我已经将Zend_Acl设置为这样工作:
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->addRole(new Zend_Acl_Role('user'));
$acl->add(new Zend_Acl_Resource('frontoffice'));
$acl->add(new Zend_Acl_Resource('backoffice'));
$acl->deny('user');
$acl->allow('user', null, 'frontoffice');
$acl->allow('admin');
因此,角色"admin"可以访问所有内容,"user"只能访问前台。前台是模块的名称,后台是模块的名字。Acl是在一个自定义插件中检查的:
<?php
class Custom_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$loginController = 'auth';
$loginAction = 'index';
$auth = Zend_Auth::getInstance();
// If user is not logged in and is not requesting login page
// - redirect to login page.
if (!$auth->hasIdentity()
&& $request->getControllerName() != $loginController
&& $request->getActionName() != $loginAction) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit($loginAction, $loginController);
}
// User is logged in or on login page.
if ($auth->hasIdentity()) {
// Is logged in
// Let's check the credential;
$registry = Zend_Registry::getInstance();
$acl = $registry->get('acl');
$identity = $auth->getIdentity();
// role is a column in the user table (database)
$isAllowed = $acl->isAllowed($identity->role, null,
$request->getModuleName());
if (!$isAllowed) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoUrlAndExit('/');
}
}
}
}
?>
现在,我的资源的名称就是当前模块的名称。如果我将acl插入Zend_Navigation,并将菜单项的资源设置为frontoffice,则用户和管理员都会看到该菜单项,但他们都应该能够查看它
protected function _initNavigation()
{
$this->bootstrap('layout');
$layout = $this->getResource('layout');
$view = $layout->getView();
$navigation = new Zend_Navigation($this->getOption('navigation'));
$auth = Zend_Auth::getInstance();
$role = $auth->getIdentity()->role;
$view->navigation($navigation)->setAcl(Zend_Registry::get('acl'))
->setRole($role);
}
有人对如何解决这个问题有什么建议吗?提前感谢!
正如我所知,您不能在ACL中直接定义模块。您必须使用以下语法定义每个模块的每个控制器:
$this->add(new Zend_Acl_Resource("module_name:controller_name");