Question

我已经在这方面工作了几天无济于事。

使用ZF Boilerplate，我正在尝试设置一个包含模块的ACL（因为我的架构中有一些控制器具有相同的名称，并且无法更改）。我以为我有这个工作得很好，只是意识到访问永远不会被处理，我想我缺少一些东西，但我不确定是什么。

这是我的设置：

库/ App / Action / Helpers / PrivilegesManage.php中的助手

<?php 
class App_Action_Helpers_PrivilegesManage extends Zend_Controller_Action_Helper_Abstract
{
//the acl object
public $acl;
//the constructor of the our ACL
public function __construct()
{
    $this->acl = new Zend_Acl();
}

//function that sets roles for the people
public function setRoles()
{
    $this->acl->addRole(new Zend_Acl_Role('guest'));
    $this->acl->addRole(new Zend_Acl_Role('crew'));
    $this->acl->addRole(new Zend_Acl_Role('client'));
    $this->acl->addRole(new Zend_Acl_Role('admin'));
}

//function that set the resources to be accessed on the site
public function setResources()
{
    $this->acl->add(new Zend_Acl_Resource('site:error'));
    $this->acl->add(new Zend_Acl_Resource('site:index'));
    //me
    $this->acl->add(new Zend_Acl_Resource('me:clients'));
    $this->acl->add(new Zend_Acl_Resource('me:crew'));
    $this->acl->add(new Zend_Acl_Resource('me:error'));
    $this->acl->add(new Zend_Acl_Resource('me:index'));
    $this->acl->add(new Zend_Acl_Resource('me:jobs'));
    $this->acl->add(new Zend_Acl_Resource('me:people'));
    $this->acl->add(new Zend_Acl_Resource('me:system'));
    //admin
    $this->acl->add(new Zend_Acl_Resource('admin:clients'));
    $this->acl->add(new Zend_Acl_Resource('admin:crew'));
    $this->acl->add(new Zend_Acl_Resource('admin:error'));
    $this->acl->add(new Zend_Acl_Resource('admin:index'));
    $this->acl->add(new Zend_Acl_Resource('admin:jobs'));
    $this->acl->add(new Zend_Acl_Resource('admin:people'));
    $this->acl->add(new Zend_Acl_Resource('admin:system'));
}

//function that sets the privileges for the different roles
public function setPrivileges()
{
    $this->acl->allow('guest', 'site:error', 'index');
    $this->acl->deny('guest', 'site:index', 'index');

    $this->acl->allow('crew', 'site:index');
    $this->acl->allow('crew', 'site:error');
    $this->acl->allow('crew', 'me:crew');       
    $this->acl->allow('client', 'me:clients');
    $this->acl->allow('client', 'site:index', array('logout'));
    $this->acl->deny('client', 'me:crew');
    $this->acl->deny('guest', 'admin:crew', array('add'));

}

public function setAcl()
{
    Zend_Registry::set('acl', $this->acl);
}
?>

然后我在App / Plugin / Acl.php中有一个插件 [EDITED]

<?php
class App_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
/**
 *
 * @var Zend_Auth
 */
protected $_auth; //Zend_Auth instance for user access

protected $_acl; //Zend_Acl instance for user privileges
protected $_module;
protected $_action;
protected $_controller;
protected $_currentRole;
protected $_resource;

public function __construct(Zend_Acl $acl, array $options = array()) {
    $this->_auth = Zend_Auth::getInstance();
    $this->_acl = $acl;

}

 public function preDispatch(Zend_Controller_Request_Abstract $request) {

    $this->_init($request);

   if ($this->_acl->has($this->_resource)) {
        // if the current user role is not allowed to do something
        if (!$this->_acl->isAllowed($this->_currentRole, $this->_resource, $this->_action)) {

            if ('guest' == $this->_currentRole) {
                $request->setModuleName('site');
                $request->setControllerName('index');
                $request->setActionName('login');
            } 
            else {
                $request->setModuleName('site');
                $request->setControllerName('error');
                $request->setActionName('denied');

            }
        }
    }
}

protected function _init($request) 
{
    $this->_module = $request->getModuleName();
    $this->_action = $request->getActionName();
    $this->_controller = $request->getControllerName();
    $this->_currentRole = $this->_getCurrentUserRole();
    $this->_resource = $this->_module  . ':' . $this->_controller; 
}

protected function _getCurrentUserRole() 
{      

    if($this->_auth->hasIdentity()) {
        $authData = $this->_auth->getIdentity();
        //$role = isset($authData->myType())?strtolower($authData->property->privilage): 'guest';
        //retrieving the UserType
            $authTypeCheck = $authData->myType();
        if(isset($authTypeCheck)){
            $role = strtolower($authData->myType());
        }
    } else {
        $role = 'guest';
    }
    return $role;
}
}
?>

现在在这里似乎$ acl从来没有任何资源，当我打印出$ acl的内容时，我确实获得了一些资源。

最后在引导程序中我有：

    protected function _initAclControllerPlugin() {

    $this->bootstrap('frontcontroller');


    $front = Zend_Controller_Front::getInstance();
    $aclhelper= new App_Action_Helpers_PrivilegesManage();
    $aclhelper->setRoles();
    $aclhelper->setResources();
    $aclhelper->setPrivileges();
    $aclhelper->setAcl();

    $aclPlugin = new App_Plugin_Acl($aclhelper->acl);
    $front->registerPlugin($aclPlugin);
}

我是Zend的新手，特别是ACL，所以任何建议和帮助都会非常受欢迎。

Answer 1

你没有在你的acl插件中定义你的资源吗

protected function _init($request) 
{

    $this->_module = $request->getModuleName();
    $this->_action = $request->getActionName();
    $this->_controller = $request->getControllerName();
    $this->_currentRole = $this->_getCurrentUserRole();
   $this->_resource = $this->_module  . ':' . $this->_controller; // <-----
}

Answer 2

可能与此方法有关：

protected function _getCurrentUserRole() 
{      

    if($this->_auth->hasIdentity()) {
        $authData = $this->_auth->getIdentity();
        //$role = isset($authData->myType())?strtolower($authData->property->privilage): 'guest';
        //retrieving the UserType
            $authTypeCheck = $authData->myType();
        if(isset($authTypeCheck)){
            $role = strtolower($authData->myType());
        }
    } else {
        $role = 'guest';
    }
    return $role;
}

如果未设置$ authTypeCheck，则未定义角色。不确定$ authData-＆gt; myType（）到底是什么，但可能是原因。

你可以尝试在if（isset（$ authTypeCheck））{//} else {$ role ='guest'; }

仔细查看与此类似的代码是在其中一条注释行中完成的。

道歉，如果不是它，你采取了一种看似非常复杂的方法，至少与我的用例相比。您可以将所有代码包装到Acl Plugin Predispatch方法中，这可能会排除很多可能的问题。

带模块和控制器访问问题的Zend ACL

2 个答案: