CommunityID/libs/Monkeys/Controller/Plugin/Auth.php

73 lines
2.5 KiB
PHP
Raw Normal View History

2019-07-17 20:08:50 +00:00
<?php
/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkey Ltd
* @since CommunityID 0.9
* @package CommunityID
* @packager Keyboard Monkeys
*/
class Monkeys_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
private $_acl;
public function __construct($acl)
{
$this->_acl = $acl;
}
public function preDispatch($request)
{
if (!Zend_Registry::get('config')->environment->installed
&& $request->getModuleName() != 'install'
&& $request->getControllerName() != 'error')
{
$request->setModuleName('install');
$request->setControllerName('index');
$request->setActionName('index');
return;
}
if (Zend_Registry::isRegistered('user')) {
// used by unit tests to inject the logged-in user
$user= Zend_Registry::get('user');
} else {
$auth = Zend_Auth::getInstance();
$users = new Users();
if ($auth->hasIdentity()) {
$user = $auth->getStorage()->read();
$user->init();
// reactivate row as live data
$user->setTable($users);
} else {
// guest user
$user = $users->createRow();
}
Zend_Registry::set('user', $user);
}
$resource = $request->getModuleName() . '_' . $request->getControllerName();
if (!$this->_acl->has($resource)) {
//echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";
throw new Monkeys_BadUrlException($this->getRequest()->getRequestUri());
}
// if an admin is not allowed for this action, then the action doesn't exist
if (!$this->_acl->isAllowed(User::ROLE_ADMIN, $resource, $request->getActionName())) {
//echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";
throw new Monkeys_BadUrlException($this->getRequest()->getRequestUri());
}
if (!$this->_acl->isAllowed($user->role, $resource, $request->getActionName())) {
//echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";
throw new Monkeys_AccessDeniedException();
}
}
}