Hey,
The past few days I've been trying to implement a role system. I have all of my resources, roles and priveleges in my database and it all works fine as long as I just use roles. However I do want to use assertions but can't get it to work well.
The problem starts with the fact that I have users that can have multiple roles and acl->isallowed doesn't accept an array of roles.
My first solution was to check for each role first and do the assertions afterwards, I couldn't get that to work and tried to do it in many other ways but it just won't work:
In my bootstrap:
| Code: |
// this works fine
protected function _initAccessCheck()
{
$this->_auth = Zend_Auth::getInstance();
if($this->_auth->hasIdentity()){
$usermapper = new Model_Datamapper_User();
$user = $usermapper->findById($this->_auth->getStorage()->read()->id);
$roles = $user->getRoles();
} else {
$roles = array(1 => array('parent_id' => null, 'role' => 'guest'));
}
Zend_Registry::set('userRoles', $roles);
$this->_acl = new Model_uriAcl();
$fc = Zend_Controller_Front::getInstance();
$fc->registerPlugin(new Plugin_uriAccessCheck($this->_acl, $roles));
}
|
| Code: |
<?php
// My second try at getting it to work
class Plugin_uriAccessCheck extends Zend_Controller_Plugin_Abstract {
protected $_roles;
protected $_acl;
protected $_user_dummy = null; // dummy object used for the assertion (since the user object returns an array instead of a string)
public function __construct(Model_uriAcl $acl, array $roles = array()){
$this->_acl = $acl;
$this->_roles = $roles;
$auth = Zend_Auth::getInstance();
$this->_user_dummy = new Model_UserDummy();
if($auth->hasIdentity()){
// user: set dummy object for user with role
$this->_user_dummy->setId($auth->getStorage()->read()->id);
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request){
$module = $request->getModuleName();
$controller = $request->getControllerName();
$resource = $module . ':' . $controller;
$action = $request->getActionName();
$resource_dummy = new Model_ResourceDummy();
$resource_dummy->setResourceId($resource);
$allowed = FALSE;
foreach ($this->_roles as $id => $role_data){
$this->_user_dummy->setRoleId($role_data['role']);
if($this->_acl->isAllowed($this->_user_dummy, $resource_dummy, $action)){
return TRUE;
}
}
if(!$allowed){
// should change to: /default/authorization/unauthorized which shows a message and login form if the user is not logged in
if(!Zend_Auth::getInstance()->hasIdentity()){
$request->setModuleName('default')
->setControllerName('authentication')
->setActionName('login');
}else{
$request->setModuleName('default')
->setControllerName('index')
->setActionName('index');
}
}
}
}
?>
|
| Code: |
<?php
// my assertion, this actually results in a php error about memory allocation
class Administration_Model_Assertion_Album implements Zend_Acl_Assert_Interface {
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privelege = null){
if($acl->isAllowed($role->getRoleId(), $resource->getResourceId(), $privelege)){
return TRUE;
}
}
}
|
Hope anybody can help.
PS: Alex, I see you are working on a tutorial about Dynamic Acl's, but since you seem to change the subject about what you are working on sometimes I figured I would just ask my question.
PPS: Alex will you still create a tutorial about custom errors?
Forum