我不想允许访客手机/新。他们应该只能访问电话/索引和另一件事。但客人可以访问电话控制器的所有操作。我需要你的帮助来找出我所犯的错误。
这是ACL插件
<?php
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Acl\Adapter\Memory as AclList;
/**
* SecurityPlugin
*
* This is the security plugin which controls that users only have access to the modules they're assigned to
*/
class SecurityPlugin extends Plugin
{
/**
* Returns an existing or new access control list
*
* @returns AclList
*/
public function getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::DENY);
//Register roles
$roles = array(
'admin' => new Role('Admin'),
'editor' => new Role('Editor'),
'guests' => new Role('Guests')
);
foreach ($roles as $role) {
$acl->addRole($role);
}
//Admin area resources
$adminResources = array(
'dashboard' => array('index'),
'phones' => array('index', 'all', 'new', 'edit', 'save', 'create', 'delete', 'search'),
'users' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete', 'saveProfile', 'profile'),
);
foreach ($adminResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Editor area resources
$editorResources = array(
'dashboard' => array('index'),
'phones' => array('index', 'all', 'new', 'edit', 'save', 'create', 'search'),
'users' => array('saveProfile', 'profile'),
);
foreach ($editorResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Public area resources
$publicResources = array(
'index' => array('index'),
'about' => array('index'),
'login' => array('index', 'check', 'logout'),
'errors' => array('show404', 'show500'),
'contact' => array('index', 'send'),
'phones' => array('index', 'search'),
);
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}
//Grant access to private area to role Admin
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Admin', $resource, $action);
}
}
//Grant access to private area to role Admin
foreach ($editorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow('Editor', $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
/*
* This action is executed before execute any action in the application
*
* @param Event $event
* @param Dispatcher $dispatcher
*/
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'Guests';
} else {
switch ($auth['role']) {
case 1:
$role = "Admin";
break;
case 2:
$role = "Editor";
break;
default:
$role = "Guests";
break;
}
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array(
'controller' => 'errors',
'action' => 'show401'
));
return false;
}
}
}
答案 0 :(得分:1)
我通过将通配符更改为特定操作来修复此问题。我实际上是从invo复制了代码而忽视了这件事。
//Grant access to public areas to both users and guests
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, $actions);
}
}