动态断言Zend_ACL - 在isAllowed上创建不需要的对象

时间:2012-08-02 18:25:19

标签: php zend-framework dynamic acl

在本文之后,我尝试将动态Zend_Acl断言添加到我的项目中: http://www.amazium.com/blog/content-driven-access-control-with-zend-acl

经过几天的思考,我仍然无法正常工作。它抛出一个错误:“可捕获的致命错误:传递给Application_Model_User :: populate()的参数1必须是一个数组,给定的对象,在C:\ Program Files \ Zend \ Apache2 \ htdocs \ guardian \ application \ models \ User中调用。 php在第14行,在第92行的C:\ Program Files \ Zend \ Apache2 \ htdocs \ guardian \ application \ models \ User.php中定义。“

通过调试我在ClientController

中找到了这一行 
$subsidiary->setAllowed($this->_acl->isAllowed($user, $subsidiary));

导致了这个问题。但我不知道如何让它发挥作用。 似乎isAllowed创建了User的实例,虽然我直接将它传递给了。

我的代码如下:

class My_Controller_Helper_Acl extends Zend_Acl{

public function __construct(){

    $this->add(new Zend_Acl_Resource('index'));
    $this->add(new Zend_Acl_Resource('client'));
    $this->add(new Zend_Acl_Resource('search'));
    $this->add(new Zend_Acl_Resource('subsidiary'));
    $this->add(new Zend_Acl_Resource('user'));
    $this->add(new Zend_Acl_Resource('error'));
    $this->add(new Zend_Acl_Resource('subs'));

    $guest = My_Role::ROLE_GUEST;
    $client = My_Role::ROLE_CLIENT;
    $technician = My_Role::ROLE_TECHNICIAN;
    $coordinator = My_Role::ROLE_COORDINATOR;
    $admin = My_Role::ROLE_ADMIN;

    $this->addRole(new Zend_Acl_Role($guest));
    $this->addRole(new Zend_Acl_Role($client));
    $this->addRole(new Zend_Acl_Role($technician), $client);
    $this->addRole(new Zend_Acl_Role($coordinator), $technician);
    $this->addRole(new Zend_Acl_Role($admin));

    $this->allow($guest, array('user', 'error'));
    $this->deny($guest, 'user', array('register', 'rights', 'delete'));
    $this->allow($client);
    $this->deny($client, 'client', 'new');
    $this->deny($client, 'client', 'delete');
    $this->deny($client, 'user', array('register', 'rights', 'delete'));
    $this->allow($client, 'subs', null, new My_Controller_Helper_UserOwned());
    $this->allow($coordinator, 'client', array('new', 'delete'));

    $this->allow($admin);

}
}


class My_Controller_Helper_UserOwned implements Zend_Acl_Assert_Interface{
/**
 * @param Zend_Acl $acl
 * @param Zend_Acl_Role_Interface $role
 * @param Zend_Acl_Resource_Interface $resource
 * @param unknown_type $privilege
 */
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) {
    if (!$resource instanceof Application_Model_UserOwnedInterface){

        throw new Exception('UserOwnedInterface not implemented');
    }

    $auth = Zend_Auth::getInstance();
    if(!$auth->hasIdentity()){
        return false;
    }
    $user = new Application_Model_User($auth->getIdentity());

    return $resource->isOwnedByUser($user);
}
}

ClientController.php / listAction 

$subsidiariesDb = new Application_Model_DbTable_Subsidiary ();

$subsidiaries = $subsidiariesDb->getByTown ();
$users = new Application_Model_DbTable_User();
$user = $users->getByUsername($this->_username);

foreach($subsidiaries as $subsidiary){
                $subsidiary->setAllowed($this->_acl->isAllowed($user, $subsidiary));
            }

$this->view->subsidiaries = $subsidiaries;
$this->renderScript ( 'client/town.phtml' );

town.phtml 

<?php foreach ($this->subsidiaries as $subsidiary) :
if($subsidiary->getAllowed()){
    if ($town != $subsidiary->getSubsidiaryTown()){?>
        </ul>
        <p class="bold"><?php echo $subsidiary->getSubsidiaryTown(); ?></p>
        <?php $town = $subsidiary->getSubsidiaryTown(); ?>
        <ul>
    <?php }
    if ($subsidiary->getHq()) {?>
        <li class="bold"><a href="<?php echo $this->url(array('clientId' => $subsidiary->getClientId()), 'clientIndex');?>">
            <?php echo $subsidiary->getSubsidiaryName() . ' (centrála)'?>
        </a></li>
    <?php }
    else {?>
        <li><?php echo '<a href="' . $this->url(array('clientId' => $subsidiary->getClientId(), 'subsidiary' => $subsidiary->getIdSubsidiary()), 'subsidiaryIndex') . '">' . $subsidiary->getSubsidiaryName() . '</a>'?></li>
    <?php }
}
    endforeach; ?>

用户模型(部分)

class Application_Model_User implements Zend_Acl_Role_Interface{

private $idUser;
private $username;
private $password;
private $salt;
private $role;
private $userSubsidiaries;

public function __construct ($options = array()){
    if (!empty($options)){
        $this->populate($options);
                    //see what the options are in debug below
    }
}

public function getRoleId(){
    return $this->getRole();
}

public function populate(array $data){

    $this->idUser = isSet($data['id_user']) ? $data['id_user'] : null;
    $this->username = isSet($data['username']) ? $data['username'] : null;
    $this->password = isSet($data['password']) ? $data['password'] : null;
    $this->salt = isSet($data['salt']) ? $data['salt'] : null;
    $this->role = isSet($data['role']) ? $data['role'] : null;

    $this->userSubsidiaries = array();
    $subsidiaries = isSet($data['user_subsidiaries']) ? $data['user_subsidiaries'] : null;
    $this->addSubsidiaryToUser($subsidiaries);

    return $this;
}

public function toArray($toUpdate = false, $withSubsidiaries = true){
    if (!$toUpdate){
        $data['id_user'] = $this->idUser;
    }
    $data['username'] = $this->username;
    $data['password'] = $this->password;
    $data['salt'] = $this->salt;
    $data['role'] = $this->role;

    if($withSubsidiaries){
        $data['user_subsidiaries'] = $this->userSubsidiaries;
    }

    return $data;
}

public function hasSubsidiary($subsidiary){
    if($subsidiary instanceOf Application_Model_Subsidiary){
        $subsidiary = $subsidiary->getIdSubsidiary();
    }
    return in_array($subsidiary, $this->getUserSubsidiaries());
}

public function getUserSubsidiaries(){
    return $this->userSubsidiaries;
}

public function addSubsidiaryToUser($subsidiary){
    if(is_array($subsidiary)){
        foreach($subsidiary as $sub){
            $this->addSubsidiaryToUser($sub);
        }
    } elseif ($subsidiary instanceof Application_Model_Subsidiary){
        $this->userSubsidiaries[] = $subsidiary->getIdSubsidiary();
    } elseif (is_numeric($subsidiary)){
        $this->userSubsidiaries[] = $subsidiary;
    } else{
        throw new Exception('Invalid subsidiary provided.');
    }

    return $this;
}

}

当我在填充函数的User中的$ options参数上调试时,我在ClientController中创建用户时获得结果(1)[user = $ users-&gt; getByUsername($ this-&gt; _username); ], 哪个是对的。在isAllowed的行上,我在开头提到,我得到了结果(2)。但我不明白为什么甚至在该行上创建了User对象。我很绝望。你知道,错误在哪里吗?

结果(1):

object(Application_Model_User)#169 (6) {
["idUser":"Application_Model_User":private] => string(1) "6"
["username":"Application_Model_User":private] => string(6) "klient"
["password":"Application_Model_User":private] => string(64) "82a78c724f3242148990897a3b754e1f57442311fab5cde74c2a238d8c8858fc"
["salt":"Application_Model_User":private] => string(88) "Ewxm5Pa7t0MHn9GtROi8Rg5bis0hUhXF/QnnaRmiwgOUqz1elGj/AzYcaVlHa+J6vTpdyvy3mtlmXfmoQlAswg=="
["role":"Application_Model_User":private] => string(1) "4"
["userSubsidiaries":"Application_Model_User":private] => array(1) {
[0] => string(1) "2"
}
}

结果(2):

object(stdClass)#18 (5) {
["id_user"] => string(1) "6"
["username"] => string(6) "klient"
["password"] => string(64) "82a78c724f3242148990897a3b754e1f57442311fab5cde74c2a238d8c8858fc"
["salt"] => string(88) "Ewxm5Pa7t0MHn9GtROi8Rg5bis0hUhXF/QnnaRmiwgOUqz1elGj/AzYcaVlHa+J6vTpdyvy3mtlmXfmoQlAswg=="
["role"] => string(1) "4"
}

1 个答案:

答案 0 :(得分:0)

现在如原始问题的评论中提到的那样解决了这个问题。

我删除了

$user = new Application_Model_User($auth->getIdentity());

并仅使用

return $resource->isOwnedByUser($role);
相关问题
最新问题