westdc-zf1/application/models/CustomControllerAclManager.php

126 lines
4.9 KiB
PHP
Raw Normal View History

<?php
use Users\Member;
use Users\Account;
use Helpers\View as view;
class CustomControllerAclManager extends Zend_Controller_Plugin_Abstract
{
// default user role if not logged or (or invalid role found)
private $_defaultRole = 'guest';
// the action to dispatch if a user doesn't have sufficient privileges
private $_authController = array('module'=>'','controller' => 'account',
'action' => 'login');
public function __construct(Zend_Auth $auth)
{
$this->db=Zend_Registry::get('db');
$this->auth = $auth;
$this->acl = new Zend_Acl();
// add the different user roles
$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
$this->acl->addRole(new Zend_Acl_Role('member'));
$this->acl->addRole(new Zend_Acl_Role('administrator'), 'member');
// add the resources we want to have control over
$this->acl->add(new Zend_Acl_Resource('account'));
$this->acl->add(new Zend_Acl_Resource('data'));
$this->acl->add(new Zend_Acl_Resource('water'));
$this->acl->add(new Zend_Acl_Resource('admin'));
$this->acl->add(new Zend_Acl_Resource('upload'));
$this->acl->add(new Zend_Acl_Resource('author'));
$this->acl->add(new Zend_Acl_Resource('heihe'));
// allow access to everything for all users by default
// except for the account management and administration areas
$this->acl->allow();
$this->acl->deny(null, 'account');
$this->acl->deny(null, 'admin');
$this->acl->deny(null, 'author');
// add an exception so guests can log in or register
// in order to gain privilege
2013-11-22 03:16:53 +00:00
$this->acl->allow('guest', 'account', array('login','oauth2login','callback',
'logout',
'captcha',
'fetchpwd',
'register',
'registercomplete'));
$this->acl->deny('guest','data',array('download','order'));
$this->acl->deny('guest','water',array('download','order'));
$this->acl->deny('guest','heihe',array('submit'));
// allow members access to the account management area
$this->acl->allow('guest','author',array('index'));
$this->acl->allow('member', 'account');
$this->acl->allow('member', 'author');
// allows administrators access to the admin area
$this->acl->allow('administrator', 'admin');
}
/**
* preDispatch
*
* Before an action is dispatched, check if the current user
* has sufficient privileges. If not, dispatch the default
* action instead
*
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$phpSessId = $request->getParam('PHPSESSID');
if (!empty($phpSessId) && session_id() != $phpSessId) {
session_destroy();
session_id($phpSessId);
2014-06-12 15:10:00 +00:00
ini_set('session.cookie_domain', '.sanjiangyuan.org.cn' );
session_set_cookie_params(0, '/', '.sanjiangyuan.org.cn');
session_start();
}
// check if a user is logged in and has a valid role,
// otherwise, assign them the default role (guest)
2013-01-24 09:33:42 +00:00
if(!$this->auth->hasIdentity())
{
$member = new Member();
if($member->checkcookie())
2013-01-24 09:33:42 +00:00
{
$data = array(
'username' => $member->user,
'password' => $member->srpwd
);
$account = new Account();
$status = $account->storeLogin($data,false);
if(isset($status['error']))
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
Member::flushcookie();
2013-01-24 09:33:42 +00:00
}
}
}
if ($this->auth->hasIdentity())
$role = $this->auth->getIdentity()->usertype;
else
$role = $this->_defaultRole;
if (!$this->acl->hasRole($role))
$role = $this->_defaultRole;
// the ACL resource is the requested controller name
$resource = $request->controller;
if ($request->module<>"default") $resource=$request->module;
// the ACL privilege is the requested action name
$privilege = $request->action;
if ($request->module<>"default") $privilege = $request->controller;
// if we haven't explicitly added the resource, check
// the default global permissions
if (!$this->acl->has($resource))
$resource = null;
// access denied - reroute the request to the default action handler
if (!$this->acl->isAllowed($role, $resource, $privilege)) {
$request->setModuleName($this->_authController['module']);
$request->setControllerName($this->_authController['controller']);
$request->setActionName($this->_authController['action']);
}
}
}