/** * This action is executed before execute any action in the application */ public function beforeDispatch(Event $event, Dispatcher $dispatcher) { // Ignore all this if the user is logging out $sModuleName = strtolower(explode('\\', $dispatcher->getNamespaceName())[0]); if ($this->dispatcher->getActionName() == 'logout' && $this->dispatcher->getControllerName() == 'users' && $sModuleName == 'frontend' || $sModuleName == 'raw') { return null; } // Otherwise proceed with various whatnots and security checks /** @var Users $oLoggedInUser */ $oLoggedInUser = false; $oRs = new \RememberedSessions(); $sUsername = $oRs->getValidPersistentSession(); if ($sUsername) { $oLoggedInUser = Users::findFirst(array('username = :un:', 'bind' => array('un' => $sUsername))); $sUserHash = $oLoggedInUser->getLoginSessionHash(); $aSessionData = array('userhash' => $sUserHash, 'full_name' => $oLoggedInUser->getFullName()); $this->session->set('auth', $aSessionData); } else { $auth = $this->session->get('auth'); if ($auth && isset($auth['userhash'])) { $oLoggedInUser = Users::findFirst(array('MD5(CONCAT(password, username, "' . Users::HASH_SALT . '")) = :userhash:', 'bind' => array('userhash' => $auth['userhash']))); } } /** @var Users $oLoggedInUser */ if ($oLoggedInUser) { Users::setCurrent($oLoggedInUser); } $sModuleName = strtolower(explode('\\', $dispatcher->getNamespaceName())[0]); if ($sModuleName != 'frontend' && !$oLoggedInUser) { if ($this->getDI()->get('request')->isAjax()) { die(json_encode(array('status' => 'error', 'message' => 'Insufficient permissions'))); } else { $this->getDI()->get('response')->redirect('/users/login', true); return false; } } $acl = array('frontend' => '*', 'content' => array('admin', 'data_entry'), 'admin' => 'admin'); $aUserRoleSlugs = array(); if ($sModuleName != 'frontend') { /** @var \UsersRoles $oUR */ foreach (Users::getCurrent()->usersRoles as $oUR) { $aUserRoleSlugs[] = $oUR->getRoleSlug(); $aUserRoleSlugs = array_unique($aUserRoleSlugs); } } if (isset($acl[$sModuleName]) && $acl[$sModuleName] != '*') { $aPermissions = (array) $acl[$sModuleName]; if (array_intersect($aUserRoleSlugs, $aPermissions) == array()) { throw new \Exception('You do not have sufficient permissions to access this part of the website.'); } } return true; }
public function beforeExecuteRoute(Dispatcher $dispatcher) { $actionName = $dispatcher->getActionName(); $controllerName = $dispatcher->getControllerName() . 'Controller'; $nameSpaceName = $dispatcher->getNamespaceName(); $className = $nameSpaceName . '\\' . ucwords($controllerName); $no_auth_array = []; if (class_exists($className)) { $no_auth_array = array_merge($className::$no_auth_array, self::$no_auth_array); } if (in_array($actionName, $no_auth_array)) { return true; } if ($this->isLogin()) { //判断是否有权限操作此资源 if (!$this->isAllowed($actionName)) { //echo '没有权限'; $dispatcher->forward(array('controller' => 'index', 'action' => 'noauth')); //die(); return false; } return true; } else { if (!($host = $this->request->getServerName())) { $host = $this->request->getHttpHost(); } $sourceUrl = $this->request->getScheme() . '://' . $host . $this->request->getURI(); $url = $this->request->getScheme() . '://' . $host . self::USER_LOGIN_URL . '?ref=' . $sourceUrl; $this->redirect($url); } }
/** * @param Event $event * @param MvcDispatcher $dispatcher */ public function beforeExecuteRoute(Event $event, MvcDispatcher $dispatcher) { if ($dispatcher->getNamespaceName() !== $dispatcher->getDefaultNamespace()) { /** @var MvcView $view */ $view = $dispatcher->getDI()->get('view'); if ($view->isDisabled()) { return; } $viewPathParts = array_values(array_diff(explode('\\', strtolower($dispatcher->getHandlerClass())), explode('\\', strtolower($dispatcher->getDefaultNamespace())))); $viewPathParts[] = $dispatcher->getActionName(); $view->setLayout($viewPathParts[0]); $view->pick(implode(DIRECTORY_SEPARATOR, $viewPathParts)); } }
public function load() { $strContext = __CLASS__ . '->' . __FUNCTION__ . ': '; $oLogger = $this->_di->getFileLogger(); $oDispatcher = $this->_di->getDispatcher(); $arParams = $oDispatcher->getParams(); if ($strPath = $this->pathFinder($arParams['media'], $arParams['major'], $arParams['minor'])) { $oLogger->debug($strContext . ' got path: ' . $strPath); $oLoader = $this->_di->getLoader(); $oLogger->debug(Tester::ec("'" . $this->dispatcher->getNamespaceName() . "'", true)); $arRequiredNamespace = array($this->dispatcher->getNamespaceName() => $strPath); $oLoader->registerNamespaces($arRequiredNamespace, true); $oLogger->debug($strContext . ' registered namespace: ' . print_r($arRequiredNamespace, true)); $arNewNamespaces = $oLoader->getNamespaces(); $oLogger->debug($strContext . ' complete namespaces list is: ' . print_r($arNewNamespaces, true)); } else { $oLogger->debug($strContext . ' got no path: "' . $strPath . '"'); } // $oDispatcher->get // $this->setExistingRoutes(); // // $oLogger->debug(__CLASS__ . ': routes are: ' . print_r($this->routes, true)); // // $oRouter = $this->_di->getRouter(); // //// $oRouter->handle($oRouter->getRewriteUri()); // // $boolMatched = $oRouter->wasMatched(); // // $strMatched = $boolMatched ? 'matched' : 'mismatched'; // // $oLogger->debug(__CLASS__ . ': route: ' . $strMatched); //// $oRouter->get // // $oLogger->debug(__CLASS__ . ': route matched for "' . $oRouter->getRewriteUri() . '" is: ' . $oRouter->getMatchedRoute()->getPattern()); $oLogger->debug(__CLASS__ . ': trying to dispatch:' . ' module: ' . $oDispatcher->getModuleName() . ' media: ' . $arParams['media'] . ' version: v' . $arParams['major'] . '_' . $arParams['minor'] . ' controller: ' . $oDispatcher->getControllerName() . ' controller class: ' . $oDispatcher->getControllerClass() . ' action: ' . $oDispatcher->getActionName() . ' active method: ' . $oDispatcher->getActiveMethod()); }
/** * This action is executed before execute any action in the application * * @param Event $event * @param Dispatcher $dispatcher * @return bool */ public function beforeDispatch(Event $event, Dispatcher $dispatcher) { $auth = $this->session->get('auth'); if (!$auth) { $role = 'Guests'; } else { $role = 'Users'; } $namespace = $dispatcher->getNamespaceName(); $controller = $dispatcher->getControllerName(); $path = $namespace . '\\' . $controller; $action = $dispatcher->getActionName(); $acl = $this->getAcl(); $allowed = $acl->isAllowed($role, $path, $action); if ($allowed != Acl::ALLOW) { $dispatcher->forward(array('namespace' => 'App\\Controllers', 'controller' => 'errors', 'action' => 'show401')); $this->session->destroy(); return false; } }
public function beforeDispatch(Event $event, Dispatcher $dispatcher) { $role = 'Guests'; // If the user is not logged in set his/her role to guest, otherwise get group name if ($this->session->get('auth')) { $role = Groups::findFirstByGroupId($this->session->get('auth')['group_id'])->name; } // Get namespace of the controller we're trying to access $namespace = $dispatcher->getNamespaceName(); // Get all ACL rules for this namespace $acl = $this->getAcl($namespace); // Get the controller we're trying to access $controller = $dispatcher->getControllerName(); // Get the action we are trying to access $action = $dispatcher->getActionName(); // Check if user is allowed to use this action $allowed = $acl->isAllowed($role, $controller, $action); // If not return a 401 error if ($allowed != Acl::ALLOW) { $dispatcher->forward(array('namespace' => 'Controllers\\BaseControllers', 'controller' => 'error', 'action' => 'send403')); } // In all other situations return true return true; }
private function checkPermission(Event $event, Dispatcher $dispatcher) { $namespaceName = $dispatcher->getNamespaceName(); if ($namespaceName != 'MyApp\\Controllers') { $prefix = strtolower(substr($namespaceName, strrpos($namespaceName, '\\') + 1)); $controller = $prefix . '/' . $dispatcher->getControllerName(); } else { $controller = $dispatcher->getControllerName(); } $action = $dispatcher->getActionName(); // 不检查public 与 api/sso控制器, 防止forward后二次检查 if (in_array($controller, ['public', 'api/sso'])) { return true; } $acl = $this->getAcl($dispatcher); $user_id = $this->session->get('user_id'); if (!isset($user_id)) { $role = 'Guests'; } else { $role = 'Users'; } // 无权限 if ($acl->isResource($controller) != $acl->isAllowed($role, $controller, $action)) { $dispatcher->forward(['namespace' => 'MyApp\\Controllers', 'controller' => 'public', 'action' => 'show401']); return false; } }