2019-07-17 20:08:50 +00:00
|
|
|
<?php
|
|
|
|
|
2019-07-17 20:31:04 +00:00
|
|
|
/*
|
|
|
|
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
|
|
|
|
* @license http://creativecommons.org/licenses/BSD/ BSD Licensese
|
|
|
|
* @author Keyboard Monkeys Ltd.
|
|
|
|
* @package Monkeys Framework
|
|
|
|
* @packager Keyboard Monkeys
|
|
|
|
*/
|
|
|
|
|
2019-07-17 20:08:50 +00:00
|
|
|
class Monkeys_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
|
|
|
|
{
|
|
|
|
private $_acl;
|
|
|
|
|
|
|
|
public function __construct($acl)
|
|
|
|
{
|
|
|
|
$this->_acl = $acl;
|
|
|
|
}
|
|
|
|
|
2019-07-17 20:16:19 +00:00
|
|
|
/**
|
|
|
|
* Here we only check for the basic action access permissions.
|
|
|
|
* In Monkeys_Controller_Action we check for more specific permissions
|
|
|
|
*/
|
2019-07-17 20:08:50 +00:00
|
|
|
public function preDispatch($request)
|
|
|
|
{
|
|
|
|
if (!Zend_Registry::get('config')->environment->installed
|
|
|
|
&& $request->getModuleName() != 'install'
|
|
|
|
&& $request->getControllerName() != 'error')
|
|
|
|
{
|
|
|
|
$request->setModuleName('install');
|
|
|
|
$request->setControllerName('index');
|
|
|
|
$request->setActionName('index');
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (Zend_Registry::isRegistered('user')) {
|
|
|
|
// used by unit tests to inject the logged-in user
|
|
|
|
$user= Zend_Registry::get('user');
|
|
|
|
} else {
|
|
|
|
$auth = Zend_Auth::getInstance();
|
2019-07-17 20:16:19 +00:00
|
|
|
$users = new Users_Model_Users();
|
2019-07-17 20:08:50 +00:00
|
|
|
if ($auth->hasIdentity()) {
|
|
|
|
$user = $auth->getStorage()->read();
|
|
|
|
$user->init();
|
|
|
|
|
|
|
|
// reactivate row as live data
|
|
|
|
$user->setTable($users);
|
|
|
|
} else {
|
|
|
|
// guest user
|
|
|
|
$user = $users->createRow();
|
|
|
|
}
|
|
|
|
|
|
|
|
Zend_Registry::set('user', $user);
|
|
|
|
}
|
|
|
|
|
|
|
|
$resource = $request->getModuleName() . '_' . $request->getControllerName();
|
|
|
|
|
|
|
|
if (!$this->_acl->has($resource)) {
|
2019-07-17 20:31:04 +00:00
|
|
|
//echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";exit;
|
2019-07-17 20:08:50 +00:00
|
|
|
throw new Monkeys_BadUrlException($this->getRequest()->getRequestUri());
|
|
|
|
}
|
|
|
|
|
|
|
|
// if an admin is not allowed for this action, then the action doesn't exist
|
2019-07-17 20:16:19 +00:00
|
|
|
if (!$this->_acl->isAllowed(Users_Model_User::ROLE_ADMIN, $resource, $request->getActionName())) {
|
2019-07-17 20:31:04 +00:00
|
|
|
//echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";exit;
|
2019-07-17 20:08:50 +00:00
|
|
|
throw new Monkeys_BadUrlException($this->getRequest()->getRequestUri());
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$this->_acl->isAllowed($user->role, $resource, $request->getActionName())) {
|
2019-07-17 20:31:04 +00:00
|
|
|
//echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";exit;
|
2019-07-17 20:08:50 +00:00
|
|
|
throw new Monkeys_AccessDeniedException();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|