bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修改AclManager,添加其它平台角色

This commit is contained in:
Li Jianxuan 2014-06-13 08:05:39 +00:00
parent 47f3b3d828
commit 13e5e6be9b
1 changed files with 162 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

307
application/module/Users/AclManager.php
View File

@ -1,145 +1,162 @@
<?php <?php
namespace Users; namespace Users;
use Zend_Acl; use Zend_Acl;
use Zend_Acl_Role; use Zend_Acl_Role;
use Zend_Acl_Resource; use Zend_Acl_Resource;
class AclManager extends \Zend_Controller_Plugin_Abstract class AclManager extends \Zend_Controller_Plugin_Abstract
{ {
// default user role if not logged or (or invalid role found) // default user role if not logged or (or invalid role found)
private $_defaultRole = 'guest'; private $_defaultRole = 'guest';
// the action to dispatch if a user doesn't have sufficient privileges // the action to dispatch if a user doesn't have sufficient privileges
private $_authController = array( private $_authController = array(
'module'=>'', 'module'=>'',
'controller' => 'account', 'controller' => 'account',
'action' => 'login' 'action' => 'login'
); );
private $_adminRole; private $_adminRole;
public function __construct(\Zend_Auth $auth) private $roles = array(
{ '系统管理员' => 'administrator',
$config = \Zend_Registry::get('config'); '青海省气象科学研究所' => 'meteorologic',
$this->_adminRole = $config->auth->identifier; '青海省环境监测中心站' => 'qhemc',
'青海省水土保持局' => 'watersoil',
$this->db=\Zend_Registry::get('db'); '青海省林业调查规划院' => 'forestry',
$this->auth = $auth; '青海省水文水资源局' => 'hydrology',
$this->acl = new Zend_Acl(); '青海省草原总站' => 'grassland',
// add the different user roles '青海省生态环境遥感监测中心' => 'qherc'
$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole)); );
$this->acl->addRole(new Zend_Acl_Role('member'));
$this->acl->addRole(new Zend_Acl_Role($this->_adminRole), 'member'); public function __construct(\Zend_Auth $auth)
{
// add the resources we want to have control over $config = \Zend_Registry::get('config');
$this->acl->add(new Zend_Acl_Resource('account')); $this->_adminRole = $config->auth->identifier;
$this->acl->add(new Zend_Acl_Resource('data'));
$this->acl->add(new Zend_Acl_Resource('water')); $this->db=\Zend_Registry::get('db');
$this->acl->add(new Zend_Acl_Resource('admin')); $this->auth = $auth;
$this->acl->add(new Zend_Acl_Resource('upload')); $this->acl = new Zend_Acl();
$this->acl->add(new Zend_Acl_Resource('author')); // add the different user roles
$this->acl->add(new Zend_Acl_Resource('heihe')); $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
// allow access to everything for all users by default $this->acl->addRole(new Zend_Acl_Role('member'));
// except for the account management and administration areas
$this->acl->allow(); foreach($this->roles as $k=>$v)
$this->acl->deny(null, 'account'); {
$this->acl->deny(null, 'admin'); $this->acl->addRole(new Zend_Acl_Role($v), 'member');
$this->acl->deny(null, 'author'); }
// add an exception so guests can log in or register
// in order to gain privilege //$this->acl->addRole(new Zend_Acl_Role($this->_adminRole), 'member');
$this->acl->allow('guest', 'account', array('login',
'logout', // add the resources we want to have control over
'captcha', $this->acl->add(new Zend_Acl_Resource('account'));
'fetchpwd', $this->acl->add(new Zend_Acl_Resource('data'));
'register', $this->acl->add(new Zend_Acl_Resource('water'));
'registercomplete', $this->acl->add(new Zend_Acl_Resource('admin'));
'wcdlogin')); $this->acl->add(new Zend_Acl_Resource('upload'));
$this->acl->deny('guest','data',array('download','order')); $this->acl->add(new Zend_Acl_Resource('author'));
$this->acl->deny('guest','water',array('download','order')); $this->acl->add(new Zend_Acl_Resource('heihe'));
$this->acl->deny('guest','heihe',array('submit')); // allow access to everything for all users by default
// allow members access to the account management area // except for the account management and administration areas
$this->acl->allow('guest','author',array('index')); $this->acl->allow();
$this->acl->allow('member', 'account'); $this->acl->deny(null, 'account');
$this->acl->allow('member', 'author'); $this->acl->deny(null, 'admin');
$this->acl->deny(null, 'author');
// allows administrators access to the admin area // add an exception so guests can log in or register
$this->acl->allow($this->_adminRole, 'admin'); // in order to gain privilege
} $this->acl->allow('guest', 'account', array('login',
/** 'logout',
* preDispatch 'captcha',
* 'fetchpwd',
* Before an action is dispatched, check if the current user 'register',
* has sufficient privileges. If not, dispatch the default 'registercomplete',
* action instead 'wcdlogin'));
* $this->acl->deny('guest','data',array('download','order'));
* @param Zend_Controller_Request_Abstract $request $this->acl->deny('guest','water',array('download','order'));
*/ $this->acl->deny('guest','heihe',array('submit'));
public function preDispatch(\Zend_Controller_Request_Abstract $request) // allow members access to the account management area
{ $this->acl->allow('guest','author',array('index'));
$this->acl->allow('member', 'account');
$phpSessId = $request->getParam('PHPSESSID'); $this->acl->allow('member', 'author');
if (!empty($phpSessId) && session_id() != $phpSessId) { // allows administrators access to the admin area
session_destroy(); $this->acl->allow($this->_adminRole, 'admin');
session_id($phpSessId); }
session_start(); /**
} * preDispatch
// check if a user is logged in and has a valid role, *
// otherwise, assign them the default role (guest) * Before an action is dispatched, check if the current user
* has sufficient privileges. If not, dispatch the default
if(!$this->auth->hasIdentity()) * action instead
{ *
$mb = new \member(); * @param Zend_Controller_Request_Abstract $request
$mb->db=$this->db; */
if($mb->checkcookie()) public function preDispatch(\Zend_Controller_Request_Abstract $request)
{ {
$auth = Zend_Auth::getInstance();
$authAdapter = new Zend_Auth_Adapter_DbTable($this->db); $phpSessId = $request->getParam('PHPSESSID');
$authAdapter->setTableName('users')
->setIdentityColumn('username') if (!empty($phpSessId) && session_id() != $phpSessId) {
->setCredentialColumn('password'); session_destroy();
$authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd); session_id($phpSessId);
$result = $auth->authenticate($authAdapter); session_start();
if ($result->isValid()) { }
$data = $authAdapter->getResultRowObject(null,'password'); // check if a user is logged in and has a valid role,
//头像 // otherwise, assign them the default role (guest)
include_once("Avatar.php");
$avatar = new Avatar(); if(!$this->auth->hasIdentity())
$data->avatar = $avatar->Get($data->email,40); {
$mb = new \member();
//组ID $mb->db=$this->db;
include_once("Users.php"); if($mb->checkcookie())
$usr = new Users($this->db); {
$data->gid = $usr->getGroup($data->id); $auth = Zend_Auth::getInstance();
$authAdapter = new Zend_Auth_Adapter_DbTable($this->db);
$auth->getStorage()->write($data); $authAdapter->setTableName('users')
$this->db->query("update users set ts_last_login=now() where username=?",array($mb->user)); ->setIdentityColumn('username')
} ->setCredentialColumn('password');
} $authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd);
} $result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
if ($this->auth->hasIdentity()) $data = $authAdapter->getResultRowObject(null,'password');
$role = $this->auth->getIdentity()->usertype; //头像
else include_once("Avatar.php");
$role = $this->_defaultRole; $avatar = new Avatar();
if (!$this->acl->hasRole($role)) $data->avatar = $avatar->Get($data->email,40);
$role = $this->_defaultRole;
// the ACL resource is the requested controller name //组ID
$resource = $request->controller; include_once("Users.php");
if ($request->module<>"default") $resource=$request->module; $usr = new Users($this->db);
// the ACL privilege is the requested action name $data->gid = $usr->getGroup($data->id);
$privilege = $request->action;
if ($request->module<>"default") $privilege = $request->controller; $auth->getStorage()->write($data);
// if we haven't explicitly added the resource, check $this->db->query("update users set ts_last_login=now() where username=?",array($mb->user));
// the default global permissions }
if (!$this->acl->has($resource)) }
$resource = null; }
// access denied - reroute the request to the default action handler
if (!$this->acl->isAllowed($role, $resource, $privilege)) { if ($this->auth->hasIdentity())
$request->setModuleName($this->_authController['module']); $role = $this->auth->getIdentity()->usertype;
$request->setControllerName($this->_authController['controller']); else
$request->setActionName($this->_authController['action']); $role = $this->_defaultRole;
} if (!$this->acl->hasRole($role))
} $role = $this->_defaultRole;
} // the ACL resource is the requested controller name
$resource = $request->controller;
if ($request->module<>"default") $resource=$request->module;
// the ACL privilege is the requested action name
$privilege = $request->action;
if ($request->module<>"default") $privilege = $request->controller;
// if we haven't explicitly added the resource, check
// the default global permissions
if (!$this->acl->has($resource))
$resource = null;
// access denied - reroute the request to the default action handler
if (!$this->acl->isAllowed($role, $resource, $privilege)) {
$request->setModuleName($this->_authController['module']);
$request->setControllerName($this->_authController['controller']);
$request->setActionName($this->_authController['action']);
}
}
}