修改AclManager,添加其它平台角色
This commit is contained in:
Li Jianxuan
parent
47f3b3d828
commit
13e5e6be9b
|
|
@ -1,145 +1,162 @@
|
|||
<?php
|
||||
namespace Users;
|
||||
|
||||
use Zend_Acl;
|
||||
use Zend_Acl_Role;
|
||||
use Zend_Acl_Resource;
|
||||
|
||||
|
||||
class AclManager extends \Zend_Controller_Plugin_Abstract
|
||||
{
|
||||
// default user role if not logged or (or invalid role found)
|
||||
private $_defaultRole = 'guest';
|
||||
// the action to dispatch if a user doesn't have sufficient privileges
|
||||
private $_authController = array(
|
||||
'module'=>'',
|
||||
'controller' => 'account',
|
||||
'action' => 'login'
|
||||
);
|
||||
|
||||
private $_adminRole;
|
||||
|
||||
public function __construct(\Zend_Auth $auth)
|
||||
{
|
||||
$config = \Zend_Registry::get('config');
|
||||
$this->_adminRole = $config->auth->identifier;
|
||||
|
||||
$this->db=\Zend_Registry::get('db');
|
||||
$this->auth = $auth;
|
||||
$this->acl = new Zend_Acl();
|
||||
// add the different user roles
|
||||
$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
|
||||
$this->acl->addRole(new Zend_Acl_Role('member'));
|
||||
$this->acl->addRole(new Zend_Acl_Role($this->_adminRole), 'member');
|
||||
|
||||
// add the resources we want to have control over
|
||||
$this->acl->add(new Zend_Acl_Resource('account'));
|
||||
$this->acl->add(new Zend_Acl_Resource('data'));
|
||||
$this->acl->add(new Zend_Acl_Resource('water'));
|
||||
$this->acl->add(new Zend_Acl_Resource('admin'));
|
||||
$this->acl->add(new Zend_Acl_Resource('upload'));
|
||||
$this->acl->add(new Zend_Acl_Resource('author'));
|
||||
$this->acl->add(new Zend_Acl_Resource('heihe'));
|
||||
// allow access to everything for all users by default
|
||||
// except for the account management and administration areas
|
||||
$this->acl->allow();
|
||||
$this->acl->deny(null, 'account');
|
||||
$this->acl->deny(null, 'admin');
|
||||
$this->acl->deny(null, 'author');
|
||||
// add an exception so guests can log in or register
|
||||
// in order to gain privilege
|
||||
$this->acl->allow('guest', 'account', array('login',
|
||||
'logout',
|
||||
'captcha',
|
||||
'fetchpwd',
|
||||
'register',
|
||||
'registercomplete',
|
||||
'wcdlogin'));
|
||||
$this->acl->deny('guest','data',array('download','order'));
|
||||
$this->acl->deny('guest','water',array('download','order'));
|
||||
$this->acl->deny('guest','heihe',array('submit'));
|
||||
// allow members access to the account management area
|
||||
$this->acl->allow('guest','author',array('index'));
|
||||
$this->acl->allow('member', 'account');
|
||||
$this->acl->allow('member', 'author');
|
||||
|
||||
// allows administrators access to the admin area
|
||||
$this->acl->allow($this->_adminRole, 'admin');
|
||||
}
|
||||
/**
|
||||
* preDispatch
|
||||
*
|
||||
* Before an action is dispatched, check if the current user
|
||||
* has sufficient privileges. If not, dispatch the default
|
||||
* action instead
|
||||
*
|
||||
* @param Zend_Controller_Request_Abstract $request
|
||||
*/
|
||||
public function preDispatch(\Zend_Controller_Request_Abstract $request)
|
||||
{
|
||||
|
||||
$phpSessId = $request->getParam('PHPSESSID');
|
||||
|
||||
if (!empty($phpSessId) && session_id() != $phpSessId) {
|
||||
session_destroy();
|
||||
session_id($phpSessId);
|
||||
session_start();
|
||||
}
|
||||
// check if a user is logged in and has a valid role,
|
||||
// otherwise, assign them the default role (guest)
|
||||
|
||||
if(!$this->auth->hasIdentity())
|
||||
{
|
||||
$mb = new \member();
|
||||
$mb->db=$this->db;
|
||||
if($mb->checkcookie())
|
||||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$authAdapter = new Zend_Auth_Adapter_DbTable($this->db);
|
||||
$authAdapter->setTableName('users')
|
||||
->setIdentityColumn('username')
|
||||
->setCredentialColumn('password');
|
||||
$authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd);
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
$data = $authAdapter->getResultRowObject(null,'password');
|
||||
//头像
|
||||
include_once("Avatar.php");
|
||||
$avatar = new Avatar();
|
||||
$data->avatar = $avatar->Get($data->email,40);
|
||||
|
||||
//组ID
|
||||
include_once("Users.php");
|
||||
$usr = new Users($this->db);
|
||||
$data->gid = $usr->getGroup($data->id);
|
||||
|
||||
$auth->getStorage()->write($data);
|
||||
$this->db->query("update users set ts_last_login=now() where username=?",array($mb->user));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->auth->hasIdentity())
|
||||
$role = $this->auth->getIdentity()->usertype;
|
||||
else
|
||||
$role = $this->_defaultRole;
|
||||
if (!$this->acl->hasRole($role))
|
||||
$role = $this->_defaultRole;
|
||||
// the ACL resource is the requested controller name
|
||||
$resource = $request->controller;
|
||||
if ($request->module<>"default") $resource=$request->module;
|
||||
// the ACL privilege is the requested action name
|
||||
$privilege = $request->action;
|
||||
if ($request->module<>"default") $privilege = $request->controller;
|
||||
// if we haven't explicitly added the resource, check
|
||||
// the default global permissions
|
||||
if (!$this->acl->has($resource))
|
||||
$resource = null;
|
||||
// access denied - reroute the request to the default action handler
|
||||
if (!$this->acl->isAllowed($role, $resource, $privilege)) {
|
||||
$request->setModuleName($this->_authController['module']);
|
||||
$request->setControllerName($this->_authController['controller']);
|
||||
$request->setActionName($this->_authController['action']);
|
||||
}
|
||||
}
|
||||
}
|
||||
<?php
|
||||
namespace Users;
|
||||
|
||||
use Zend_Acl;
|
||||
use Zend_Acl_Role;
|
||||
use Zend_Acl_Resource;
|
||||
|
||||
|
||||
class AclManager extends \Zend_Controller_Plugin_Abstract
|
||||
{
|
||||
// default user role if not logged or (or invalid role found)
|
||||
private $_defaultRole = 'guest';
|
||||
// the action to dispatch if a user doesn't have sufficient privileges
|
||||
private $_authController = array(
|
||||
'module'=>'',
|
||||
'controller' => 'account',
|
||||
'action' => 'login'
|
||||
);
|
||||
|
||||
private $_adminRole;
|
||||
|
||||
private $roles = array(
|
||||
'系统管理员' => 'administrator',
|
||||
'青海省气象科学研究所' => 'meteorologic',
|
||||
'青海省环境监测中心站' => 'qhemc',
|
||||
'青海省水土保持局' => 'watersoil',
|
||||
'青海省林业调查规划院' => 'forestry',
|
||||
'青海省水文水资源局' => 'hydrology',
|
||||
'青海省草原总站' => 'grassland',
|
||||
'青海省生态环境遥感监测中心' => 'qherc'
|
||||
);
|
||||
|
||||
public function __construct(\Zend_Auth $auth)
|
||||
{
|
||||
$config = \Zend_Registry::get('config');
|
||||
$this->_adminRole = $config->auth->identifier;
|
||||
|
||||
$this->db=\Zend_Registry::get('db');
|
||||
$this->auth = $auth;
|
||||
$this->acl = new Zend_Acl();
|
||||
// add the different user roles
|
||||
$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
|
||||
$this->acl->addRole(new Zend_Acl_Role('member'));
|
||||
|
||||
foreach($this->roles as $k=>$v)
|
||||
{
|
||||
$this->acl->addRole(new Zend_Acl_Role($v), 'member');
|
||||
}
|
||||
|
||||
//$this->acl->addRole(new Zend_Acl_Role($this->_adminRole), 'member');
|
||||
|
||||
// add the resources we want to have control over
|
||||
$this->acl->add(new Zend_Acl_Resource('account'));
|
||||
$this->acl->add(new Zend_Acl_Resource('data'));
|
||||
$this->acl->add(new Zend_Acl_Resource('water'));
|
||||
$this->acl->add(new Zend_Acl_Resource('admin'));
|
||||
$this->acl->add(new Zend_Acl_Resource('upload'));
|
||||
$this->acl->add(new Zend_Acl_Resource('author'));
|
||||
$this->acl->add(new Zend_Acl_Resource('heihe'));
|
||||
// allow access to everything for all users by default
|
||||
