Created
October 28, 2013 19:35
-
-
Save phalcon/7203154 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
use Phalcon\Events\Event, | |
Phalcon\Mvc\User\Plugin, | |
Phalcon\Mvc\Dispatcher, | |
Phalcon\Acl; | |
/** | |
* Security | |
* | |
* This is the security plugin which controls that users only have access to the modules they're assigned to | |
*/ | |
class Security extends Plugin | |
{ | |
public function __construct($dependencyInjector) | |
{ | |
$this->_dependencyInjector = $dependencyInjector; | |
} | |
public function getAcl() | |
{ | |
/*if (!isset($this->persistent->acl)) { | |
$acl = new Phalcon\Acl\Adapter\Memory(); | |
$acl->setDefaultAction(Phalcon\Acl::DENY); | |
//Register roles | |
$roles = array( | |
'users' => new Phalcon\Acl\Role('Users'), | |
'guests' => new Phalcon\Acl\Role('Guests') | |
); | |
foreach ($roles as $role) { | |
$acl->addRole($role); | |
} | |
//Private area resources | |
$privateResources = array( | |
'companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), | |
'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), | |
'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), | |
'invoices' => array('index', 'profile') | |
); | |
foreach ($privateResources as $resource => $actions) { | |
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions); | |
} | |
//Public area resources | |
$publicResources = array( | |
'index' => array('index'), | |
'about' => array('index'), | |
'session' => array('index', 'register', 'start', 'end'), | |
'contact' => array('index', 'send') | |
); | |
foreach ($publicResources as $resource => $actions) { | |
$acl->addResource(new Phalcon\Acl\Resource($resource), $actions); | |
} | |
//Grant access to public areas to both users and guests | |
foreach ($roles as $role) { | |
foreach ($publicResources as $resource => $actions) { | |
$acl->allow($role->getName(), $resource, '*'); | |
} | |
} | |
//Grant acess to private area to role Users | |
foreach ($privateResources as $resource => $actions) { | |
foreach ($actions as $action){ | |
$acl->allow('Users', $resource, $action); | |
} | |
} | |
//The acl is stored in session, APC would be useful here too | |
$this->persistent->acl = $acl; | |
} | |
return $this->persistent->acl;*/ | |
$axxel = new \Axxel\Client(); | |
$acl = $axxel->getAcl("invo-acl", function($acl) { | |
//Register roles | |
$roles = array('Users', 'Guests'); | |
foreach ($roles as $role) { | |
$acl->addRole($role); | |
} | |
$privateResources = array( | |
'companies' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), | |
'products' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), | |
'producttypes' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete'), | |
'invoices' => array('index', 'profile') | |
); | |
foreach ($privateResources as $resource => $actions) { | |
$acl->addResource($resource); | |
} | |
$publicResources = array( | |
'index' => array('index'), | |
'about' => array('index'), | |
'session' => array('index', 'register', 'start', 'end'), | |
'contact' => array('index', 'send') | |
); | |
foreach ($publicResources as $resource => $actions) { | |
$acl->addResource($resource); | |
} | |
foreach ($roles as $role) { | |
foreach ($publicResources as $resource => $actions) { | |
$acl->allow($role, $resource, '*'); | |
} | |
} | |
}); | |
return $acl; | |
} | |
/** | |
* This action is executed before execute any action in the application | |
*/ | |
public function beforeDispatch(Event $event, Dispatcher $dispatcher) | |
{ | |
$auth = $this->session->get('auth'); | |
if (!$auth){ | |
$role = 'Guests'; | |
} else { | |
$role = 'Users'; | |
} | |
$controller = $dispatcher->getControllerName(); | |
$action = $dispatcher->getActionName(); | |
//$acl = ; | |
$allowed = $this->getAcl()->isAllowed($role, $controller, $action); | |
//var_dump($allowed); | |
if ($allowed != Acl::ALLOW) { | |
$this->flash->error("You don't have access to this module"); | |
$dispatcher->forward( | |
array( | |
'controller' => 'index', | |
'action' => 'index' | |
) | |
); | |
return false; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment