Question

我创建了Zend_ACL，其中包含三个角色：'管理员，来宾，* edito * r'。我希望访客登录后无法访问/专辑/索引。管理员，编辑可以访问/专辑/索引。所有其他页面都可供所有人访问。

我在帮助器中使用Acl.php创建了下面的访问列表。

/library/My/Helper/Acl.php：

public function __construct() {

    $this->acl = new Zend_Acl();
}

public function setRoles() {

    $this->acl->addRole(new Zend_Acl_Role('guest'));
    $this->acl->addRole(new Zend_Acl_Role('editor'));
    $this->acl->addRole(new Zend_Acl_Role('administrator'));

}

public function setResource () {



    $this->acl->add(new Zend_Acl_Resource('album::index'));
    $this->acl->add(new Zend_Acl_Resource('album::add'));
    $this->acl->add(new Zend_Acl_Resource('album::edit'));
    $this->acl->add(new Zend_Acl_Resource('album::delete'));
    $this->acl->add(new Zend_Acl_Resource('auth::index'));
    $this->acl->add(new Zend_Acl_Resource('auth::logout'));
    $this->acl->add(new Zend_Acl_Resource('error::error'));

}

public function setPrivilages() {

    $allowEditorAdmin=array('administrator','editor');
    $allowAll=array('administrator','guest','editor');
    $this->acl->allow($allowEditorAdmin,'album::index');
    $this->acl->allow($allowAll,'album::add');
    $this->acl->allow($allowAll,'album::edit');
    $this->acl->allow($allowAll,'album::delete');
    $this->acl->allow($allowAll,'auth::index');
    $this->acl->allow($allowAll,'auth::logout');
    $this->acl->allow($allowAll,'error::error');

然后，我创建了一个插件 Acl.php

public function preDispatch(Zend_Controller_Request_Abstract $request) {

    $acl1 = new My_Controller_Helper_Acl();

    $acl = Zend_Registry::get('acl');
    $userNs = new Zend_Session_Namespace('members');
    if($userNs->userType=='')
    {

        $roleName='guest';
    }
    else
        $roleName=$userNs->userType;


if(!$acl->isAllowed($roleName,$request->getControllerName()."::".$request->getActionname()))
            {

        echo $request->getControllerName()."::".$request->getActionName();
        $request->setControllerName('auth');
        $request->setActionName('index');
    }

    else
        echo "got authenticated";

}

问题是我的代码“isallowed”无法正常工作。成功进行身份验证后，“来宾，编辑，管理员”无法访问/ album / index。他们重定向到/ auth / index

 if(!$acl->isAllowed($roleName,$request->getControllerName()."::".$request->getActionname()))
        {

    echo $request->getControllerName()."::".$request->getActionName();
    $request->setControllerName('auth');
    $request->setActionName('index');
}

else
    echo "got authenticated";       
}

Answer 1

据我所知，您正在使用2个不同的ACL实例，并且从不首先设置适当的ACL。我可以分享一些我自己的代码，它几乎完全相同：

在Bootstrap.php中

    $this->_acl = new Model_AuthAcl();

    //Check for access rights
    $fc = Zend_Controller_Front::getInstance();
    $fc->registerPlugin(new App_Plugin_AccessCheck($this->_acl));

在`App_Plugin_AccessCheck`

class App_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract
{

    private $_acl = null;

    public function __construct(Zend_Acl $acl)
    {
        $this->_acl = $acl;
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $module = $request->getModuleName();
        $resource = $request->getControllerName();
        $action = $request->getActionName();



        try {
            if (!$this->_acl->isAllowed(Zend_Registry::get('role'), $module . ':' . $resource, $action)) {

                $request->setControllerName('authentication')->setModuleName('default')
                    ->setActionName('login');
            }
        }
        catch (Exception $ex) {
            if (APPLICATION_ENV == "development") {
                var_dump($ex->getMessage());
            }
        }

    }

}

在`Model_AuthAcl`

class Model_AuthAcl extends Zend_Acl
{

    /**
     * Creates the resource, role trees
     */
    public function __construct ()
    {
        //Create roles
        $this->addRole(new Zend_Acl_Role('guest')); 
        $this->addRole(new Zend_Acl_Role('user'), 'guest'); 
        $this->addRole(new Zend_Acl_Role('admin'), 'user'); 


        //Create resources
        //Default module
        $this->addResource(new Zend_Acl_Resource('default'))
             ->addResource(new Zend_Acl_Resource('default:authentication'), 'default')
             ->addResource(new Zend_Acl_Resource('default:error'), 'default')

        //Admin module
             ->addResource(new Zend_Acl_Resource('admin'))
             ->addResource(new Zend_Acl_Resource('admin:index'), 'admin')





        //Guest permissions
        $this->deny('guest')
             ->allow('guest', 'default:authentication', array('index', 'login', 'logout', 'email', 'forgot'))
             ->allow('guest', 'default:error', array('error'))
             ->allow('guest', 'api:authentication', array('index', 'get', 'head', 'post', 'put', 'delete'))

            //Admin permissions
             ->deny('admin', 'admin:admins')

        ;
    }
}

可能不是最OOP的解决方案，打赌它确实有效。

希望这有助于您设置梦想的ACL：）

Zend ACL来宾角色是否覆盖管理员角色？

1 个答案:

在Bootstrap.php中

在`App_Plugin_AccessCheck`

在`Model_AuthAcl`

Zend ACL来宾角色是否覆盖管理员角色？

1 个答案:

在Bootstrap.php中

在App_Plugin_AccessCheck

在Model_AuthAcl

在`App_Plugin_AccessCheck`

在`Model_AuthAcl`