// except for the account management and administration areas
|
||||
$this->acl->allow();
|
||||
$this->acl->deny(null, 'account');
|
||||
$this->acl->deny(null, 'admin');
|
||||
$this->acl->deny(null, 'author');
|
||||
// add an exception so guests can log in or register
|
||||
// in order to gain privilege
|
||||
$this->acl->allow('guest', 'account', array('login',
|
||||
'logout',
|
||||
'captcha',
|
||||
'fetchpwd',
|
||||
'register',
|
||||
'registercomplete',
|
||||
'wcdlogin'));
|
||||
$this->acl->deny('guest','data',array('download','order'));
|
||||
$this->acl->deny('guest','water',array('download','order'));
|
||||
$this->acl->deny('guest','heihe',array('submit'));
|
||||
// allow members access to the account management area
|
||||
$this->acl->allow('guest','author',array('index'));
|
||||
$this->acl->allow('member', 'account');
|
||||
$this->acl->allow('member', 'author');
|
||||
|
||||
// allows administrators access to the admin area
|
||||
$this->acl->allow($this->_adminRole, 'admin');
|
||||
}
|
||||
/**
|
||||
* preDispatch
|
||||
*
|
||||
* Before an action is dispatched, check if the current user
|
||||
* has sufficient privileges. If not, dispatch the default
|
||||
* action instead
|
||||
*
|
||||
* @param Zend_Controller_Request_Abstract $request
|
||||
*/
|
||||
public function preDispatch(\Zend_Controller_Request_Abstract $request)
|
||||
{
|
||||
|
||||
$phpSessId = $request->getParam('PHPSESSID');
|
||||
|
||||
if (!empty($phpSessId) && session_id() != $phpSessId) {
|
||||
session_destroy();
|
||||
session_id($phpSessId);
|
||||
session_start();
|
||||
}
|
||||
// check if a user is logged in and has a valid role,
|
||||
// otherwise, assign them the default role (guest)
|
||||
|
||||
if(!$this->auth->hasIdentity())
|
||||
{
|
||||
$mb = new \member();
|
||||
$mb->db=$this->db;
|
||||
if($mb->checkcookie())
|
||||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$authAdapter = new Zend_Auth_Adapter_DbTable($this->db);
|
||||
$authAdapter->setTableName('users')
|
||||
->setIdentityColumn('username')
|
||||
->setCredentialColumn('password');
|
||||
$authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd);
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
$data = $authAdapter->getResultRowObject(null,'password');
|
||||
//头像
|
||||
include_once("Avatar.php");
|
||||
$avatar = new Avatar();
|
||||
$data->avatar = $avatar->Get($data->email,40);
|
||||
|
||||
//组ID
|
||||
include_once("Users.php");
|
||||
$usr = new Users($this->db);
|
||||
$data->gid = $usr->getGroup($data->id);
|
||||
|
||||
$auth->getStorage()->write($data);
|
||||
$this->db->query("update users set ts_last_login=now() where username=?",array($mb->user));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->auth->hasIdentity())
|
||||
$role = $this->auth->getIdentity()->usertype;
|
||||
else
|
||||
$role = $this->_defaultRole;
|
||||
if (!$this->acl->hasRole($role))
|
||||
$role = $this->_defaultRole;
|
||||
// the ACL resource is the requested controller name
|
||||
$resource = $request->controller;
|
||||
if ($request->module<>"default") $resource=$request->module;
|
||||
// the ACL privilege is the requested action name
|
||||
$privilege = $request->action;
|
||||
if ($request->module<>"default") $privilege = $request->controller;
|
||||
// if we haven't explicitly added the resource, check
|
||||
// the default global permissions
|
||||
if (!$this->acl->has($resource))
|
||||
$resource = null;
|
||||
// access denied - reroute the request to the default action handler
|
||||
if (!$this->acl->isAllowed($role, $resource, $privilege)) {
|
||||
$request->setModuleName($this->_authController['module']);
|
||||
$request->setControllerName($this->_authController['controller']);
|
||||
$request->setActionName($this->_authController['action']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue