小贝子编程

Zend_ACL来宾角色覆盖管理员角色



我创建了具有三个角色的Zend_ACL:'administratorguest和*edito*r'。我希望客人登录后无法访问/相册/索引。管理员、编辑可以访问/相册/索引。所有其他页面都可以访问。

我在helper中使用Acl.php创建了下面的访问列表。

/library/My/Helper/Acl.php:

public function __construct() {
    $this->acl = new Zend_Acl();
}
public function setRoles() {
    $this->acl->addRole(new Zend_Acl_Role('guest'));
    $this->acl->addRole(new Zend_Acl_Role('editor'));
    $this->acl->addRole(new Zend_Acl_Role('administrator'));
}
public function setResource () {

    $this->acl->add(new Zend_Acl_Resource('album::index'));
    $this->acl->add(new Zend_Acl_Resource('album::add'));
    $this->acl->add(new Zend_Acl_Resource('album::edit'));
    $this->acl->add(new Zend_Acl_Resource('album::delete'));
    $this->acl->add(new Zend_Acl_Resource('auth::index'));
    $this->acl->add(new Zend_Acl_Resource('auth::logout'));
    $this->acl->add(new Zend_Acl_Resource('error::error'));
}
public function setPrivilages() {
    $allowEditorAdmin=array('administrator','editor');
    $allowAll=array('administrator','guest','editor');
    $this->acl->allow($allowEditorAdmin,'album::index');
    $this->acl->allow($allowAll,'album::add');
    $this->acl->allow($allowAll,'album::edit');
    $this->acl->allow($allowAll,'album::delete');
    $this->acl->allow($allowAll,'auth::index');
    $this->acl->allow($allowAll,'auth::logout');
    $this->acl->allow($allowAll,'error::error');

然后,我创建了一个插件Acl.php

public function preDispatch(Zend_Controller_Request_Abstract $request) {
    $acl1 = new My_Controller_Helper_Acl();
    $acl = Zend_Registry::get('acl');
    $userNs = new Zend_Session_Namespace('members');
    if($userNs->userType=='')
    {
        $roleName='guest';
    }
    else
        $roleName=$userNs->userType;

if(!$acl->isAllowed($roleName,$request->getControllerName()."::".$request->getActionname()))
            {
        echo $request->getControllerName()."::".$request->getActionName();
        $request->setControllerName('auth');
        $request->setActionName('index');
    }
    else
        echo "got authenticated";
}

  • 问题是我的代码"不允许"不能正常工作。身份验证成功后,"来宾、编辑、管理员"无法访问/相册/索引。它们重定向到/auth/index

     if(!$acl->isAllowed($roleName,$request->getControllerName()."::".$request->getActionname()))
        {
    echo $request->getControllerName()."::".$request->getActionName();
    $request->setControllerName('auth');
    $request->setActionName('index');
}
else
    echo "got authenticated";       
}

据我所知,您正在使用两个不同的ACL实例,并且从未首先设置适当的ACL。我可以分享一些我自己的代码,这几乎可以做同样的事情:

在引导程序中.php

    $this->_acl = new Model_AuthAcl();
    //Check for access rights
    $fc = Zend_Controller_Front::getInstance();
    $fc->registerPlugin(new App_Plugin_AccessCheck($this->_acl));

App_Plugin_AccessCheck

class App_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract
{
    private $_acl = null;
    public function __construct(Zend_Acl $acl)
    {
        $this->_acl = $acl;
    }
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $module = $request->getModuleName();
        $resource = $request->getControllerName();
        $action = $request->getActionName();

        try {
            if (!$this->_acl->isAllowed(Zend_Registry::get('role'), $module . ':' . $resource, $action)) {
                $request->setControllerName('authentication')->setModuleName('default')
                    ->setActionName('login');
            }
        }
        catch (Exception $ex) {
            if (APPLICATION_ENV == "development") {
                var_dump($ex->getMessage());
            }
        }
    }
}

Model_AuthAcl

class Model_AuthAcl extends Zend_Acl
{
    /**
     * Creates the resource, role trees
     */
    public function __construct ()
    {
        //Create roles
        $this->addRole(new Zend_Acl_Role('guest')); 
        $this->addRole(new Zend_Acl_Role('user'), 'guest'); 
        $this->addRole(new Zend_Acl_Role('admin'), 'user'); 

        //Create resources
        //Default module
        $this->addResource(new Zend_Acl_Resource('default'))
             ->addResource(new Zend_Acl_Resource('default:authentication'), 'default')
             ->addResource(new Zend_Acl_Resource('default:error'), 'default')
        //Admin module
             ->addResource(new Zend_Acl_Resource('admin'))
             ->addResource(new Zend_Acl_Resource('admin:index'), 'admin')


        //Guest permissions
        $this->deny('guest')
             ->allow('guest', 'default:authentication', array('index', 'login', 'logout', 'email', 'forgot'))
             ->allow('guest', 'default:error', array('error'))
             ->allow('guest', 'api:authentication', array('index', 'get', 'head', 'post', 'put', 'delete'))
            //Admin permissions
             ->deny('admin', 'admin:admins')
        ;
    }
}

可能不是最OOP的解决方案,但它肯定会起作用。

希望这能帮助你建立你的梦想ACL:)

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium