import v1.0.0-RC4 | 2009-05-20

2019-07-17 22:08:50 +02:00
commit b484e522e8
2459 changed files with 1038434 additions and 0 deletions
--- a/libs/Monkeys/Controller/Plugin/Auth.php
+++ b/libs/Monkeys/Controller/Plugin/Auth.php
@ -0,0 +1,72 @@
+<?php
+
+/*
+* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
+* @license http://creativecommons.org/licenses/BSD/ BSD License
+* @author Keyboard Monkey Ltd
+* @since  CommunityID 0.9
+* @package CommunityID
+* @packager Keyboard Monkeys
+*/
+
+class Monkeys_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
+{
+    private $_acl;
+
+    public function __construct($acl)
+    {
+        $this->_acl = $acl;
+    }
+
+    public function preDispatch($request)
+    {
+        if (!Zend_Registry::get('config')->environment->installed
+            && $request->getModuleName() != 'install'
+            && $request->getControllerName() != 'error')
+        {
+            $request->setModuleName('install');
+            $request->setControllerName('index');
+            $request->setActionName('index');
+
+            return;
+        }
+
+        if (Zend_Registry::isRegistered('user')) {
+            // used by unit tests to inject the logged-in user
+            $user= Zend_Registry::get('user');
+        } else {
+            $auth = Zend_Auth::getInstance();
+            $users = new Users();
+            if ($auth->hasIdentity()) {
+                $user = $auth->getStorage()->read();
+                $user->init();
+
+                // reactivate row as live data
+                $user->setTable($users);
+            } else {
+                // guest user
+                $user = $users->createRow();
+            }
+
+            Zend_Registry::set('user', $user);
+        }
+
+        $resource   = $request->getModuleName() . '_' . $request->getControllerName();
+
+        if (!$this->_acl->has($resource)) {
+            //echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";
+            throw new Monkeys_BadUrlException($this->getRequest()->getRequestUri());
+        }
+
+        // if an admin is not allowed for this action, then the action doesn't exist
+        if (!$this->_acl->isAllowed(User::ROLE_ADMIN, $resource, $request->getActionName())) {
+            //echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";
+            throw new Monkeys_BadUrlException($this->getRequest()->getRequestUri());
+        }
+
+        if (!$this->_acl->isAllowed($user->role, $resource, $request->getActionName())) {
+            //echo "role: " . $user->role . " - resource: $resource - privilege: " . $request->getActionName() . "<br>\n";
+            throw new Monkeys_AccessDeniedException();
+        }
+    }
+}