public function initAcl(MvcEvent $e) { //Creamos el objeto ACL $acl = new Acl(); //Incluimos la lista de roles y permisos, nos devuelve un array $roles = (require 'config/autoload/acl.roles.php'); foreach ($roles as $role => $resources) { //Indicamos que el rol será genérico $role = new \Zend\Permissions\Acl\Role\GenericRole($role); //Añadimos el rol al ACL $acl->addRole($role); //Recorremos los recursos o rutas permitidas foreach ($resources["allow"] as $resource) { //Si el recurso no existe lo añadimos if (!$acl->hasResource($resource)) { $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource)); } //Permitimos a ese rol ese recurso $acl->allow($role, $resource); } foreach ($resources["deny"] as $resource) { //Si el recurso no existe lo añadimos if (!$acl->hasResource($resource)) { $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource)); } //Denegamos a ese rol ese recurso $acl->deny($role, $resource); } } //Establecemos la lista de control de acceso $e->getViewModel()->acl = $acl; }
public function testBuildCanAcceptXMLAsString() { $content = file_get_contents(__DIR__ . '/fixtures/test.xml'); $this->object = new AclBuilder(new StringType($content), $this->acl); $this->assertTrue($this->object->build()); $this->assertTrue($this->acl->hasRole('guest')); $this->assertTrue($this->acl->hasResource('logout')); $this->assertTrue($this->acl->isAllowed('guest', 'login')); $this->assertTrue($this->acl->isAllowed('user', null, 'GET')); }
private function _load() { if ($this->loaded == false) { // Add roles $config = $this->serviceLocator->get('config'); if (isset($config['acl']['role_providers'])) { $roles = []; foreach ($config['acl']['role_providers'] as $class => $options) { /** @var \Acl\Provider\Role\ProviderInterface $roleProvider */ $roleProvider = $this->serviceLocator->get($class); $roles = $roles + $roleProvider->getRoles(); } foreach ($roles as $role) { /** @var \Acl\Entity\Role $role */ $this->acl->addRole($role, $role->getParents()); } } // Add resources if (isset($config['acl']['resource_providers'])) { foreach ($config['acl']['resource_providers'] as $class => $options) { /** @var \Acl\Provider\Resource\ProviderInterface $resourceProvider */ $resourceProvider = $this->serviceLocator->get($class); $resources = $resourceProvider->getResources(); if ($resources) { foreach ($resources as $r) { if (!$this->acl->hasResource($r)) { $this->acl->addResource($r); } } } } } // Add rules if (isset($config['acl']['rule_providers'])) { $rules = []; foreach ($config['acl']['rule_providers'] as $class => $options) { /** @var \Acl\Provider\Rule\ProviderInterface $ruleProvider */ $ruleProvider = $this->serviceLocator->get($class); $rules = $rules + $ruleProvider->getRules(); } foreach ($rules as $rule) { /** @var \Acl\Entity\Rule $rule */ if ($rule->allow) { $this->acl->allow($rule->obj_id, $rule->resource, $rule->privilege); } else { $this->acl->deny($rule->obj_id, $rule->resource, $rule->privilege); } } } $this->loaded = true; } }
public function loadPrivilege() { if (!$this->acl || !$this->acl instanceof \Zend\Permissions\Acl\Acl) { return null; } $userService = $this->getServiceLocator()->get('User\\Service\\User'); /*@var $userService \User\Service\User */ if (!$userService->hasIdentity()) { return null; } $user = $userService->getUser(); if (in_array($user->getRole(), [\User\Model\User::ROLE_ADMIN, \User\Model\User::ROLE_SUPERADMIN, \User\Model\User::ROLE_GUEST])) { return null; } $dependence = $this->acl->getDependencies(); $resources = null; if ($resources) { foreach ($resources as $resource) { if ($this->acl->hasResource($resource['resource'])) { $this->acl->allow($user->getRole(), $resource['resource'], $resource['privilege']); if (isset($dependence['/' . str_replace(':', '/', $resource['resource']) . '/' . $resource['privilege']])) { foreach ($dependence['/' . str_replace(':', '/', $resource['resource']) . '/' . $resource['privilege']] as $depen) { $arr = explode('/', $depen); if (count($arr) == 4) { if ($this->acl->hasResource($arr[1] . ':' . $arr[2])) { $this->acl->allow($user->getRole(), $arr[1] . ':' . $arr[2], $arr[3]); } } } } } } } return $this->acl; }
/** * @param string|\Zend\Permissions\Acl\Resource\ResourceInterface $resource * @return bool|void */ public function hasResource($resource) { if (is_null($this->acl)) { $this->init(); } return $this->acl->hasResource($resource); }
/** * autentica o usuário */ public function autenticaAction() { if ($this->getRequest()->isPost()) { $this->adapter->setOptions(array('object_manager' => Conn::getConn(), 'identity_class' => 'MyClasses\\Entities\\AclUsuario', 'identity_property' => 'login', 'credential_property' => 'senha')); $this->adapter->setIdentityValue($this->getRequest()->getPost('login')); $this->adapter->setCredentialValue(sha1($this->getRequest()->getPost('senha'))); $result = $this->auth->authenticate($this->adapter); if ($result->isValid()) { $equipes = $result->getIdentity()->getEquipes(); $acl = new Acl(); $acl->addRole(new Role($equipes[0]->getPerfil())); $recursos = $equipes[0]->getRecursos(); foreach ($recursos as $recurso) { if (!$acl->hasResource($recurso->getRecurso())) { /* echo "add recurso: ". $perfil->getPerfil().", ". $recurso->getRecurso()->getRecurso().", ". $recurso->getPermissao(); */ $acl->addResource(new Resource($recurso->getRecurso())); $acl->allow($equipes[0]->getPerfil(), $recurso->getRecurso()); } } $this->auth->getStorage()->write(array($result->getIdentity(), $equipes[0]->getPerfil(), $acl)); $this->layout()->id = $result->getIdentity()->getId(); $this->layout()->nome = $result->getIdentity()->getNome(); return new ViewModel(array('nome' => $result->getIdentity()->getNome())); } else { return new ViewModel(array('erro' => array_pop($result->getMessages()))); } } }
/** * @param Acl $acl * @param $resource */ protected function addAclResource(ZendAcl $acl, AclResource $resource) { if (!$acl->hasResource($resource->getResource())) { $acl->addResource(new \Zend\Permissions\Acl\Resource\GenericResource($resource->getResource())); } return $this; }
/** * getAcl - This cannot be called before resources are parsed * * @param string $resourceId resourceId * @param string $providerId @deprecated No Longer Required - providerId * * @return Acl */ public function getAcl($resourceId, $providerId) { if (!isset($this->acl)) { $this->buildAcl(); } /* resources privileges we load the every time so they maybe updated dynamically */ $resources = $this->getResources($resourceId, $providerId); foreach ($resources as $resource) { if (!$this->acl->hasResource($resource)) { $this->acl->addResource($resource, $resource->getParentResource()); } $privileges = $resource->getPrivileges(); if (!empty($privileges)) { foreach ($privileges as $privilege) { if (!$this->acl->hasResource($privilege)) { $this->acl->addResource($privilege, $resource); } } } } // get only for resources $rules = $this->getRules($resources); /** @var AclRule $aclRule */ foreach ($rules as $aclRule) { if ($aclRule->getRule() == AclRule::RULE_ALLOW) { $this->acl->allow($aclRule->getRoleId(), $aclRule->getResourceId(), $aclRule->getPrivileges(), $aclRule->getAssertion()); } elseif ($aclRule->getRule() == AclRule::RULE_DENY) { $this->acl->deny($aclRule->getRoleId(), $aclRule->getResourceId(), $aclRule->getPrivileges(), $aclRule->getAssertion()); } } return $this->acl; }
public function createService(ServiceLocatorInterface $serviceLocator) { $config = $serviceLocator->get('config.helper')->get('acl'); $acl = new Acl(); foreach ($config['roles'] as $role => $parents) { if (empty($parents)) { $parents = null; } $role = new GenericRole($role); $acl->addRole($role, $parents); } foreach ($config['resources'] as $permission => $controllers) { foreach ($controllers as $controller => $actions) { if (!$acl->hasResource($controller)) { $acl->addResource(new GenericResource($controller)); } foreach ($actions as $action => $role) { if ($action == '*') { $action = null; } if ($permission == 'allow') { $acl->allow($role, $controller, $action); } elseif ($permission == 'deny') { $acl->deny($role, $controller, $action); } else { throw new Exception('No valid permission defined: ' . $permission); } } } } if (class_exists('Zend\\View\\Helper\\Navigation')) { Navigation::setDefaultAcl($acl); } return $acl; }
/** * Create the service using the configuration from the modules config-file * * @param ServiceLocator $services The ServiceLocator * * @see \Zend\ServiceManager\FactoryInterface::createService() * @return Hybrid_Auth */ public function createService(ServiceLocatorInterface $serviceLocator) { $config = $serviceLocator->get('config'); $config = $config['acl']; if (!isset($config['roles']) || !isset($config['resources'])) { throw new \Exception('Invalid ACL Config found'); } $roles = $config['roles']; if (!isset($roles[self::DEFAULT_ROLE])) { $roles[self::DEFAULT_ROLE] = ''; } $this->admins = $config['admins']; if (!isset($this->admins)) { throw new \UnexpectedValueException('No admin-user set'); } $acl = new Acl(); foreach ($roles as $name => $parent) { if (!$acl->hasRole($name)) { if (empty($parent)) { $parent = array(); } else { $parent = explode(',', $parent); } $acl->addRole(new Role($name), $parent); } } foreach ($config['resources'] as $permission => $controllers) { foreach ($controllers as $controller => $actions) { if ($controller == 'all') { $controller = null; } else { if (!$acl->hasResource($controller)) { $acl->addResource(new Resource($controller)); } } foreach ($actions as $action => $role) { if ($action == 'all') { $action = null; } $assert = null; if (is_array($role)) { $assert = $serviceLocator->get($role['assert']); $role = $role['role']; } $role = explode(',', $role); foreach ($role as $roleItem) { if ($permission == 'allow') { $acl->allow($roleItem, $controller, $action, $assert); } elseif ($permission == 'deny') { $acl->deny($roleItem, $controller, $action, $assert); } else { continue; } } } } } return $acl; }
private function addResources(Acl $acl) { foreach ($this->modules as $module) { if (!$acl->hasResource($module)) { $acl->addResource(strtolower($module)); } } }
public function getResourcesACL(\Zend\Permissions\Acl\Acl $acl, \Doctrine\ORM\EntityManager $em) { $repo = $em->getRepository('Security\\Entity\\RecursoSistema'); foreach ($repo->fetchPairs() as $recurso) { $acl->addResource($recurso); } // carrega os recurso desprotegidos foreach ($this->getRecursosDesprotegidos() as $recurso) { if (!$acl->hasResource($recurso)) { $acl->addResource($recurso); } } return $acl; }
/** */ private function initAcl() { if (!is_null($this->acl)) { return; } $this->acl = new Acl(); $config = $this->getServiceLocator()->get('Config'); $roles = $config['acl']['roles']; $allResources = array(); foreach ($roles as $role => $resources) { $role = new GenericRole($role); $this->acl->addRole($role); $allResources = array_merge($resources, $allResources); foreach ($resources as $resource) { if (!$this->acl->hasResource($resource)) { $this->acl->addResource(new GenericResource($resource)); } } foreach ($allResources as $resource) { $this->acl->allow($role, $resource); } } }
/** * Tests basic Resource inheritance * * @return void */ public function testResourceInherits() { $resourceCity = new Resource\GenericResource('city'); $resourceBuilding = new Resource\GenericResource('building'); $resourceRoom = new Resource\GenericResource('room'); $this->_acl->addResource($resourceCity)->addResource($resourceBuilding, $resourceCity->getResourceId())->addResource($resourceRoom, $resourceBuilding); $this->assertTrue($this->_acl->inheritsResource($resourceBuilding, $resourceCity, true)); $this->assertTrue($this->_acl->inheritsResource($resourceRoom, $resourceBuilding, true)); $this->assertTrue($this->_acl->inheritsResource($resourceRoom, $resourceCity)); $this->assertFalse($this->_acl->inheritsResource($resourceCity, $resourceBuilding)); $this->assertFalse($this->_acl->inheritsResource($resourceBuilding, $resourceRoom)); $this->assertFalse($this->_acl->inheritsResource($resourceCity, $resourceRoom)); $this->_acl->removeResource($resourceBuilding); $this->assertFalse($this->_acl->hasResource($resourceRoom)); }
/** * @deprecated this method will be removed in BjyAuthorize 2.0.x * * @param string[]|\Zend\Permissions\Acl\Resource\ResourceInterface[] $resources * @param mixed|null $parent */ protected function loadResource(array $resources, $parent = null) { foreach ($resources as $key => $value) { if (is_string($key)) { $key = new GenericResource($key); } elseif (is_int($key)) { $key = new GenericResource($value); } if (is_array($value)) { $this->acl->addResource($key, $parent); $this->loadResource($value, $key); } elseif (!$this->acl->hasResource($key)) { $this->acl->addResource($key, $parent); } } }
/** * @deprecated this method will be removed in BjyAuthorize 2.0.x * * @param string[]|\Zend\Permissions\Acl\Resource\ResourceInterface[] $resources * @param mixed|null $parent */ protected function loadResource($resources, $parent = null) { if (!is_array($resources) && !$resources instanceof \Traversable) { throw new \InvalidArgumentException('Resources argument must be traversable: ' . print_r($resources, true)); } foreach ($resources as $key => $value) { if ($value instanceof ResourceInterface) { $key = $value; } elseif (is_string($key)) { $key = new GenericResource($key); } elseif (is_int($key)) { $key = new GenericResource($value); } if (is_array($value) || $value instanceof \Traversable) { $this->acl->addResource($key, $parent); $this->loadResource($value, $key); } elseif (!$this->acl->hasResource($key)) { $this->acl->addResource($key, $parent); } } }
/** * set Roles and Resource for ACL * * @return Acl */ protected function setAcl() { $guestRole = new Role(self::DEFAULT_ROLE); $userRole = new Role(self::USER_ROLE); $adminRole = new Role(self::ADMIN_ROLE); $this->acl->addRole($guestRole); $this->acl->addRole($userRole, $guestRole); $this->acl->addRole($adminRole, $userRole); $roleResource = new RoleResourcePermissionFromArray(); $roles = $roleResource->getListRoleResourcePermission(); foreach ($roles as $role => $roleResource) { //adding resources foreach ($roleResource as $permission => $resources) { foreach ($resources as $resource) { if (!$this->acl->hasResource($resource['resource'])) { $this->acl->addResource(new Resource($resource['resource'])); } if (count($resource['permission']) > 0 && $permission != 'deny') { $this->acl->allow($role, $resource['resource'], $resource['permission']); } else { $this->acl->deny($role, $resource['resource'], $resource['permission']); } } } } /* foreach ($roles['deny'] as $role => $resources) { //adding resources foreach ($resources as $resource) { if (!$this->acl->hasResource($resource['resource'])) $this->acl->addResource(new Resource($resource['resource'])); if (count($resource['permission']) > 0) $this->acl->deny($role, $resource['resource'], $resource['permission']); } } */ return $this->acl; }
/** * Builds ACL from base ACL + database table acl_allow * @return Zend\Permissions\Acl $acl */ public function buildAcl() { // 2015-03-19 DB: ACL is now built completely from the ground up $acl = new Acl(); // NOTE: roles are defined in config/autoload/roles.global.php foreach ($this->rolesInheritance as $key => $value) { if ($value) { $acl->addRole($key, $value); } else { $acl->addRole($key); } } // get list of resources $allowList = $this->aclAllowTable->fetchAll(); // add resources to ACL foreach ($allowList as $item) { $resource = $item->controller; if (!$acl->hasResource($resource)) { $acl->addResource($resource); } $acl->allow($item->role, $resource, explode(',', $item->actions)); } return $acl; }
/** * Create acl instance * * @return Acl */ public function buildAcl() { // create acl $acl = new Acl(); $acl->addRole('guest'); $acl->addRole('customer', 'guest'); $acl->addRole('staff', 'customer'); $acl->addRole('admin', 'staff'); // loop through role data foreach ($this->config as $role => $resources) { // loop through resource data foreach ($resources as $resource => $rules) { // check for resource if (!$acl->hasResource($resource)) { $acl->addResource($resource); } // loop trough rules foreach ($rules as $rule => $privileges) { // add rule with privileges $acl->{$rule}($role, $resource, $privileges); } } } // pass acl return $acl; }
public function testBuildItemWillAddResourcesToAcl() { $this->assertFalse($this->acl->hasResource('logout')); $this->assertTrue($this->object->buildItem()); $this->assertTrue($this->acl->hasResource('logout')); }
public function initAcl(MvcEvent $e) { $application = $e->getApplication(); $sm = $application->getServiceManager(); $acl = new Acl(); $roles = $sm->get("Application\\Model\\RolesBO"); $recursos = $sm->get("Application\\Model\\RecursosBO"); $rolesRecursos = $sm->get("Application\\Model\\RolesRecursosBO"); $usuarios = $sm->get("Application\\Model\\UsuariosBO"); // Se listan todos los recursos y se los agrega a la ACL foreach ($recursos->obtenerTodos() as $recurso) { if (!$acl->hasResource($recurso->getRecursosID())) { $genericResource = new GenericResource($recurso->getRecursosID()); $acl->addResource($genericResource); } } // Se registra el rol en la ACL $sesion = new Container("CoreAppSesion"); if (!$acl->hasRole($sesion->user_rol_id)) { $genericRole = new GenericRole($sesion->user_rol_id); $acl->addRole($genericRole); } $services = $application->getServiceManager(); // obtenemos todos los recuersosque tiene la ACL foreach ($acl->getResources() as $resource) { // Obtenemos los recursos disponibles para el rol foreach ($rolesRecursos->obtenerRecursosPorRol($sesion->user_rol_id) as $recursoAsignado) { // Si el recurso asignado es el mismo recurso de la ACL lo permitimos if ($resource == $recursoAsignado->getAppRecursosID()) { $acl->allow($genericRole, $acl->getResource($resource)); } } } // Si el recurso no esta permitido lo denegamos foreach ($acl->getResources() as $resource) { if (!$acl->isAllowed($genericRole, $acl->getResource($resource))) { $acl->deny($genericRole, $acl->getResource($resource)); } } $this->acl = $acl; }
/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return unknown_type * @throws Exception\RuntimeException */ protected function _checkAcl($object, $function) { if (!$this->_acl) { return true; } if ($object) { $isObject = is_object($object); $class = $isObject ? get_class($object) : $object; if (!$this->_acl->hasResource($class)) { $this->_acl->addResource(new Acl\Resource\GenericResource($class)); } if (method_exists($object, 'initAcl')) { // if initAcl returns false, no ACL check if ($isObject) { if (!$object->initAcl($this->_acl)) { return true; } } elseif (!$class::initAcl($this->_acl)) { return true; } } } else { $class = null; } $auth = $this->getAuthService(); if ($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if ($this->_acl->hasRole(Constants::GUEST_ROLE)) { $role = Constants::GUEST_ROLE; } else { throw new Exception\RuntimeException("Unauthenticated access not allowed"); } } if ($this->_acl->isAllowed($role, $class, $function)) { return true; } else { throw new Exception\RuntimeException("Access not allowed"); } }