Zend_Auth + Zend_Acl

recently sat down to study Zend Framework. Decided to write a simple cms. The first thing I decided to deal with authentication and authorization.


actually had to suffer, but I have achieved. and now has decided to share his torment with harusame.

Step 1. you must create a class inheriting from Zend_Controller_Action:

class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
//here we'll write the code
}
}


Now all controllers must inherit from the just created class. All that in a function preDispatch() will be processed before the controller that we need.

Step 2. The actual authentication. Did not invent anything and took of this hepatophyta

Step 3. Work will start with the function preDispatch().

First, we need to know that the user is on the site. Reading for this session:

class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
$this->user = $this->getUser();

}

public function getUser() {
Zend_Session::start();
$namespace = new Zend_Session_Namespace('Zend_Auth');
if($namespace- > storage) {
$user['id'] = $namespace->storage->id;
$user['username'] = $namespace->storage->username;
$user['name'] = $namespace->storage->name;
//which group the user. you will need to separate access rights
$user['group'] = $namespace- > storage- > group;
return $user;
}
else {
// if not logged in, return the guest account.
return array('id' = > '0','username' = > 'Guest','name' = > 'Guest','group' => 'guest');
}
}
}


Thus, the step of user authentication is passed, proceed to authorization. I will not give the basics of Zend_Acl, in principle, everything is so clear from your code:

$acl = new Zend_Acl();

//adding roles, i.e. groups of users
$acl- > addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('user'))
->addRole(new Zend_Acl_Role('admin'));

//add resources that require access by users
$acl- > add(new Zend_Acl_Resource('index'));
$acl- > add(new Zend_Acl_Resource('articles'));
$acl- > add(new Zend_Acl_Resource('user'));
$acl- > add(new Zend_Acl_Resource('auth'));
$acl- > add(new Zend_Acl_Resource('error'));
$acl- > add(new Zend_Acl_Resource('registration'));

//actually, the limit (the last argument of the controller Action) null = all
$acl- > deny('guest', 'user', null);
//allow everything else
$acl- > allow(null, null, null);

//check for access
if(!$acl- > allowed($this->user['group'], $this->getRequest()->getControllerName(),$this->getRequest()->getActionName())) {
//if not sent to the error page
$this->_redirect('/error/error/');
}


That's all. In the end will result entirely the code of the controller with a preDispatch ()

class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
$this->user = $this->getUser();

$acl = new Zend_Acl();

$acl- > addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('user'))
->addRole(new Zend_Acl_Role('admin'));

$acl- > add(new Zend_Acl_Resource('index'));
$acl- > add(new Zend_Acl_Resource('articles'));
$acl- > add(new Zend_Acl_Resource('user'));
$acl- > add(new Zend_Acl_Resource('auth'));
$acl- > add(new Zend_Acl_Resource('error'));
$acl- > add(new Zend_Acl_Resource('registration'));

$acl- > deny('guest', 'user', null);
$acl- > allow(null, null, null);

$request = $this->getRequest();
if(!$acl- > allowed($this->user['group'], $this->getRequest()->getControllerName(), $this->getRequest()->getActionName())) {
$this->_redirect('/error/error/');
}
}

public function getUser() {
Zend_Session::start();
$namespace = new Zend_Session_Namespace('Zend_Auth');

if($namespace- > storage) {
$user['id'] = $namespace->storage->id;
$user['username'] = $namespace->storage->username;
$user['name'] = $namespace->storage->name;
$user['group'] = $namespace- > storage- > group;

return $user;
}
else {
return array('id' = > '0','username' = > 'Guest','name' = > 'Guest','group' => 'guest');
}
}
}



Thanks to all who have endured to the end. Hope someone can help.
Article based on information from habrahabr.ru

Популярные сообщения из этого блога

Approval of WSUS updates: import, export, copy

Изображение
the Backstory Until recently, I worked as edikasyon a major Russian company that has many offices throughout the country. In my jurisdiction there were eleven sites, located in different cities of the Far East (this is important). In each of these offices had its own, not connected with other network infrastructure — your domain AD own subnet, etc. Once the leadership gave me the task to organize the automatic updating of the OS and programs from MS and allowed to expand on accountable sites WSUS . Problem After WSUS was deployed, binding policy, computers to WSUS groups are configured, the directory synchronization content server MS held, etc., the question arose: who and how will approve the update? Imagine 11 cities that are so "fast" and "stable", that rare moment when latency of ICMP replies are only 800 MS, are perceived as unheard of luck. And in each you test all updates before deploying. The access to the servers at the sites was only v
Далее...

The Hilbert curve vs. Z-order

Изображение
Repeatedly heard the opinion that of all swept curves . it the Hilbert curve the most promising for spatial indexing. The explanation given is that it does not contain discontinuities and therefore in some sense “well-arranged”. Whether so it actually and what is the spatial indexing, we will understand under the cut. The concluding article of the series: the the Why doesn't the straightforward approach to spatial indexing swept curves the Presentation the 3D and obvious optimization the 8D and perspectives OLAP the 3D field as it looks the 3D field benchmarks the How about indexing non-point objects? The Hilbert curve has the remarkable property — the distance between two successive points is always equal to one (step current of detail, to be precise). Therefore, data is not much different Hilbert curve values are close to each other (the inverse, incidentally, is wrong — adjacent points may be very different in meaning). For this property it is us
Далее...

Configuring a C++ project in Eclipse for example SFML application

Изображение
All kind time of day! When you configure the project in Eclipse I ran into a few problems. After attempts to find a solution to these problems, I found the obvious tips on foreign forums that did not solve the problem. Scratching his head, I began to solve the problems himself. In this article I will describe in detail the configuration of the Eclipse CDT, MinGW, connection s headers and libraries. The article is designed for beginners. the Definitions Eclipse CDT integrated development environment C and C++ based on Eclipse platform. MinGW — compiler, native software port of the GNU Compiler Collection (GCC) under Microsoft Windows, along with a set of freely distributable import libraries and header files for the Windows API. MinGW allows developers to create native Microsoft Windows applications. SFML is a free cross-platform multimedia library written in C++. the Installing Eclipse and MinGW For work Eclipse requires a Java . Download Eclipse CDT from
Далее...