ZF2AuthAcl模塊不能開箱即用

Question

我拿起了這個ZF2AuthAcl模塊，使我的生活更輕鬆。出於某種原因，它不適用於開箱即用。只要我在Zend2 Application.config中激活它，它將接管整個站點。這意味着它可以直接在我擁有的任何頁面上登錄。有一個「白名單」，我試圖添加頁面到這個數組中，它似乎並沒有工作。我將顯示Acl頁面，它與「白名單」可能沒有正確添加，或者有更好的方法。它也是數據驅動的。有沒有人用過這個成功或知道它？

作者是告訴我這可能與白名單有關的人。

，我加入到該地區是這樣的：

public function initAcl() 
    { 
    $this->roles = $this->_getAllRoles(); 
    $this->resources = $this->_getAllResources(); 
    $this->rolePermission = $this->_getRolePermissions(); 
    // we are not putting these resource & permission in table bcz it is 
    // common to all user 
    $this->commonPermission = array(
     'ZF2AuthAcl\Controller\Index' => array(
      'logout', 
      'index'     
     ), 
    ); 
    $this->_addRoles() 
     ->_addResources() 
     ->_addRoleResources(); 
} 

這是我增加的部分，整個事情。

namespace ZF2AuthAcl\Utility; 

use Zend\Permissions\Acl\Acl as ZendAcl; 
use Zend\Permissions\Acl\Role\GenericRole as Role; 
use Zend\Permissions\Acl\Resource\GenericResource as Resource; 
use Zend\ServiceManager\ServiceLocatorAwareInterface; 
use Zend\ServiceManager\ServiceLocatorInterface; 

class Acl extends ZendAcl implements ServiceLocatorAwareInterface 
{ 

const DEFAULT_ROLE = 'guest'; 

protected $_roleTableObject; 

protected $serviceLocator; 

protected $roles; 

protected $permissions; 

protected $resources; 

protected $rolePermission; 

protected $commonPermission; 

public function setServiceLocator(ServiceLocatorInterface $serviceLocator) 
{ 
    $this->serviceLocator = $serviceLocator; 

    return $this; 
} 

public function getServiceLocator() 
{ 
    return $this->serviceLocator; 
} 

public function initAcl() 
{ 
    $this->roles = $this->_getAllRoles(); 
    $this->resources = $this->_getAllResources(); 
    $this->rolePermission = $this->_getRolePermissions(); 
    // we are not putting these resource & permission in table bcz it is 
    // common to all user 
    $this->commonPermission = array(
     'ZF2AuthAcl\Controller\Index' => array(
      'logout', 
      'index'     
     ), 
     'Frontend\Controller\Index' => array(
      'index'     
     ), 
     'Blog\Controller\Blog' => array(
      'blog', 
      'list', 
      'view', 
      'UsMap', 
      'maps'     
     ) 
    ); 
    $this->_addRoles() 
     ->_addResources() 
     ->_addRoleResources(); 
} 

public function isAccessAllowed($role, $resource, $permission) 
{ 
    if (! $this->hasResource($resource)) { 
     return false; 
    } 
    if ($this->isAllowed($role, $resource, $permission)) { 
     return true; 
    } 
    return false; 
} 

protected function _addRoles() 
{ 
    $this->addRole(new Role(self::DEFAULT_ROLE)); 

    if (! empty($this->roles)) { 
     foreach ($this->roles as $role) { 
      $roleName = $role['role_name']; 
      if (! $this->hasRole($roleName)) { 
       $this->addRole(new Role($roleName), self::DEFAULT_ROLE); 
      } 
     } 
    } 
    return $this; 
} 

protected function _addResources() 
{ 
    if (! empty($this->resources)) { 
     foreach ($this->resources as $resource) { 
      if (! $this->hasResource($resource['resource_name'])) { 
       $this->addResource(new Resource($resource['resource_name'])); 
      } 
     } 
    } 

    // add common resources 
    if (! empty($this->commonPermission)) { 
     foreach ($this->commonPermission as $resource => $permissions) { 
      if (! $this->hasResource($resource)) { 
       $this->addResource(new Resource($resource)); 
      } 
     } 
    } 

    return $this; 
} 

protected function _addRoleResources() 
{ 
    // allow common resource/permission to guest user 
    if (! empty($this->commonPermission)) { 
     foreach ($this->commonPermission as $resource => $permissions) { 
      foreach ($permissions as $permission) { 
       $this->allow(self::DEFAULT_ROLE, $resource, $permission); 
      } 
     } 
    } 

    if (! empty($this->rolePermission)) { 
     foreach ($this->rolePermission as $rolePermissions) { 
      $this->allow($rolePermissions['role_name'], $rolePermissions['resource_name'], $rolePermissions['permission_name']); 
     } 
    } 

    return $this; 
} 

protected function _getAllRoles() 
{ 
    $roleTable = $this->getServiceLocator()->get("RoleTable"); 
    return $roleTable->getUserRoles(); 
} 

protected function _getAllResources() 
{ 
    $resourceTable = $this->getServiceLocator()->get("ResourceTable"); 
    return $resourceTable->getAllResources(); 
} 

protected function _getRolePermissions() 
{ 
    $rolePermissionTable = $this->getServiceLocator()->get("RolePermissionTable"); 
    return $rolePermissionTable->getRolePermissions(); 
} 

private function debugAcl($role, $resource, $permission) 
{ 
    echo 'Role:-' . $role . '==>' . $resource . '\\' . $permission . '<br/>'; 
} 
} 

2016年6月10日更多信息 我還發現，這個ACL頁不在任何模塊中的頁面。這些功能不會在任何頁面的任何地方被調出，也不會在任何頁面上「使用」。那麼它應該如何工作？

更新06/10/2017 - 已修復的區域。

我發現這是在module.php中使用，有一個白名單，頁面也必須添加。以下是你添加它們的地方。

$whiteList = array(
     'Frontend\Controller\Index-index', 
     *Add whatever modules/controller/action you do not want included* 
     'ZF2AuthAcl\Controller\Index-index', 
     'ZF2AuthAcl\Controller\Index-logout' 
    ); 

Answer 1

以上是我的問題的結論。我偶然發現了它。我沒看在module.php文件中。那是答案的地方。

Answer 2

這裏是Zend ACL的一般實現。我跟着這個。如果你希望你也可以關注這個。

在模塊的config/文件夾中創建一個名爲module.acl.php的文件。該文件包含角色和權限的配置。根據需要修改此腳本。

模塊名/配置/ module.acl.php

return array(
    'roles' => array(
     'guest', 
     'member' 
    ), 
    'permissions' => array( 
     'guest' => array(
      // Names of routes for guest role 
      'users-signup', 
      'users-login' 
     ), 
     'member' => array(
      // Names of routes for member role 
      // Add more here if you need 
      'users-logout' 
     ) 
    ) 
); 

需要導入以下三個類和定義和初始化在Module.php一些方法。

模塊名/ Module.php

use Zend\Permissions\Acl\Acl; 
use Zend\Permissions\Acl\Role\GenericRole; 
use Zend\Permissions\Acl\Resource\GenericResource; 

// Optional; use this for authentication 
use Zend\Authentication\AuthenticationService; 

現在讓我們創建將部署ACL和檢查角色和權限的方法。

模塊:: initAcl（）

public function initAcl(MvcEvent $e) 
{ 

    // Set the ACL 
    if ($e->getViewModel()->acl == null) { 
     $acl = new Acl(); 
    } else { 
     $acl = $e->getViewModel()->acl; 
    } 

    // Get the roles and permissions configuration 
    // You may fetch configuration from database instead. 
    $aclConfig = include __DIR__ . '/config/module.acl.php'; 

    // Set roles 
    foreach ($aclConfig['roles'] as $role) { 
     if (!$acl->hasRole($role)) { 
      $role = new GenericRole($role); 
      $acl->addRole($role); 
     } else { 
      $role = $acl->getRole($role); 
     } 

     // Set resources 
     if (array_key_exists($role->getRoleId(), $aclConfig['permissions'])) { 
      foreach ($aclConfig['permissions'][$role->getRoleId()] as $resource) { 
       if (!$acl->hasResource($resource)) { 
        $acl->addResource(new GenericResource($resource)); 
       } 

       // Add role to a specific resource 
       $acl->allow($role, $resource); 
      } 
     } 
    } 

    // Assign the fully prepared ACL object  
    $e->getViewModel()->acl = $acl; 
} 

模塊:: checkAcl（）

public function checkAcl(MvcEvent $e) { 

    // Get the route 
    $route = $e->getRouteMatch()->getMatchedRouteName(); 

    // Use this if you have authentication set 
    // Otherwise, take this off 
    $auth = new AuthenticationService(); 

    // Set role as you need 
    $userRole = 'guest'; 

    // Use this if you have authentication set 
    // Otherwise, take this off 
    if ($auth->hasIdentity()) { 
     $userRole = 'member'; 
     $loggedInUser = $auth->getIdentity(); 
     $e->getViewModel()->loggedInUser = $loggedInUser; 
    } 

    // Check if the resource has right permission 
    if (!$e->getViewModel()->acl->isAllowed($userRole, $route)) { 
     $response = $e->getResponse(); 

     // Redirect to specific route 
     $response->getHeaders()->addHeaderLine('Location', $e->getRequest()->getBaseUrl() . '/404'); 
     $response->setStatusCode(404); 
     return; 
    } 
} 

現在請onBootstrap()方法與上述方法在Module.php。初始化Module::initAcl()並通過將Module::checkAcl()添加到route事件來檢查資源許可權。

模塊:: onBootstrap（）

public function onBootstrap(MvcEvent $e) 
{ 
    $this->initAcl($e); 
    $e->getApplication()->getEventManager()->attach('route', array($this, 'checkAcl')); 
} 

讓我們知道它可以幫助你或不！