Zend_ACL来宾角色越位管理员角色？

Question

我创建了:'administrator，来宾( *edito*r‘)三个角色的Zend_ACL。我希望客人在登录后不能访问/相册/索引。管理员，编辑器可以访问/相册/索引。所有其他页面都是可访问的。

我在helper中使用Acl.php创建了下面的访问列表。

/library/My/Helper/Acl.php:

public function __construct() {

    $this->acl = new Zend_Acl();
}

public function setRoles() {

    $this->acl->addRole(new Zend_Acl_Role('guest'));
    $this->acl->addRole(new Zend_Acl_Role('editor'));
    $this->acl->addRole(new Zend_Acl_Role('administrator'));

}

public function setResource () {



    $this->acl->add(new Zend_Acl_Resource('album::index'));
    $this->acl->add(new Zend_Acl_Resource('album::add'));
    $this->acl->add(new Zend_Acl_Resource('album::edit'));
    $this->acl->add(new Zend_Acl_Resource('album::delete'));
    $this->acl->add(new Zend_Acl_Resource('auth::index'));
    $this->acl->add(new Zend_Acl_Resource('auth::logout'));
    $this->acl->add(new Zend_Acl_Resource('error::error'));

}

public function setPrivilages() {

    $allowEditorAdmin=array('administrator','editor');
    $allowAll=array('administrator','guest','editor');
    $this->acl->allow($allowEditorAdmin,'album::index');
    $this->acl->allow($allowAll,'album::add');
    $this->acl->allow($allowAll,'album::edit');
    $this->acl->allow($allowAll,'album::delete');
    $this->acl->allow($allowAll,'auth::index');
    $this->acl->allow($allowAll,'auth::logout');
    $this->acl->allow($allowAll,'error::error');

然后，我创建了一个插件Acl.php

public function preDispatch(Zend_Controller_Request_Abstract $request) {

    $acl1 = new My_Controller_Helper_Acl();

    $acl = Zend_Registry::get('acl');
    $userNs = new Zend_Session_Namespace('members');
    if($userNs->userType=='')
    {

        $roleName='guest';
    }
    else
        $roleName=$userNs->userType;


if(!$acl->isAllowed($roleName,$request->getControllerName()."::".$request->getActionname()))
            {

        echo $request->getControllerName()."::".$request->getActionName();
        $request->setControllerName('auth');
        $request->setActionName('index');
    }

    else
        echo "got authenticated";

}

• 问题是我的代码“被允许”不能正常工作。成功身份验证后，“来宾、编辑器、管理员”无法访问/相册/索引。它们重定向到/auth/index if(！$acl->isAllowed)( $request->getControllerName()."::".$request->getActionname())) { echo $request->getControllerName()."::".$request->getActionName()；$$roleName->setControllerName(‘auth’)；$request->setActionName('index')；} else echo "got身份验证“；}

Answer 1

据我所知，您使用的是两个不同的ACL实例，而且从一开始就没有设置适当的ACL。我可以分享一些自己的代码，这样做几乎是一样的：

在Bootstrap.php中

    $this->_acl = new Model_AuthAcl();

    //Check for access rights
    $fc = Zend_Controller_Front::getInstance();
    $fc->registerPlugin(new App_Plugin_AccessCheck($this->_acl));

在App_Plugin_AccessCheck中

class App_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract
{

    private $_acl = null;

    public function __construct(Zend_Acl $acl)
    {
        $this->_acl = $acl;
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $module = $request->getModuleName();
        $resource = $request->getControllerName();
        $action = $request->getActionName();



        try {
            if (!$this->_acl->isAllowed(Zend_Registry::get('role'), $module . ':' . $resource, $action)) {

                $request->setControllerName('authentication')->setModuleName('default')
                    ->setActionName('login');
            }
        }
        catch (Exception $ex) {
            if (APPLICATION_ENV == "development") {
                var_dump($ex->getMessage());
            }
        }

    }

}

在Model_AuthAcl中

class Model_AuthAcl extends Zend_Acl
{

    /**
     * Creates the resource, role trees
     */
    public function __construct ()
    {
        //Create roles
        $this->addRole(new Zend_Acl_Role('guest')); 
        $this->addRole(new Zend_Acl_Role('user'), 'guest'); 
        $this->addRole(new Zend_Acl_Role('admin'), 'user'); 


        //Create resources
        //Default module
        $this->addResource(new Zend_Acl_Resource('default'))
             ->addResource(new Zend_Acl_Resource('default:authentication'), 'default')
             ->addResource(new Zend_Acl_Resource('default:error'), 'default')

        //Admin module
             ->addResource(new Zend_Acl_Resource('admin'))
             ->addResource(new Zend_Acl_Resource('admin:index'), 'admin')





        //Guest permissions
        $this->deny('guest')
             ->allow('guest', 'default:authentication', array('index', 'login', 'logout', 'email', 'forgot'))
             ->allow('guest', 'default:error', array('error'))
             ->allow('guest', 'api:authentication', array('index', 'get', 'head', 'post', 'put', 'delete'))

            //Admin permissions
             ->deny('admin', 'admin:admins')

        ;
    }
}

也许不是最OOP的解决方案，打赌这是地狱的工作。

希望这能帮助你建立你的梦想ACL :)