有人可以指导我做ACL的典型实现例子。像'admin'可以访问'admin'模块,'user'可以访问'user module',guest可以访问'open'页面。Zend Framework:需要ACL的典型例子
16
A
回答
4
我有一个简单的例子,可能适合您的需求
class Dagho_Acl_Main extends Zend_Acl {
public function __construct() {
$anonymous = new Zend_Acl_Role("anonymous");
$customer = new Zend_Acl_Role("customer");
$admin = new Zend_Acl_Role("admin");
$anonymousResource = new Zend_Acl_Resource("acl");
$defaultResource = new Zend_Acl_Resource("default");
$customerResource = new Zend_Acl_Resource("user");
$adminResource = new Zend_Acl_Resource("manage");
$this->addRole($anonymous)
->addRole($customer)
->addRole($admin);
$this->addResource($anonymousResource)
->addResource($defaultResource)
->addResource($customerResource)
->addResource($adminResource);
$this->allow($anonymous, $anonymousResource);
$this->allow($anonymous, $defaultResource);
$this->deny($anonymous, $customerResource);
$this->deny($anonymous, $adminResource);
$this->allow($customer, $anonymousResource);
$this->allow($customer, $defaultResource);
$this->allow($customer, $customerResource);
$this->deny($customer, $adminResource);
$this->allow($admin, $defaultResource);
$this->allow($admin, $anonymousResource);
$this->allow($admin, $adminResource);
$this->deny($admin, $customerResource);
return $this ;
}
}
,这里是我的插件:
<?php
class Dagho_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {
public function preDispatch(Zend_Controller_Request_Abstract $request) {
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$doctrineAuth = new Dagho_Auth_Doctrine();
$logged = $doctrineAuth->checklogin();
$identity = $doctrineAuth->getIdentity();
Zend_Registry::set("identity", $identity);
if ($logged && $identity["role"] !== "anonymous") {
/// user had an identity let's check the ACL
$acl = new Dagho_Acl_Main();
$isAllowed = $acl->isAllowed($identity["role"], $module);
if (!$isAllowed) {
return $request->setModuleName("acl")->setControllerName("index")
->setActionName("denied")->setDispatched(true);
} else {
/// user has identity and he is allowed to access it
return;
}
} elseif ($logged === false || ($logged && $identity["role"] === "anonymous")) {
//// user not logged on > login.php or its his first visit
$identity = $doctrineAuth->getStorage()->write(array('name' => 'anonymous', 'role' => "anonymous",));
Zend_Registry::set("identity", $identity);
return $request->setModuleName("acl")->setControllerName("index")
->setActionName("login")->setDispatched(true);
} else {
return $request->setModuleName("acl")->setControllerName("index")
->setActionName("denied")->setDispatched(true);
}
parent::preDispatch($request);
}
}
27
我可以粘贴你我的ACL。它由三个元素组成:acl.ini,ACL控制器插件(My_Controller_Plugin_Acl)和My_Acl类,以及USER表。但是它不涉及模块,而是涉及控制器和操作。尽管如此,它可能会给你一些有关ACL的一般想法。我对ACL的使用基于一本名为“Zend Framework in Action”的书。
USER表(权限字段用于ACL):
CREATE TABLE IF NOT EXISTS `USER` (
`user_id` INT UNSIGNED NOT NULL AUTO_INCREMENT ,
`email` VARCHAR(85) NOT NULL ,
`password` CHAR(32) NOT NULL,
`phone` VARCHAR(45) NULL ,
`phone_public` TINYINT(1) NULL DEFAULT 0 ,
`first_name` VARCHAR(45) NULL ,
`last_name` VARCHAR(45) NULL ,
`last_name_public` TINYINT(1) NULL DEFAULT 1 ,
`is_enabled` TINYINT(1) NOT NULL DEFAULT 1 ,
`created` TIMESTAMP NOT NULL,
`privilage` ENUM('BASIC','PREMIUM','ADMIN') NOT NULL DEFAULT 'BASIC' ,
PRIMARY KEY (`user_id`) ,
UNIQUE INDEX `email_UNIQUE` (`email` ASC))
ENGINE = InnoDB;
acl.ini(我有四个权限,从而从客户基本继承,继承溢价基本形成和管理员溢价):
; roles
acl.roles.guest = null
acl.roles.basic = guest
acl.roles.premium = basic
acl.roles.administrator = premium
; resources
acl.resources.deny.all.all = guest
acl.resources.allow.index.all = guest
acl.resources.allow.error.all = guest
acl.resources.allow.user.login = guest
acl.resources.allow.user.logout = guest
acl.resources.allow.user.create = guest
acl.resources.allow.user.index = basic
acl.resources.allow.user.success = basic
My_Acl类(ACL创建角色和基于ini文件资源):
class My_Acl extends Zend_Acl {
public function __construct() {
$aclConfig = Zend_Registry::get('acl');
$roles = $aclConfig->acl->roles;
$resources = $aclConfig->acl->resources;
$this->_addRoles($roles);
$this->_addResources($resources);
}
protected function _addRoles($roles) {
foreach ($roles as $name => $parents) {
if (!$this->hasRole($name)) {
if (empty($parents)) {
$parents = null;
} else {
$parents = explode(',', $parents);
}
$this->addRole(new Zend_Acl_Role($name), $parents);
}
}
}
protected function _addResources($resources) {
foreach ($resources as $permissions => $controllers) {
foreach ($controllers as $controller => $actions) {
if ($controller == 'all') {
$controller = null;
} else {
if (!$this->has($controller)) {
$this->add(new Zend_Acl_Resource($controller));
}
}
foreach ($actions as $action => $role) {
if ($action == 'all') {
$action = null;
}
if ($permissions == 'allow') {
$this->allow($role, $controller, $action);
}
if ($permissions == 'deny') {
$this->deny($role, $controller, $action);
}
}
}
}
}
}
My_Controller_Plugin_Acl:
class My_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {
/**
*
* @var Zend_Auth
*/
protected $_auth;
protected $_acl;
protected $_action;
protected $_controller;
protected $_currentRole;
public function __construct(Zend_Acl $acl, array $options = array()) {
$this->_auth = Zend_Auth::getInstance();
$this->_acl = $acl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request) {
$this->_init($request);
// if the current user role is not allowed to do something
if (!$this->_acl->isAllowed($this->_currentRole, $this->_controller, $this->_action)) {
if ('guest' == $this->_currentRole) {
$request->setControllerName('user');
$request->setActionName('login');
} else {
$request->setControllerName('error');
$request->setActionName('noauth');
}
}
}
protected function _init($request) {
$this->_action = $request->getActionName();
$this->_controller = $request->getControllerName();
$this->_currentRole = $this->_getCurrentUserRole();
}
protected function _getCurrentUserRole() {
if ($this->_auth->hasIdentity()) {
$authData = $this->_auth->getIdentity();
$role = isset($authData->property->privilage)?strtolower($authData->property->privilage): 'guest';
} else {
$role = 'guest';
}
return $role;
}
}
最后,一切被初始化bootstrap.php中的一部分:
protected function _initLoadAclIni() {
$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/acl.ini');
Zend_Registry::set('acl', $config);
}
protected function _initAclControllerPlugin() {
$this->bootstrap('frontcontroller');
$this->bootstrap('loadAclIni');
$front = Zend_Controller_Front::getInstance();
$aclPlugin = new My_Controller_Plugin_Acl(new My_Acl());
$front->registerPlugin($aclPlugin);
}
相关问题
- 1. 需要指导,以Zend ACL开头
- 2. Zend Framework 1 ACL的ini配置
- 3. 需要Zend Framework库中的类
- 4. Zend Framework:需要application.ini的所有参数
- 5. Zend Framework ACL角色和模块
- 6. 使用Zend Framework和Doctrine 2管理ACL
- 7. Zend ACL适合我的需求吗?
- 8. Zend Framework子目录
- 9. Zend Framework中的模型
- 10. Zend Framework 2项目示例
- 11. Zend Framework文档,例外
- 12. Zend Framework 1.9.2+ Zend_Rest_Route示例
- 13. Mod_rewrite for Zend Framework案例
- 14. 示例Zend Framework项目1.8+
- 15. Zend Auth和ACL
- 16. 获取Zend的ACL
- 17. Zend Framework:从ACL访问“拒绝访问”/“未授权访问”有什么例外?
- 18. Zend导航和Zend ACL
- 19. 环回ACL“需要授权”
- 20. 是否始终需要ACL?
- 21. Zend的ACL在模型VS Zend的导航
- 22. Zend Framework vs Zend Framework 2
- 23. Zend Framework子域问题
- 24. Zend Framework与子域名
- 25. PHP - Zend Framework:模型中的模型?
- 26. 在Zend Framework的视图助手中需要dojo.require?
- 27. Zend Framework中的URL路由问题需要index.php?
- 28. Zend Studio Zend Framework
- 29. BSDF - 需要一个例子
- 30. Zend Framework ACL在调用model_dbtable时无法正常工作
见上面的回答一个优秀的实现示例这个前面的问题: http://stackoverflow.com/questions/2046608/practical-zend-acl-zend-auth-implementation-and-best-practices – 2011-03-06 13:37:15
ZF的参考给予也不错xample:http://framework.zend.com/manual/en/zend.acl.refining.html – Laimoncijus 2011-03-06 15:32:19
THX,Will Prescott :) – SMka 2011-03-10 13:01:43