
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('unauthorized');
}
else
{
// forward to the login script
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('login');
}
}
else
{
$admin = "default-Admin-index";
$isAdmin = array();
foreach($user_roles as $user_role)
{
$isAdmin[$user_role] = $acl->isAllowed($user_role, $admin);
// if ($acl->isAllowed($user_role, $admin))
// {
// $isAdmin[$user_role] = true;
// }
// else
// {
// $isAdmin[$user_role] = false;
// }
}
if (!in_array(true, $isAdmin))
{
$request->setModuleName('default');
$request->setControllerName('auth');
$request->setActionName('denied');
}
else
{
$request->setModuleName('default');
$request->setControllerName('admin');
$request->setActionName('index');
}
}
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$frontController = Zend_Controller_Front::getInstance();
$auth = Zend_Auth::getInstance();
$roles_table = new Roles();
$appNamespace = new Zend_Session_Namespace('Bolts_Temp');
if (Zend_Registry::isRegistered('acl')) {
$acl = Zend_Registry::get('acl');
} else {
$acl = new Bolts_Acl($auth);
Zend_Registry::set('acl', $acl);
}
// determine role
if ($auth->hasIdentity()) {
$user = Zend_Auth::getInstance()->getIdentity();
$users_roles_table = new UsersRoles();
$users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username));
$user_roles = array();
if (count($users_roles_db) > 0) {
foreach ($users_roles_db as $role) {
$user_roles[] = $role->role_id;
$user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id));
}
}
$user_roles = array_unique($user_roles);
$user_is_guest = false;
$defaultNamespace = new Zend_Session_Namespace('Zend_Auth');
$defaultNamespace->setExpirationSeconds(86400);
} else {
$user_roles = array($roles_table->getIdByShortname("guest"));
$user_is_guest = true;
}
$requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName();
$url = $frontController->getBaseUrl() . "/";
if (!$acl->has($requested)) {
// this doesn't exist, throw to 404
$request->setModuleName('bolts');
$request->setControllerName('auth');
$request->setActionName('missing');
} else {
$isAllowed = array();
foreach ($user_roles as $user_role) {
if ($acl->isAllowed($user_role, $requested)) {
$isAllowed[$user_role] = true;
} else {
$isAllowed[$user_role] = false;
}
}
if (!in_array(true, $isAllowed)) {
if ($user_is_guest) {
$url .= $request->getModuleName() . "/";
$url .= $request->getControllerName() . "/";
$url .= $request->getActionName() . "/";
$params = $request->getParams();
while ($param = current($params)) {
if (key($params) != "module" and key($params) != "controller" and key($params) != "action") {
$url .= key($params) . '/' . $param . "/";
}
next($params);
}
if (substr($url, strlen($url) - 1, 1) == "/") {
$url = substr($url, 0, strlen($url) - 1);
}
//Zend_debug::dump($params);
//Zend_debug::dump($url);
// place requested url in the sesson,
// unless this is the login controller
if ($request->getControllerName() != "auth") {
$request->setParam('url', base64_encode($url));
//$appNamespace->requestedUrl = $url;
}
// send on to the login scipt
$request->setModuleName('bolts');
$request->setControllerName('auth');
$request->setActionName('login');
} else {
$admin = "bolts-Admin-index";
$isAdmin = array();
foreach ($user_roles as $user_role) {
if ($acl->isAllowed($user_role, $admin)) {
$isAdmin[$user_role] = true;
} else {
$isAdmin[$user_role] = false;
}
}
if (!in_array(true, $isAdmin)) {
$request->setModuleName('bolts');
$request->setControllerName('auth');
$request->setActionName('denied');
} else {
$request->setModuleName('bolts');
$request->setControllerName('admin');
$request->setActionName('index');
}
}
}
}
}
