'','controller' => 'account', 'action' => 'login'); private $roles = array( '系统管理员' => 'administrator', '青海省气象科学研究所' => 'meteorologic', '青海省环境监测中心站' => 'qhemc', '青海省水土保持局' => 'watersoil', '青海省林业调查规划院' => 'forestry', '青海省水文水资源局' => 'hydrology', '青海省草原总站' => 'grassland', '青海省生态环境遥感监测中心' => 'qherc' ); public function __construct(Zend_Auth $auth) { $this->db=Zend_Registry::get('db'); $this->auth = $auth; $this->acl = new Zend_Acl(); // add the different user roles $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole)); $this->acl->addRole(new Zend_Acl_Role('member')); foreach($this->roles as $k=>$v) { $this->acl->addRole(new Zend_Acl_Role($v), 'member'); } // add the resources we want to have control over $this->acl->add(new Zend_Acl_Resource('account')); $this->acl->add(new Zend_Acl_Resource('data')); $this->acl->add(new Zend_Acl_Resource('water')); $this->acl->add(new Zend_Acl_Resource('admin')); $this->acl->add(new Zend_Acl_Resource('upload')); $this->acl->add(new Zend_Acl_Resource('author')); $this->acl->add(new Zend_Acl_Resource('heihe')); // allow access to everything for all users by default // except for the account management and administration areas $this->acl->allow(); $this->acl->deny(null, 'account'); $this->acl->deny(null, 'admin'); $this->acl->deny(null, 'author'); // add an exception so guests can log in or register // in order to gain privilege $this->acl->allow('guest', 'account', array('login','oauth2login','callback', 'logout', 'captcha', 'fetchpwd', 'register', 'registercomplete')); $this->acl->deny('guest','data',array('download','order')); $this->acl->deny('guest','water',array('download','order')); $this->acl->deny('guest','heihe',array('submit')); // allow members access to the account management area $this->acl->allow('guest','author',array('index')); $this->acl->allow('member', 'account'); $this->acl->allow('member', 'author'); // allows administrators access to the admin area $this->acl->allow('administrator', 'admin'); } /** * preDispatch * * Before an action is dispatched, check if the current user * has sufficient privileges. If not, dispatch the default * action instead * * @param Zend_Controller_Request_Abstract $request */ public function preDispatch(Zend_Controller_Request_Abstract $request) { $phpSessId = $request->getParam('PHPSESSID'); if (!empty($phpSessId) && session_id() != $phpSessId) { session_destroy(); session_id($phpSessId); ini_set('session.cookie_domain', '.sanjiangyuan.org.cn' ); session_set_cookie_params(0, '/', '.sanjiangyuan.org.cn'); session_start(); } // check if a user is logged in and has a valid role, // otherwise, assign them the default role (guest) if(!$this->auth->hasIdentity()) { $member = new Member(); if($member->checkcookie()) { $data = array( 'username' => $member->user, 'password' => $member->srpwd ); $account = new Account(); $status = $account->storeLogin($data,false); if(isset($status['error'])) { $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); Member::flushcookie(); } } } if ($this->auth->hasIdentity()) $role = $this->auth->getIdentity()->usertype; else $role = $this->_defaultRole; if (!$this->acl->hasRole($role)) $role = $this->_defaultRole; // the ACL resource is the requested controller name $resource = $request->controller; if ($request->module<>"default") $resource=$request->module; // the ACL privilege is the requested action name $privilege = $request->action; if ($request->module<>"default") $privilege = $request->controller; // if we haven't explicitly added the resource, check // the default global permissions if (!$this->acl->has($resource)) $resource = null; // access denied - reroute the request to the default action handler if (!$this->acl->isAllowed($role, $resource, $privilege)) { $request->setModuleName($this->_authController['module']); $request->setControllerName($this->_authController['controller']); $request->setActionName($this->_authController['action']); } } }