CODEWITHSUNDEEP
phpzend-frameworkmoduleacl
AKFourSeven
AKFourSeven

Reputation: 1325

Zend ACL with Modules and Controller access issues

I have been working on this for days to no avail.

Using ZF Boilerplate, I am trying to set up an ACL which would include modules (as there is some controller with identical name in my architecture and this cannot be changed). I thought I had this working nicely and just realised that the access are never processed, I guess I lack something but I am not sure what.

Here is my set up:

a helper in library/App/Action/Helpers/PrivilegesManage.php

<?php 
class App_Action_Helpers_PrivilegesManage extends Zend_Controller_Action_Helper_Abstract
{
//the acl object
public $acl;
//the constructor of the our ACL
public function __construct()
{
    $this->acl = new Zend_Acl();
}

//function that sets roles for the people
public function setRoles()
{
    $this->acl->addRole(new Zend_Acl_Role('guest'));
    $this->acl->addRole(new Zend_Acl_Role('crew'));
    $this->acl->addRole(new Zend_Acl_Role('client'));
    $this->acl->addRole(new Zend_Acl_Role('admin'));
}

//function that set the resources to be accessed on the site
public function setResources()
{
    $this->acl->add(new Zend_Acl_Resource('site:error'));
    $this->acl->add(new Zend_Acl_Resource('site:index'));
    //me
    $this->acl->add(new Zend_Acl_Resource('me:clients'));
    $this->acl->add(new Zend_Acl_Resource('me:crew'));
    $this->acl->add(new Zend_Acl_Resource('me:error'));
    $this->acl->add(new Zend_Acl_Resource('me:index'));
    $this->acl->add(new Zend_Acl_Resource('me:jobs'));
    $this->acl->add(new Zend_Acl_Resource('me:people'));
    $this->acl->add(new Zend_Acl_Resource('me:system'));
    //admin
    $this->acl->add(new Zend_Acl_Resource('admin:clients'));
    $this->acl->add(new Zend_Acl_Resource('admin:crew'));
    $this->acl->add(new Zend_Acl_Resource('admin:error'));
    $this->acl->add(new Zend_Acl_Resource('admin:index'));
    $this->acl->add(new Zend_Acl_Resource('admin:jobs'));
    $this->acl->add(new Zend_Acl_Resource('admin:people'));
    $this->acl->add(new Zend_Acl_Resource('admin:system'));
}

//function that sets the privileges for the different roles
public function setPrivileges()
{
    $this->acl->allow('guest', 'site:error', 'index');
    $this->acl->deny('guest', 'site:index', 'index');

    $this->acl->allow('crew', 'site:index');
    $this->acl->allow('crew', 'site:error');
    $this->acl->allow('crew', 'me:crew');       
    $this->acl->allow('client', 'me:clients');
    $this->acl->allow('client', 'site:index', array('logout'));
    $this->acl->deny('client', 'me:crew');
    $this->acl->deny('guest', 'admin:crew', array('add'));

}

public function setAcl()
{
    Zend_Registry::set('acl', $this->acl);
}
?>

Then I also have a plugin in App/Plugin/Acl.php [EDITED]

<?php
class App_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
/**
 *
 * @var Zend_Auth
 */
protected $_auth; //Zend_Auth instance for user access

protected $_acl; //Zend_Acl instance for user privileges
protected $_module;
protected $_action;
protected $_controller;
protected $_currentRole;
protected $_resource;

public function __construct(Zend_Acl $acl, array $options = array()) {
    $this->_auth = Zend_Auth::getInstance();
    $this->_acl = $acl;

}

 public function preDispatch(Zend_Controller_Request_Abstract $request) {

    $this->_init($request);

   if ($this->_acl->has($this->_resource)) {
        // if the current user role is not allowed to do something
        if (!$this->_acl->isAllowed($this->_currentRole, $this->_resource, $this->_action)) {

            if ('guest' == $this->_currentRole) {
                $request->setModuleName('site');
                $request->setControllerName('index');
                $request->setActionName('login');
            } 
            else {
                $request->setModuleName('site');
                $request->setControllerName('error');
                $request->setActionName('denied');

            }
        }
    }
}

protected function _init($request) 
{
    $this->_module = $request->getModuleName();
    $this->_action = $request->getActionName();
    $this->_controller = $request->getControllerName();
    $this->_currentRole = $this->_getCurrentUserRole();
    $this->_resource = $this->_module  . ':' . $this->_controller; 
}

protected function _getCurrentUserRole() 
{      

    if($this->_auth->hasIdentity()) {
        $authData = $this->_auth->getIdentity();
        //$role = isset($authData->myType())?strtolower($authData->property->privilage): 'guest';
        //retrieving the UserType
            $authTypeCheck = $authData->myType();
        if(isset($authTypeCheck)){
            $role = strtolower($authData->myType());
        }
    } else {
        $role = 'guest';
    }
    return $role;
}
}
?>

Now in here it seems that $acl never has any resources where when I print out the content of $acl I do get some resources.

FInally in bootstrap I have:

    protected function _initAclControllerPlugin() {

    $this->bootstrap('frontcontroller');


    $front = Zend_Controller_Front::getInstance();
    $aclhelper= new App_Action_Helpers_PrivilegesManage();
    $aclhelper->setRoles();
    $aclhelper->setResources();
    $aclhelper->setPrivileges();
    $aclhelper->setAcl();

    $aclPlugin = new App_Plugin_Acl($aclhelper->acl);
    $front->registerPlugin($aclPlugin);
}

I am quite new to Zend and especially ACL so any advice and help would be very welcome.

Upvotes: 2

Views: 3217

Answers (2)

Asciant
Asciant

Reputation: 2160

It may be related to this method:

protected function _getCurrentUserRole() 
{      

    if($this->_auth->hasIdentity()) {
        $authData = $this->_auth->getIdentity();
        //$role = isset($authData->myType())?strtolower($authData->property->privilage): 'guest';
        //retrieving the UserType
            $authTypeCheck = $authData->myType();
        if(isset($authTypeCheck)){
            $role = strtolower($authData->myType());
        }
    } else {
        $role = 'guest';
    }
    return $role;
}

It looks like if $authTypeCheck is not set, role is not defined. Not sure what exactly $authData->myType() does, but it may be the cause.

You could try adding an else to if(isset($authTypeCheck)){ // } else { $role = 'guest'; }

Looking closely at the code similar to this was done in one of the commented lines.

Apologies if it's not it, you have taken what appears to be a quite complex approach, at least compared to my use cases. You could probably wrap all that code into the Acl Plugin Predispatch method which would probably rule out a lot of possible problems.

Upvotes: 1

Mr Coder
Mr Coder

Reputation: 8186

your are not defining your resource do this in your acl plugin

protected function _init($request) 
{

    $this->_module = $request->getModuleName();
    $this->_action = $request->getActionName();
    $this->_controller = $request->getControllerName();
    $this->_currentRole = $this->_getCurrentUserRole();
   $this->_resource = $this->_module  . ':' . $this->_controller; // <-----
}

Upvotes: 3

Related Questions