Zend ACL與模塊和控制器訪問問題

Question

我一直在這個工作幾天無濟於事。使用ZF Boilerplate，我試圖建立一個包含模塊的ACL（因爲在我的架構中有一些具有相同名稱的控制器，這是不能改變的）。 我以爲我有這個很好的工作，只是意識到訪問從未處理，我想我缺少的東西，但我不知道是什麼。

這裏是我的設置：

庫/應用/動作/助手幫手/ PrivilegesManage.php

<?php 
class App_Action_Helpers_PrivilegesManage extends Zend_Controller_Action_Helper_Abstract 
{ 
//the acl object 
public $acl; 
//the constructor of the our ACL 
public function __construct() 
{ 
    $this->acl = new Zend_Acl(); 
} 

//function that sets roles for the people 
public function setRoles() 
{ 
    $this->acl->addRole(new Zend_Acl_Role('guest')); 
    $this->acl->addRole(new Zend_Acl_Role('crew')); 
    $this->acl->addRole(new Zend_Acl_Role('client')); 
    $this->acl->addRole(new Zend_Acl_Role('admin')); 
} 

//function that set the resources to be accessed on the site 
public function setResources() 
{ 
    $this->acl->add(new Zend_Acl_Resource('site:error')); 
    $this->acl->add(new Zend_Acl_Resource('site:index')); 
    //me 
    $this->acl->add(new Zend_Acl_Resource('me:clients')); 
    $this->acl->add(new Zend_Acl_Resource('me:crew')); 
    $this->acl->add(new Zend_Acl_Resource('me:error')); 
    $this->acl->add(new Zend_Acl_Resource('me:index')); 
    $this->acl->add(new Zend_Acl_Resource('me:jobs')); 
    $this->acl->add(new Zend_Acl_Resource('me:people')); 
    $this->acl->add(new Zend_Acl_Resource('me:system')); 
    //admin 
    $this->acl->add(new Zend_Acl_Resource('admin:clients')); 
    $this->acl->add(new Zend_Acl_Resource('admin:crew')); 
    $this->acl->add(new Zend_Acl_Resource('admin:error')); 
    $this->acl->add(new Zend_Acl_Resource('admin:index')); 
    $this->acl->add(new Zend_Acl_Resource('admin:jobs')); 
    $this->acl->add(new Zend_Acl_Resource('admin:people')); 
    $this->acl->add(new Zend_Acl_Resource('admin:system')); 
} 

//function that sets the privileges for the different roles 
public function setPrivileges() 
{ 
    $this->acl->allow('guest', 'site:error', 'index'); 
    $this->acl->deny('guest', 'site:index', 'index'); 

    $this->acl->allow('crew', 'site:index'); 
    $this->acl->allow('crew', 'site:error'); 
    $this->acl->allow('crew', 'me:crew');  
    $this->acl->allow('client', 'me:clients'); 
    $this->acl->allow('client', 'site:index', array('logout')); 
    $this->acl->deny('client', 'me:crew'); 
    $this->acl->deny('guest', 'admin:crew', array('add')); 

} 

public function setAcl() 
{ 
    Zend_Registry::set('acl', $this->acl); 
} 
?> 

然後我也有一個插件在應用/插件/ Acl.php 將帖子

<?php 
class App_Plugin_Acl extends Zend_Controller_Plugin_Abstract 
{ 
/** 
* 
* @var Zend_Auth 
*/ 
protected $_auth; //Zend_Auth instance for user access 

protected $_acl; //Zend_Acl instance for user privileges 
protected $_module; 
protected $_action; 
protected $_controller; 
protected $_currentRole; 
protected $_resource; 

public function __construct(Zend_Acl $acl, array $options = array()) { 
    $this->_auth = Zend_Auth::getInstance(); 
    $this->_acl = $acl; 

} 

public function preDispatch(Zend_Controller_Request_Abstract $request) { 

    $this->_init($request); 

    if ($this->_acl->has($this->_resource)) { 
     // if the current user role is not allowed to do something 
     if (!$this->_acl->isAllowed($this->_currentRole, $this->_resource, $this->_action)) { 

      if ('guest' == $this->_currentRole) { 
       $request->setModuleName('site'); 
       $request->setControllerName('index'); 
       $request->setActionName('login'); 
      } 
      else { 
       $request->setModuleName('site'); 
       $request->setControllerName('error'); 
       $request->setActionName('denied'); 

      } 
     } 
    } 
} 

protected function _init($request) 
{ 
    $this->_module = $request->getModuleName(); 
    $this->_action = $request->getActionName(); 
    $this->_controller = $request->getControllerName(); 
    $this->_currentRole = $this->_getCurrentUserRole(); 
    $this->_resource = $this->_module . ':' . $this->_controller; 
} 

protected function _getCurrentUserRole() 
{  

    if($this->_auth->hasIdentity()) { 
     $authData = $this->_auth->getIdentity(); 
     //$role = isset($authData->myType())?strtolower($authData->property->privilage): 'guest'; 
     //retrieving the UserType 
      $authTypeCheck = $authData->myType(); 
     if(isset($authTypeCheck)){ 
      $role = strtolower($authData->myType()); 
     } 
    } else { 
     $role = 'guest'; 
    } 
    return $role; 
} 
} 
?> 

現在在這裏似乎$ ACL從來沒有在那裏當我打印出來的$內容ACL我得到一些資源的任何資源。

終於在引導我：

protected function _initAclControllerPlugin() { 

    $this->bootstrap('frontcontroller'); 


    $front = Zend_Controller_Front::getInstance(); 
    $aclhelper= new App_Action_Helpers_PrivilegesManage(); 
    $aclhelper->setRoles(); 
    $aclhelper->setResources(); 
    $aclhelper->setPrivileges(); 
    $aclhelper->setAcl(); 

    $aclPlugin = new App_Plugin_Acl($aclhelper->acl); 
    $front->registerPlugin($aclPlugin); 
} 

我很新的Zend和特別ACL所以任何的建議和幫助將是非常歡迎的。

Answer 1

你不定義你的資源做到這一點在你的ACL插件

protected function _init($request) 
{ 

    $this->_module = $request->getModuleName(); 
    $this->_action = $request->getActionName(); 
    $this->_controller = $request->getControllerName(); 
    $this->_currentRole = $this->_getCurrentUserRole(); 
    $this->_resource = $this->_module . ':' . $this->_controller; // <----- 
} 

Answer 2

這可能與這個方法：

protected function _getCurrentUserRole() 
{  

    if($this->_auth->hasIdentity()) { 
     $authData = $this->_auth->getIdentity(); 
     //$role = isset($authData->myType())?strtolower($authData->property->privilage): 'guest'; 
     //retrieving the UserType 
      $authTypeCheck = $authData->myType(); 
     if(isset($authTypeCheck)){ 
      $role = strtolower($authData->myType()); 
     } 
    } else { 
     $role = 'guest'; 
    } 
    return $role; 
} 

它看起來像如果沒有設置$ authTypeCheck，作用是沒有定義的。不知道$ authData-> myType（）到底是什麼，但它可能是原因。你可以嘗試添加一個else if（isset（$ authTypeCheck））{//} else {$ role ='guest'; }

仔細觀察類似的代碼是在其中一條註釋行中完成的。

道歉，如果不是這樣，你採取了似乎是一個相當複雜的方法，至少與我的用例相比。你可以將所有代碼包裝到Acl Plugin Predispatch方法中，這可能會排除很多可能的問題。