添加子平台用户角色作为普通用户
This commit is contained in:
Li Jianxuan
parent
7ca5d8b07b
commit
6b34db402c
|
|
@ -1,125 +1,141 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Users\Member;
|
use Users\Member;
|
||||||
use Users\Account;
|
use Users\Account;
|
||||||
use Helpers\View as view;
|
use Helpers\View as view;
|
||||||
class CustomControllerAclManager extends Zend_Controller_Plugin_Abstract
|
class CustomControllerAclManager extends Zend_Controller_Plugin_Abstract
|
||||||
{
|
{
|
||||||
// default user role if not logged or (or invalid role found)
|
// default user role if not logged or (or invalid role found)
|
||||||
private $_defaultRole = 'guest';
|
private $_defaultRole = 'guest';
|
||||||
// the action to dispatch if a user doesn't have sufficient privileges
|
// the action to dispatch if a user doesn't have sufficient privileges
|
||||||
private $_authController = array('module'=>'','controller' => 'account',
|
private $_authController = array('module'=>'','controller' => 'account',
|
||||||
'action' => 'login');
|
'action' => 'login');
|
||||||
|
|
||||||
public function __construct(Zend_Auth $auth)
|
private $roles = array(
|
||||||
{
|
'系统管理员' => 'administrator',
|
||||||
$this->db=Zend_Registry::get('db');
|
'青海省气象科学研究所' => 'meteorologic',
|
||||||
$this->auth = $auth;
|
'青海省环境监测中心站' => 'qhemc',
|
||||||
$this->acl = new Zend_Acl();
|
'青海省水土保持局' => 'watersoil',
|
||||||
// add the different user roles
|
'青海省林业调查规划院' => 'forestry',
|
||||||
$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
|
'青海省水文水资源局' => 'hydrology',
|
||||||
$this->acl->addRole(new Zend_Acl_Role('member'));
|
'青海省草原总站' => 'grassland',
|
||||||
$this->acl->addRole(new Zend_Acl_Role('administrator'), 'member');
|
'青海省生态环境遥感监测中心' => 'qherc'
|
||||||
// add the resources we want to have control over
|
);
|
||||||
$this->acl->add(new Zend_Acl_Resource('account'));
|
|
||||||
$this->acl->add(new Zend_Acl_Resource('data'));
|
public function __construct(Zend_Auth $auth)
|
||||||
$this->acl->add(new Zend_Acl_Resource('water'));
|
{
|
||||||
$this->acl->add(new Zend_Acl_Resource('admin'));
|
$this->db=Zend_Registry::get('db');
|
||||||
$this->acl->add(new Zend_Acl_Resource('upload'));
|
$this->auth = $auth;
|
||||||
$this->acl->add(new Zend_Acl_Resource('author'));
|
$this->acl = new Zend_Acl();
|
||||||
$this->acl->add(new Zend_Acl_Resource('heihe'));
|
// add the different user roles
|
||||||
// allow access to everything for all users by default
|
$this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
|
||||||
// except for the account management and administration areas
|
$this->acl->addRole(new Zend_Acl_Role('member'));
|
||||||
$this->acl->allow();
|
|
||||||
$this->acl->deny(null, 'account');
|
foreach($this->roles as $k=>$v)
|
||||||
$this->acl->deny(null, 'admin');
|
{
|
||||||
$this->acl->deny(null, 'author');
|
$this->acl->addRole(new Zend_Acl_Role($v), 'member');
|
||||||
// add an exception so guests can log in or register
|
}
|
||||||
// in order to gain privilege
|
|
||||||
$this->acl->allow('guest', 'account', array('login','oauth2login','callback',
|
// add the resources we want to have control over
|
||||||
'logout',
|
$this->acl->add(new Zend_Acl_Resource('account'));
|
||||||
'captcha',
|
$this->acl->add(new Zend_Acl_Resource('data'));
|
||||||
'fetchpwd',
|
$this->acl->add(new Zend_Acl_Resource('water'));
|
||||||
'register',
|
$this->acl->add(new Zend_Acl_Resource('admin'));
|
||||||
'registercomplete'));
|
$this->acl->add(new Zend_Acl_Resource('upload'));
|
||||||
$this->acl->deny('guest','data',array('download','order'));
|
$this->acl->add(new Zend_Acl_Resource('author'));
|
||||||
$this->acl->deny('guest','water',array('download','order'));
|
$this->acl->add(new Zend_Acl_Resource('heihe'));
|
||||||
$this->acl->deny('guest','heihe',array('submit'));
|
// allow access to everything for all users by default
|
||||||
// allow members access to the account management area
|
// except for the account management and administration areas
|
||||||
$this->acl->allow('guest','author',array('index'));
|
$this->acl->allow();
|
||||||
$this->acl->allow('member', 'account');
|
$this->acl->deny(null, 'account');
|
||||||
$this->acl->allow('member', 'author');
|
$this->acl->deny(null, 'admin');
|
||||||
// allows administrators access to the admin area
|
$this->acl->deny(null, 'author');
|
||||||
$this->acl->allow('administrator', 'admin');
|
// add an exception so guests can log in or register
|
||||||
}
|
// in order to gain privilege
|
||||||
/**
|
$this->acl->allow('guest', 'account', array('login','oauth2login','callback',
|
||||||
* preDispatch
|
'logout',
|
||||||
*
|
'captcha',
|
||||||
* Before an action is dispatched, check if the current user
|
'fetchpwd',
|
||||||
* has sufficient privileges. If not, dispatch the default
|
'register',
|
||||||
* action instead
|
'registercomplete'));
|
||||||
*
|
$this->acl->deny('guest','data',array('download','order'));
|
||||||
* @param Zend_Controller_Request_Abstract $request
|
$this->acl->deny('guest','water',array('download','order'));
|
||||||
*/
|
$this->acl->deny('guest','heihe',array('submit'));
|
||||||
public function preDispatch(Zend_Controller_Request_Abstract $request)
|
// allow members access to the account management area
|
||||||
{
|
$this->acl->allow('guest','author',array('index'));
|
||||||
|
$this->acl->allow('member', 'account');
|
||||||
$phpSessId = $request->getParam('PHPSESSID');
|
$this->acl->allow('member', 'author');
|
||||||
|
// allows administrators access to the admin area
|
||||||
if (!empty($phpSessId) && session_id() != $phpSessId) {
|
$this->acl->allow('administrator', 'admin');
|
||||||
session_destroy();
|
}
|
||||||
session_id($phpSessId);
|
/**
|
||||||
ini_set('session.cookie_domain', '.sanjiangyuan.org.cn' );
|
* preDispatch
|
||||||
session_set_cookie_params(0, '/', '.sanjiangyuan.org.cn');
|
*
|
||||||
session_start();
|
* Before an action is dispatched, check if the current user
|
||||||
}
|
* has sufficient privileges. If not, dispatch the default
|
||||||
// check if a user is logged in and has a valid role,
|
* action instead
|
||||||
// otherwise, assign them the default role (guest)
|
*
|
||||||
|
* @param Zend_Controller_Request_Abstract $request
|
||||||
if(!$this->auth->hasIdentity())
|
*/
|
||||||
{
|
public function preDispatch(Zend_Controller_Request_Abstract $request)
|
||||||
$member = new Member();
|
{
|
||||||
|
|
||||||
if($member->checkcookie())
|
$phpSessId = $request->getParam('PHPSESSID');
|
||||||
{
|
|
||||||
$data = array(
|
if (!empty($phpSessId) && session_id() != $phpSessId) {
|
||||||
'username' => $member->user,
|
session_destroy();
|
||||||
'password' => $member->srpwd
|
session_id($phpSessId);
|
||||||
);
|
ini_set('session.cookie_domain', '.sanjiangyuan.org.cn' );
|
||||||
|
session_set_cookie_params(0, '/', '.sanjiangyuan.org.cn');
|
||||||
$account = new Account();
|
session_start();
|
||||||
$status = $account->storeLogin($data,false);
|
}
|
||||||
|
// check if a user is logged in and has a valid role,
|
||||||
if(isset($status['error']))
|
// otherwise, assign them the default role (guest)
|
||||||
{
|
|
||||||
$auth = Zend_Auth::getInstance();
|
if(!$this->auth->hasIdentity())
|
||||||
$auth->clearIdentity();
|
{
|
||||||
Member::flushcookie();
|
$member = new Member();
|
||||||
}
|
|
||||||
}
|
if($member->checkcookie())
|
||||||
}
|
{
|
||||||
|
$data = array(
|
||||||
if ($this->auth->hasIdentity())
|
'username' => $member->user,
|
||||||
$role = $this->auth->getIdentity()->usertype;
|
'password' => $member->srpwd
|
||||||
else
|
);
|
||||||
$role = $this->_defaultRole;
|
|
||||||
if (!$this->acl->hasRole($role))
|
$account = new Account();
|
||||||
$role = $this->_defaultRole;
|
$status = $account->storeLogin($data,false);
|
||||||
// the ACL resource is the requested controller name
|
|
||||||
$resource = $request->controller;
|
if(isset($status['error']))
|
||||||
if ($request->module<>"default") $resource=$request->module;
|
{
|
||||||
// the ACL privilege is the requested action name
|
$auth = Zend_Auth::getInstance();
|
||||||
$privilege = $request->action;
|
$auth->clearIdentity();
|
||||||
if ($request->module<>"default") $privilege = $request->controller;
|
Member::flushcookie();
|
||||||
// if we haven't explicitly added the resource, check
|
}
|
||||||
// the default global permissions
|
}
|
||||||
if (!$this->acl->has($resource))
|
}
|
||||||
$resource = null;
|
|
||||||
// access denied - reroute the request to the default action handler
|
if ($this->auth->hasIdentity())
|
||||||
if (!$this->acl->isAllowed($role, $resource, $privilege)) {
|
$role = $this->auth->getIdentity()->usertype;
|
||||||
$request->setModuleName($this->_authController['module']);
|
else
|
||||||
$request->setControllerName($this->_authController['controller']);
|
$role = $this->_defaultRole;
|
||||||
$request->setActionName($this->_authController['action']);
|
if (!$this->acl->hasRole($role))
|
||||||
}
|
$role = $this->_defaultRole;
|
||||||
}
|
// the ACL resource is the requested controller name
|
||||||
}
|
$resource = $request->controller;
|
||||||
|
if ($request->module<>"default") $resource=$request->module;
|
||||||
|
// the ACL privilege is the requested action name
|
||||||
|
$privilege = $request->action;
|
||||||
|
if ($request->module<>"default") $privilege = $request->controller;
|
||||||
|
// if we haven't explicitly added the resource, check
|
||||||
|
// the default global permissions
|
||||||
|
if (!$this->acl->has($resource))
|
||||||
|
$resource = null;
|
||||||
|
// access denied - reroute the request to the default action handler
|
||||||
|
if (!$this->acl->isAllowed($role, $resource, $privilege)) {
|
||||||
|
$request->setModuleName($this->_authController['module']);
|
||||||
|
$request->setControllerName($this->_authController['controller']);
|
||||||
|
$request->setActionName($this->_authController['action']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue