For implementing ACL you have to create class, in which will be created roles, resources and settings permissions.
For this reason add to application/configs/application.ini:
Then create file library/App/Acl/Roles.php:
autoloadernamespaces.app = "App_"And create file library/App/Acl.php:
/**
* Class App_Acl
*/
class App_Acl extends Zend_Acl
{
function __construct()
{
$defaultResource = new Zend_Acl_Resource('default');
$adminResource = new Zend_Acl_Resource('admin');
$this->addResource($adminResource);
$this->addResource($defaultResource);
// guest/client resources
$this->addResource(new Zend_Acl_Resource('index'), $defaultResource);
$this->addResource(new Zend_Acl_Resource('payment'), $defaultResource);
$this->addResource(new Zend_Acl_Resource('panel'), $defaultResource);
$this->addResource(new Zend_Acl_Resource('user'), $defaultResource);
// admin resources
$this->addResource(new Zend_Acl_Resource('admin_user'), $adminResource);
$this->addResource(new Zend_Acl_Resource('admin_exchange'), $adminResource);
$this->addResource(new Zend_Acl_Resource('admin_rate'), $adminResource);
$this->addResource(new Zend_Acl_Resource('admin_eps'), $adminResource);
$this->addResource(new Zend_Acl_Resource('admin_page'), $adminResource);
$this->addRole(new Zend_Acl_Role(App_Acl_Roles::GUEST));
$this->addRole(new Zend_Acl_Role(App_Acl_Roles::CLIENT), App_Acl_Roles::GUEST);
$this->addRole(new Zend_Acl_Role(App_Acl_Roles::ADMIN), App_Acl_Roles::CLIENT);
$this->deny();
$this->allow(App_Acl_Roles::GUEST, 'index');
$this->allow(App_Acl_Roles::GUEST, 'payment');
$this->allow(App_Acl_Roles::CLIENT, 'user');
$this->allow(App_Acl_Roles::CLIENT, 'panel');
// Allow all to administrator
$this->allow(App_Acl_Roles::ADMIN);
}
/**
* Check if user has permission to the requested resource
*
* @param null $resource
* @param null $privilege
*
* @return bool Return true if user has permission
*/
public static function checkPermissions($resource = null, $privilege = null)
{
$acl = new App_Acl();
$auth = Zend_Auth::getInstance()->getIdentity();
$role = App_Acl_Roles::GUEST;
if (isset($auth->role) && $auth->role) {
$role = $auth->role;
}
return $acl->isAllowed($role, $resource, $privilege);
}
}
Note: your auth instance must contains 'role' property.Then create file library/App/Acl/Roles.php:
/**
* Class App_Acl_Roles
*/
class App_Acl_Roles
{
const ADMIN = 'admin';
const CLIENT = 'client';
const GUEST = 'guest';
}
From this moment you can add to your controller:
public function preDispatch()
{
parent::preDispatch();
if (!App_Acl::checkPermissions($this->getRequest()->getModuleName())) {
$this->redirect('/login');
}
}
And if user doesn't have permissions to the controller - it will be redirected to the login page or whatever you want.
No comments:
Post a Comment