Skip to content

Instantly share code, notes, and snippets.

@alexander-torosh

alexander-torosh/AclPlugin.php

Last active August 29, 2015 14:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save alexander-torosh/2d04f48cfd88818a9aaa to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save alexander-torosh/2d04f48cfd88818a9aaa to your computer and use it in GitHub Desktop.
Download ZIP
phalcon acl
Raw
AclPlugin.php
<?php
/**
* ExceptionPlugin
* @copyright Copyright (c) 2011 - 2014 Aleksandr Torosh (http://wezoom.com.ua)
* @author Aleksandr Torosh <[email protected]>
*/
use Phalcon\Mvc\Dispatcher,
Phalcon\Mvc\User\Plugin,
Application\Acl\DefaultAcl;
class AclPlugin extends Plugin
{
public function __construct(DefaultAcl $acl, Dispatcher $dispatcher)
{
$role = $this->getRole();
$module = $dispatcher->getModuleName();
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$resourceKey = $module . '/' . $controller;
$resourceVal = $action;
if (!$acl->isAllowed($role, $resourceKey, $resourceVal)) {
if ($acl->isResource($resourceKey)) {
$this->accessDenied($role, $resourceKey, $resourceVal);
} else {
echo 'Ресурс не зарегестрирован "' . $resourceKey . '/' . $resourceVal . '"';
die;
}
}
}
private function getRole()
{
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'guest';
} else {
$role = \Admin\Model\AdminUser::getRoleById($auth->id);
}
return $role;
}
private function accessDenied($role, $resourceKey = null, $resourceVal = null)
{
echo "<b>" . $role . "</b> - Доступ запрещен к ресурсу <b>" . $resourceKey . '::' . $resourceVal . "</b>";
exit;
}
}
Raw
DefaultAcl.php
<?php
/**
* DefaultAcl
* @copyright Copyright (c) 2011 - 2014 Aleksandr Torosh (http://wezoom.com.ua)
* @author Aleksandr Torosh <[email protected]>
*/
namespace Application\Acl;
class DefaultAcl extends \Phalcon\Acl\Adapter\Memory
{
private $roles = [];
private $resources = [];
public function __construct()
{
parent::__construct();
$this->setDefaultAction(\Phalcon\Acl::DENY);
$roles['guest'] = new \Phalcon\Acl\Role('guest', 'Гость');
$roles['journalist'] = new \Phalcon\Acl\Role('journalist', 'Журналист');
$roles['editor'] = new \Phalcon\Acl\Role('editor', 'Редактор');
$roles['admin'] = new \Phalcon\Acl\Role('admin', 'Администратор');
$this->addRole($roles['guest']);
$this->addRole($roles['journalist'], $roles['guest']); // журналист наследует гостя
$this->addRole($roles['editor'], $roles['journalist']); // редактор наследует журналиста
$this->addRole($roles['admin']);
/*Записываем роли в свойство объекта*/
$this->roles = $roles;
$resources = [
'guest' => [
'index/index' => '*',
'admin/index' => '*',
],
'journalist' => [
'video/admin' => [
'index',
'add',
'edit'
],
'video/tags' => '*',
'video/upload' => '*',
],
'editor' => [
'video/admin' => '*',
'admin/admin-user' => '*'
],
'admin' => ['*'],
];
/*Записываем ресурсы в свойство объекта*/
$this->resources = $resources;
/*Перебираем и регестрируем все ресурсы по ролям*/
$this->addResources();
/*Устанавливаем доступы согдасно ролей*/
$this->setAccess();
}
private function addResources()
{
foreach ($this->resources as $roles_resources) {
foreach ($roles_resources as $resource => $actions) {
$registerActions = null;
if (is_array($actions)) {
$registerActions = $actions;
}
$this->addResource(new \Phalcon\Acl\Resource($resource), $registerActions);
$this->allow('admin', '*', '*');
}
}
}
private function setAccess()
{
foreach ($this->roles as $k => $role) {
$user_resource = $this->resources[$k];
foreach ($user_resource as $roles_resources => $method) {
if ($method == '*') {
$this->allow($k, $roles_resources, '*');
} else {
$this->allow($k, $roles_resources, $method);
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment