当我安装ZfUser时,bjyauthorize =>使用ZfUser模块它可以正常工作但是当我在所有其他模块中执行时:应用程序模块我有这个:
403 Forbidden您无权进入家中。
在module.bjyauthorize.global中我使用:
<?php
return array(
'bjyauthorize' => array(
// set the 'guest' role as default (must be defined in a role provider)
'default_role' => 'guest',
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
* roles the "identity role" should inherit from.
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => 'BjyAuthorize\Provider\Identity\ZfcUserZendDb',
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\Config' => array(
'guest' => array(),
'user' => array('children' => array(
'admin' => array(),
)),
),
// this will load roles from the user_role table in a database
// format: user_role(role_id(varchar), parent(varchar))
'BjyAuthorize\Provider\Role\ZendDb' => array(
'table' => 'user_role',
'role_id_field' => 'role_id',
'parent_role_field' => 'parent',
),
),
// resource providers provide a list of resources that will be tracked
// in the ACL. like roles, they can be hierarchical
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'admin' => array(),
//'pants' => array(),
),
),
/* rules can be specified here with the format:
* array(roles (array), resource, [privilege (array|string), assertion])
* assertions will be loaded using the service manager and must implement
* Zend\Acl\Assertion\AssertionInterface.
* *if you use assertions, define them using the service manager!*
*/
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
// allow guests and users (and admins, through inheritance)
// the "wear" privilege on the resource "pants"
//array(array('guest', 'user'), 'wear', 'pants'),
array(array('admin'), 'admin'),
),
// Don't mix allow/deny rules if you are using role inheritance.
// There are some weird bugs.
'deny' => array(
// ...
),
),
),
/* Currently, only controller and route guards exist
*/
'guards' => array(
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all controllers and actions unless they are specified here.
* You may omit the 'action' index to allow access to the entire controller
*/
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'zfcuser', 'roles' => array()),
//backend
array('controller' => 'Application\Controller\Index','roles' => array('guest','user','admin')),
array('controller' => 'Admin\Controller\Annonces', 'roles' => array('guest')),
array('controller' => 'Annonces\Controller\Annonces', 'roles' => array('guest','user','admin')),
),
'BjyAuthorize\Guard\Route' => array(
//array('route' => 'annonces', 'roles' => array('guest')),
array('route' => 'zfcuser', 'roles' => array('user')),
array('route' => 'zfcuser/logout', 'roles' => array('user')),
array('route' => 'zfcuser/login', 'roles' => array('guest')),
array('route' => 'zfcuser/register', 'roles' => array('guest')),
array('route' => 'index', 'roles' => array('guest','user')),
array('route' => 'annonce', 'roles' => array('guest','user','admin')),
array('route' => 'annonces', 'roles' => array('guest','user','admin')),
),
),
),
);
答案 0 :(得分:0)
首先,您需要选择ACL策略。提供的配置文件向您显示所有可用选项,但这并不意味着您应该使用所有选项。
使用您的role_providers,您应该使用数据库连接或使用指定数组。我看起来如下(如果你使用的是教义,则适用) -
'role_providers' => array(
'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' => array(
'object_manager' => 'doctrine.entitymanager.orm_default',
'role_entity_class' => 'User\Entity\Role',
),
),
对于简单的应用程序,您无需指定rule_providers&amp; resource_providers。当我将它用于菜单时,我倾向于指定它们
我注意到你正在使用两名警卫。你应该只使用一个警卫,即路线警卫或控制器警卫。我个人更倾向于使用控制器防护装置,因为一个控制器可以有多个路径。控制器防护装置的示例如下 -
return array(
...
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'zfcuser',
'action' => array(
'index', // for indexAction
),
'roles' => array(
'guest',
'user',
),
),
array(
'controller' => 'zfcuser',
'action' => array(
'login', // for loginAction
'authenticate',
),
'roles' => array(
'guest',
),
),
array(
'controller' => 'zfcuser',
'action' => array(
'changepassword',
'changeemail',
'logout',
),
'roles' => array(
'user',
),
),
....
我还强烈建议你阅读本教程 -
http://samminds.com/2013/03/zfcuser-bjyauthorize-and-doctrine-working-together/
虽然本教程使用Doctrine,但这些概念适用于Zend / DB