Created
July 18, 2011 11:30
-
-
Save pepe84/1089240 to your computer and use it in GitHub Desktop.
PHP Zend: Zend ACL extended
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Roles list | |
| # | |
| # List of roles supported in the application | |
| # Format: | |
| # ROLE: INHERIT_FROM_ROLE1, INHERIT_FROM_ROLE2 | |
| # | |
| # By assigning an comma separated list of role names to a role, it will inherit | |
| # all the ACLs of those roles. | |
| # | |
| roles: | |
| ANONYMOUS: | |
| REGISTERED: ANONYMOUS | |
| ADMIN: REGISTERED | |
| # Resources list | |
| # | |
| # List of resources and privileges and the roles which are allowed | |
| # Format: | |
| # RESOURCE: | |
| # PRIVILEGE: ROLE1, !ROLE2 | |
| # | |
| # RESOURCE and PRIVILEGE can either be a string literal or a wildcard character | |
| # ('*'). The later means that it'll match all resources or privileges | |
| # | |
| # Role names can be prefixed with the exclamation mark symbol ('!'), it will | |
| # negate the access for the role at the resource/privilege, actually denying it. | |
| # | |
| resources: | |
| # By default only admins can access everything | |
| *: | |
| *: ADMIN | |
| # Any registered user can add comments everywhere | |
| comment: REGISTERED | |
| # User operations | |
| user: | |
| # For invitation only we hide the registration | |
| #register: !ANONYMOUS | |
| register: ANONYMOUS, !REGISTERED | |
| login: ANONYMOUS, !REGISTERED | |
| logout: REGISTERED | |
| #profile: REGISTERED | |
| faq: | |
| *: ANONYMOUS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class App_Zend_Application_Resource_Acl | |
| extends Zend_Application_Resource_ResourceAbstract | |
| { | |
| /** @var Zend_Acl **/ | |
| protected $_acl = null; | |
| /** @var string **/ | |
| protected $_wildcard = '*'; | |
| public function init() | |
| { | |
| return $this->getAcl(); | |
| } | |
| /** | |
| * | |
| * @return Zend_Acl | |
| */ | |
| public function getAcl() | |
| { | |
| if (null === $this->_acl) { | |
| // Create Zend_Acl object | |
| $this->_acl = new Zend_Acl(); | |
| $opts = $this->getOptions(); | |
| if (!empty($opts)) { | |
| // Override Zend_Acl object? | |
| if (isset($opts['class'])) { | |
| $this->_acl = new $opts['class'](); | |
| } | |
| // Load config? | |
| if (isset($opts['file'])) { | |
| $config = self::loadConfig( | |
| $opts['file'], | |
| isset($opts['params']) ? $opts['params'] : array() | |
| ); | |
| $this->initialize($config); | |
| } | |
| } | |
| } | |
| return $this->_acl; | |
| } | |
| /** | |
| * Override wildcard default | |
| * | |
| * @param strings $wildcard | |
| */ | |
| public function setWildcard($wildcard) | |
| { | |
| $this->_wildcard = $wildcard; | |
| } | |
| /** | |
| * Initialize roles and resources privileges | |
| * | |
| * @param Zend_Config|array $config | |
| */ | |
| public function initialize($config) | |
| { | |
| // Create Zend_Acl object if not exists yet | |
| $this->getAcl(); | |
| // Extract config | |
| if ($config instanceof Zend_Config) { | |
| $config = $config->toArray(); | |
| } | |
| // Process roles | |
| foreach ($config['roles'] as $name => $inherit ) { | |
| if (!empty($inherit)) { | |
| $inherit = explode(',', $inherit); | |
| $inherit = array_map('trim', $inherit); | |
| } else { | |
| $inherit = array(); | |
| } | |
| $this->_acl->addRole(new Zend_Acl_Role($name), $inherit); | |
| } | |
| // Process resources privileges | |
| foreach ($config['resources'] as $resource => $privs ) { | |
| if ($resource === $this->_wildcard) { | |
| $resource = null; | |
| } else { | |
| $this->_acl->add(new Zend_Acl_Resource($resource)); | |
| } | |
| foreach ($privs as $priv => $roles) { | |
| if ($priv === $this->_wildcard) { | |
| $priv = null; | |
| } | |
| $roles = explode(',', $roles); | |
| $roles = array_map('trim', $roles); | |
| foreach ( $roles as $role ) { | |
| $ch = substr($role, 0, 1); | |
| if ($ch === '!') { | |
| $this->_acl->deny(substr($role,1), $resource, $priv); | |
| } else { | |
| $this->_acl->allow($role, $resource, $priv); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| /** | |
| * Load the configuration from the given path. | |
| * | |
| * @param string $filepath | |
| * @param array $opts | |
| * @return array | |
| */ | |
| static public function loadConfig($filepath, array $opts = array()) | |
| { | |
| $suffix = pathinfo($filepath, PATHINFO_EXTENSION); | |
| $suffix = strtolower($suffix); | |
| switch ($suffix) { | |
| case 'ini': | |
| $config = new Zend_Config_Ini($filepath, null, $opts); | |
| break; | |
| case 'xml': | |
| $config = new Zend_Config_Xml($filepath, null, $opts); | |
| break; | |
| case 'json': | |
| $config = new Zend_Config_Json($filepath, null, $opts); | |
| break; | |
| case 'yaml': | |
| case 'yml': | |
| $config = new Zend_Config_Yaml($filepath, null, $opts); | |
| break; | |
| case 'php': | |
| case 'inc': | |
| $config = include $filepath; | |
| break; | |
| default: | |
| throw new Zend_Application_Exception( | |
| "Unknown config type '{$suffix}'" | |
| ); | |
| } | |
| if ($config instanceof Zend_Config) { | |
| $config = $config->toArray(); | |
| } | |
| if (!is_array($config)) { | |
| throw new Zend_Application_Exception( | |
| "Invalid config file '{$filepath}' (no returns array value)" | |
| ); | |
| } | |
| return $config; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resources: | |
| # Zend_Acl's configuration | |
| acl: | |
| class: Tid_Zend_Acl | |
| file: /home/pepe/Projects/ot-www/app/config/acl.yaml | |
| opts: | |
| yaml_decoder: | |
| - sfYaml | |
| - load |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| ... | |
| public function getAclV1Service() | |
| { | |
| include_once 'Symfony/Yaml/sfYaml.php'; | |
| $options['yaml_decoder'] = array('sfYaml', 'load'); | |
| $config = new Zend_Config_Yaml('../app/config/acl.yaml', null, $options); | |
| $acl = new App_Zend_Application_Resource_Acl(); | |
| $acl->initialize($config); | |
| return $acl->getAcl(); | |
| } | |
| public function getAclV2Service() | |
| { | |
| include_once 'Symfony/Yaml/sfYaml.php'; | |
| $acl = new App_Zend_Application_Resource_Acl($this['acl']); | |
| return $acl->getAcl(); | |
| } | |
| ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment