添加子平台用户角色作为普通用户

2014-06-13 08:07:29 +00:00 · 2014-06-13 08:07:29 +00:00 · 6b34db402c
parent 7ca5d8b07b
commit 6b34db402c
1 changed files with 141 additions and 125 deletions
--- a/application/models/CustomControllerAclManager.php
+++ b/application/models/CustomControllerAclManager.php
@ -1,125 +1,141 @@
-<?php
-
-use Users\Member;
-use Users\Account;
-use Helpers\View as view;
-    class CustomControllerAclManager extends Zend_Controller_Plugin_Abstract
-    {
-        // default user role if not logged or (or invalid role found)
-        private $_defaultRole = 'guest';
-        // the action to dispatch if a user doesn't have sufficient privileges
-        private $_authController = array('module'=>'','controller' => 'account',
-                                          'action'    => 'login');
-		
-        public function __construct(Zend_Auth $auth)
-        {
-        	$this->db=Zend_Registry::get('db');
-            $this->auth = $auth;
-            $this->acl = new Zend_Acl();
-            // add the different user roles
-            $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
-            $this->acl->addRole(new Zend_Acl_Role('member'));
-            $this->acl->addRole(new Zend_Acl_Role('administrator'), 'member');
-            // add the resources we want to have control over
-            $this->acl->add(new Zend_Acl_Resource('account'));
-            $this->acl->add(new Zend_Acl_Resource('data'));
-            $this->acl->add(new Zend_Acl_Resource('water'));
-            $this->acl->add(new Zend_Acl_Resource('admin'));
-			$this->acl->add(new Zend_Acl_Resource('upload'));
-			$this->acl->add(new Zend_Acl_Resource('author'));
-			$this->acl->add(new Zend_Acl_Resource('heihe'));
-            // allow access to everything for all users by default
-            // except for the account management and administration areas
-            $this->acl->allow();
-            $this->acl->deny(null, 'account');
-            $this->acl->deny(null, 'admin');
-			$this->acl->deny(null, 'author');
-            // add an exception so guests can log in or register
-            // in order to gain privilege
-			  $this->acl->allow('guest', 'account', array('login','oauth2login','callback',
-			  							'logout',
-										'captcha',
-			                          'fetchpwd',
-			                          'register',
-			                          'registercomplete'));
-			  $this->acl->deny('guest','data',array('download','order'));
-			  $this->acl->deny('guest','water',array('download','order'));  
-			  $this->acl->deny('guest','heihe',array('submit'));                     
-			  // allow members access to the account management area
-			  $this->acl->allow('guest','author',array('index'));  
-			  $this->acl->allow('member', 'account');
-			  $this->acl->allow('member', 'author');
-			  // allows administrators access to the admin area
-			  $this->acl->allow('administrator', 'admin');
-			}
-		/**
-		  * preDispatch
-		  *
-		  * Before an action is dispatched, check if the current user
-		  * has sufficient privileges. If not, dispatch the default
-		  * action instead
-		  *
-		  * @param Zend_Controller_Request_Abstract     $request
-		  */
-		public function preDispatch(Zend_Controller_Request_Abstract $request)
-		{
-			
-			$phpSessId = $request->getParam('PHPSESSID');
-			
-			if (!empty($phpSessId) && session_id() != $phpSessId) {
-				session_destroy();
-				session_id($phpSessId);
-ini_set('session.cookie_domain', '.sanjiangyuan.org.cn' );
-session_set_cookie_params(0, '/', '.sanjiangyuan.org.cn');
-				session_start();
-			}
-		     // check if a user is logged in and has a valid role,
-		     // otherwise, assign them the default role (guest)
-			 
-			if(!$this->auth->hasIdentity())
-			{
-				$member = new Member();
-				
-				if($member->checkcookie())
-				{
-					$data = array(
-						'username' => $member->user,
-						'password' => $member->srpwd
-					);
-
-					$account = new Account();
-					$status = $account->storeLogin($data,false);
-					
-					if(isset($status['error']))
-					{
-						$auth = Zend_Auth::getInstance();
-						$auth->clearIdentity();
-						Member::flushcookie();
-					}
-				}
-			}
-			
-		     if ($this->auth->hasIdentity())
-		          $role = $this->auth->getIdentity()->usertype;
-		     else
-		          $role = $this->_defaultRole;
-		     if (!$this->acl->hasRole($role))
-		          $role = $this->_defaultRole;
-		     // the ACL resource is the requested controller name
-		     $resource = $request->controller;
-		     if ($request->module<>"default") $resource=$request->module;
-		     // the ACL privilege is the requested action name
-		     $privilege = $request->action;
-			 if ($request->module<>"default") $privilege = $request->controller;
-		     // if we haven't explicitly added the resource, check
-		     // the default global permissions
-		     if (!$this->acl->has($resource))
-		          $resource = null;
-		     // access denied - reroute the request to the default action handler
-		     if (!$this->acl->isAllowed($role, $resource, $privilege)) {
-		     	$request->setModuleName($this->_authController['module']);
-		      $request->setControllerName($this->_authController['controller']);
-		      $request->setActionName($this->_authController['action']);
-		    }
-		  }
-		}
+<?php
+
+use Users\Member;
+use Users\Account;
+use Helpers\View as view;
+    class CustomControllerAclManager extends Zend_Controller_Plugin_Abstract
+    {
+        // default user role if not logged or (or invalid role found)
+        private $_defaultRole = 'guest';
+        // the action to dispatch if a user doesn't have sufficient privileges
+        private $_authController = array('module'=>'','controller' => 'account',
+                                          'action'    => 'login');
+										  
+		private $roles = array(
+				'系统管理员' => 'administrator',
+				'青海省气象科学研究所' => 'meteorologic',
+				'青海省环境监测中心站' => 'qhemc',
+				'青海省水土保持局' => 'watersoil',
+				'青海省林业调查规划院' => 'forestry',
+				'青海省水文水资源局' => 'hydrology',
+				'青海省草原总站' => 'grassland',
+				'青海省生态环境遥感监测中心' => 'qherc'
+		);
+		
+        public function __construct(Zend_Auth $auth)
+        {
+        	$this->db=Zend_Registry::get('db');
+            $this->auth = $auth;
+            $this->acl = new Zend_Acl();
+            // add the different user roles
+            $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
+            $this->acl->addRole(new Zend_Acl_Role('member'));
+            
+			foreach($this->roles as $k=>$v)
+			{
+				$this->acl->addRole(new Zend_Acl_Role($v), 'member');
+			}
+			
+            // add the resources we want to have control over
+            $this->acl->add(new Zend_Acl_Resource('account'));
+            $this->acl->add(new Zend_Acl_Resource('data'));
+            $this->acl->add(new Zend_Acl_Resource('water'));
+            $this->acl->add(new Zend_Acl_Resource('admin'));
+			$this->acl->add(new Zend_Acl_Resource('upload'));
+			$this->acl->add(new Zend_Acl_Resource('author'));
+			$this->acl->add(new Zend_Acl_Resource('heihe'));
+            // allow access to everything for all users by default
+            // except for the account management and administration areas
+            $this->acl->allow();
+            $this->acl->deny(null, 'account');
+            $this->acl->deny(null, 'admin');
+			$this->acl->deny(null, 'author');
+            // add an exception so guests can log in or register
+            // in order to gain privilege
+			  $this->acl->allow('guest', 'account', array('login','oauth2login','callback',
+			  							'logout',
+										'captcha',
+			                          'fetchpwd',
+			                          'register',
+			                          'registercomplete'));
+			  $this->acl->deny('guest','data',array('download','order'));
+			  $this->acl->deny('guest','water',array('download','order'));  
+			  $this->acl->deny('guest','heihe',array('submit'));                     
+			  // allow members access to the account management area
+			  $this->acl->allow('guest','author',array('index'));  
+			  $this->acl->allow('member', 'account');
+			  $this->acl->allow('member', 'author');
+			  // allows administrators access to the admin area
+			  $this->acl->allow('administrator', 'admin');
+			}
+		/**
+		  * preDispatch
+		  *
+		  * Before an action is dispatched, check if the current user
+		  * has sufficient privileges. If not, dispatch the default
+		  * action instead
+		  *
+		  * @param Zend_Controller_Request_Abstract     $request
+		  */
+		public function preDispatch(Zend_Controller_Request_Abstract $request)
+		{
+			
+			$phpSessId = $request->getParam('PHPSESSID');
+			
+			if (!empty($phpSessId) && session_id() != $phpSessId) {
+				session_destroy();
+				session_id($phpSessId);
+ini_set('session.cookie_domain', '.sanjiangyuan.org.cn' );
+session_set_cookie_params(0, '/', '.sanjiangyuan.org.cn');
+				session_start();
+			}
+		     // check if a user is logged in and has a valid role,
+		     // otherwise, assign them the default role (guest)
+			 
+			if(!$this->auth->hasIdentity())
+			{
+				$member = new Member();
+				
+				if($member->checkcookie())
+				{
+					$data = array(
+						'username' => $member->user,
+						'password' => $member->srpwd
+					);
+
+					$account = new Account();
+					$status = $account->storeLogin($data,false);
+					
+					if(isset($status['error']))
+					{
+						$auth = Zend_Auth::getInstance();
+						$auth->clearIdentity();
+						Member::flushcookie();
+					}
+				}
+			}
+			
+		     if ($this->auth->hasIdentity())
+		          $role = $this->auth->getIdentity()->usertype;
+		     else
+		          $role = $this->_defaultRole;
+		     if (!$this->acl->hasRole($role))
+		          $role = $this->_defaultRole;
+		     // the ACL resource is the requested controller name
+		     $resource = $request->controller;
+		     if ($request->module<>"default") $resource=$request->module;
+		     // the ACL privilege is the requested action name
+		     $privilege = $request->action;
+			 if ($request->module<>"default") $privilege = $request->controller;
+		     // if we haven't explicitly added the resource, check
+		     // the default global permissions
+		     if (!$this->acl->has($resource))
+		          $resource = null;
+		     // access denied - reroute the request to the default action handler
+		     if (!$this->acl->isAllowed($role, $resource, $privilege)) {
+		     	$request->setModuleName($this->_authController['module']);
+		      $request->setControllerName($this->_authController['controller']);
+		      $request->setActionName($this->_authController['action']);
+		    }
+		  }
+		}