I am using the code below to make the ACL not allowed roles to be redirected to a specific page, the problem is that it is working fine by routing the user to the page needed but without changing the URL. So lets assume a user is trying to go to the admin index page (localhost/Admin) without logging in, the ACL plug in will rout the user to the log in page but without changing the URL (localhost/Admin/Login). any ideas why this is happening?
class Hyderlib_Controller_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract {
private $_acl = null;
private $_auth = null;
public function __construct(Zend_Acl $acl, Zend_Auth $auth) {
$this->_acl = $acl;
$this->auth = $auth;
}
public function preDispatch(Zend_Controller_Request_Abstract $request) {
$module = $request->getModuleName();
$recourse = $request->getControllerName();
$action = $request->getActionName();
$identity = $this->auth->getStorage()->read();
if (!isset($identity)) {
$role = 'default';
} else {
$db = Zend_Db_Table::getDefaultAdapter();
$Role = $db->select()->from('User_Account')->where('Email = ?', $identity);
$result = $db->fetchRow($Role);
$role = $result['Role'];
}
if (!$this->_acl->isAllowed($role, $module, $recourse, $action)) {
$request->setModuleName('Admin')
->setControllerName('Login')
->setActionName('index');
}
//$role = $identity->Role;
}
}
I provide the whole code to show that the code below is used in the zend controller plugin in the the preDispatch if this make any difference.
$request->setModuleName('Admin')
->setControllerName('Login')
->setActionName('index');
Url is not changing because its an internal redirect of ZF MVC . But its a good thing because if you do what david have answered above then if user is not even allowed on index action of login controller of admin module then he will stuck in infinite loop of redirection .
Another advantage of internal redirection is when user login successfully you can redirect him to the url on which he actually wanted to go simply by
$this->redirect($_SERVER['REQUEST_URI');