Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Application_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {
- // at first i tried routeStartup by that will mean controller and actions will be unknown
- function preDispatch(Zend_Controller_Request_Abstract $req) {
- // get role from Zend_Auth, if not logged in, use 'guest'
- $auth = Zend_Auth::getInstance();
- if ($auth->hasIdentity()) {
- $role = $auth->getIdentity();
- } else {
- $role = 'guest';
- }
- // get ACL
- $acl = Zend_Controller_Front::getInstance()
- ->getParam('bootstrap')
- ->getResource('acl');
- // set resource & privilege based on controller & action
- $resource = $req->getControllerName();
- $privilege = $req->getActionName();
- // "plugin": modify resource if is isset
- $id = $req->getParam('id');
- if (!empty($id)) {
- $em = Zend_Registry::get('em');
- switch ($resource) {
- case 'posts':
- $post = $em->getRepository('Application\\Models\\Post')
- ->findOneById($id);
- if (!empty($post)) {
- $resource = $post;
- }
- }
- }
- // die($role . ':' . $resource . ':' . $privilege . ' -> ' . ($acl->isAllowed($role, $resource, $privilege) ? 'allowed' : 'denied'));
- if (!$acl->isAllowed($role, $resource, $privilege)) {
- // $res = $this->_response;
- if (!$auth->hasIdentity()) {
- // login required
- $req->setControllerName('error')
- ->setActionName('error')
- ->setParams(array(
- 'error_handler' => 'login',
- 'returnUrl' => urlencode($req->getRequestUri())
- ));
- } else {
- // unauthorized access
- $res->setRedirect('/error/?error-handler=unauthorized', 403);
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
