Zend_Auth + Zend_Acl
recently sat down to study Zend Framework. Decided to write a simple cms. The first thing I decided to deal with authentication and authorization.
actually had to suffer, but I have achieved. and now has decided to share his torment with harusame.
Step 1. you must create a class inheriting from Zend_Controller_Action:
Now all controllers must inherit from the just created class. All that in a function preDispatch() will be processed before the controller that we need.
Step 2. The actual authentication. Did not invent anything and took of this hepatophyta
Step 3. Work will start with the function preDispatch().
First, we need to know that the user is on the site. Reading for this session:
Thus, the step of user authentication is passed, proceed to authorization. I will not give the basics of Zend_Acl, in principle, everything is so clear from your code:
That's all. In the end will result entirely the code of the controller with a preDispatch ()
Thanks to all who have endured to the end. Hope someone can help.
Article based on information from habrahabr.ru
actually had to suffer, but I have achieved. and now has decided to share his torment with harusame.
Step 1. you must create a class inheriting from Zend_Controller_Action:
class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
//here we'll write the code
}
}
Now all controllers must inherit from the just created class. All that in a function preDispatch() will be processed before the controller that we need.
Step 2. The actual authentication. Did not invent anything and took of this hepatophyta
Step 3. Work will start with the function preDispatch().
First, we need to know that the user is on the site. Reading for this session:
class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
$this->user = $this->getUser();
}
public function getUser() {
Zend_Session::start();
$namespace = new Zend_Session_Namespace('Zend_Auth');
if($namespace- > storage) {
$user['id'] = $namespace->storage->id;
$user['username'] = $namespace->storage->username;
$user['name'] = $namespace->storage->name;
//which group the user. you will need to separate access rights
$user['group'] = $namespace- > storage- > group;
return $user;
}
else {
// if not logged in, return the guest account.
return array('id' = > '0','username' = > 'Guest','name' = > 'Guest','group' => 'guest');
}
}
}
Thus, the step of user authentication is passed, proceed to authorization. I will not give the basics of Zend_Acl, in principle, everything is so clear from your code:
$acl = new Zend_Acl();
//adding roles, i.e. groups of users
$acl- > addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('user'))
->addRole(new Zend_Acl_Role('admin'));
//add resources that require access by users
$acl- > add(new Zend_Acl_Resource('index'));
$acl- > add(new Zend_Acl_Resource('articles'));
$acl- > add(new Zend_Acl_Resource('user'));
$acl- > add(new Zend_Acl_Resource('auth'));
$acl- > add(new Zend_Acl_Resource('error'));
$acl- > add(new Zend_Acl_Resource('registration'));
//actually, the limit (the last argument of the controller Action) null = all
$acl- > deny('guest', 'user', null);
//allow everything else
$acl- > allow(null, null, null);
//check for access
if(!$acl- > allowed($this->user['group'], $this->getRequest()->getControllerName(),$this->getRequest()->getActionName())) {
//if not sent to the error page
$this->_redirect('/error/error/');
}
That's all. In the end will result entirely the code of the controller with a preDispatch ()
class Controller extends Zend_Controller_Action
{
public function preDispatch()
{
$this->user = $this->getUser();
$acl = new Zend_Acl();
$acl- > addRole(new Zend_Acl_Role('guest'))
->addRole(new Zend_Acl_Role('user'))
->addRole(new Zend_Acl_Role('admin'));
$acl- > add(new Zend_Acl_Resource('index'));
$acl- > add(new Zend_Acl_Resource('articles'));
$acl- > add(new Zend_Acl_Resource('user'));
$acl- > add(new Zend_Acl_Resource('auth'));
$acl- > add(new Zend_Acl_Resource('error'));
$acl- > add(new Zend_Acl_Resource('registration'));
$acl- > deny('guest', 'user', null);
$acl- > allow(null, null, null);
$request = $this->getRequest();
if(!$acl- > allowed($this->user['group'], $this->getRequest()->getControllerName(), $this->getRequest()->getActionName())) {
$this->_redirect('/error/error/');
}
}
public function getUser() {
Zend_Session::start();
$namespace = new Zend_Session_Namespace('Zend_Auth');
if($namespace- > storage) {
$user['id'] = $namespace->storage->id;
$user['username'] = $namespace->storage->username;
$user['name'] = $namespace->storage->name;
$user['group'] = $namespace- > storage- > group;
return $user;
}
else {
return array('id' = > '0','username' = > 'Guest','name' = > 'Guest','group' => 'guest');
}
}
}
Thanks to all who have endured to the end. Hope someone can help.