Search code examples
phpzend-frameworkacl

Zend ACL - convert permission to public

I need an ACL for my project, I've watched Alexander Romanenko'video I've been looking into Zend ACL which seems to cover my needs. It's so amazing and I've implemented this :

models/LibraryAcl.php :

<?php
class Model_LibraryAcl extends Zend_Acl
{
    public function __construct()
    {
        
        $this ->add (new Zend_Acl_Resource('index'));
        $this ->add (new Zend_Acl_Resource('authentication','login'));
        $this-> add (new Zend_Acl_Resource('list'),'books');
        
        $this->addRole(new Zend_Acl_Role('user'));
        $this->addRole(new Zend_Acl_Role('admin'),'user');
    
        $this->allow ('user','user');
        $this->allow ('user','index');
        $this ->allow('admin','books', 'list' ));

    }
}


plugins/AccessCheck.php:

<?php 
class Plugin_AccessCheck extends  Zend_Controller_Plugin_Abstract{
    
    private $_acl = null;
    private $_auth = null;
    
    public function __construct(Zend_Acl $acl , Zend_Auth $auth){
        $this->_acl = $acl;
        $this->_auth = $auth;
    }
    
    
    public function preDispatch(Zend_Controller_Request_Abstract $request){
        $resource = $request->getControllerName();
        $action = $request->getActionName();
        $identity = $this->_auth->getStorage()->read();
        $role = $identity->role;
        
        if (!$this->_acl ->isAllowed($role,$resource,$action) ){
                $request->setControllerName('authentication')
                        ->setActionName('login');

        } 
    }
}

All I want is allowing all people (admin, user and people who doesn't log in yet) to access to log in page (authentication/login -> controller name: authentication , action name : login)

UPDATE:
I find out I have to use guest as role and set permission for this role.

Solution

  • change AccessCheck.php:

    <?php 
class Plugin_AccessCheck extends  Zend_Controller_Plugin_Abstract{

    const UNAUTHORIZED_ACCESS = 'UNAUTHORIZED_ACCESS';

    public function preDispatch(Zend_Controller_Request_Abstract $request){
        $auth = Zend_Auth::getInstance();
        if ($auth->hasIdentity()){
            $role = $auth->getIdentity();
        }else{
             $role = 'guest';
        }
        $acl = new Model_LibraryAcl();
        $resource = $request->getControllerName();
        $action = $request->getActionName();


        if ($acl->isAllowed($role,$resource,$action) ){

                $request->setControllerName('authentication')
                        ->setActionName('login');

        } 
    }
}

    And add it to LibraryAcl.php

    $this->addRole(new Zend_Acl_Role('guest'));
$this->addRole(new Zend_Acl_Role('user'), 'guest');
$this->addRole(new Zend_Acl_Role('admin'), 'user');

$this->allow('guest', 'authentication', 'login');