2009年12月14日星期一

Re: [fw-mvc] Problems with ACL assertions

Notwithstanding the fact that I would never couple my ACL assertions to the HTTP request, I think you need to use getParam instead of getQuery.

On Mon, Dec 14, 2009 at 12:32 PM, Andrew Sledge <andrew.j.sledge@gmail.com> wrote:
Hi everyone.

I am having trouble getting request params in my custom ACL assertion
class.  I am passing the parameters via a custom route.  The ACLs are
registering correctly, so I know that's not it.

The following code should help explain:

Bootstrap.php
[CODE]
protected function _initRoutes()
{
       $frontController = Zend_Controller_Front::getInstance();
       $router = $frontController->getRouter();
       $route = new Zend_Controller_Router_Route(
               '/user/profile/id/:id',
           array(
                               'controller' => 'user',
                               'action'     => 'profile',
               )
       );
      $router->addRoute('applicationview', $route);
      return $router;
}

protected function _initAcl()
{
       require_once(dirname(__FILE__) . '/Acl.php');
       require_once(dirname(__FILE__) .
'/../library/Home/Controller/Plugin/AuthPlugin.php');
       $frontController = Zend_Controller_Front::getInstance();
       $frontController->registerPlugin(new AuthPlugin());
}
[/CODE]

Acl.php:
$acl->allow('staffer', 'user', 'profile', new Home_Acl_Assert_Profile());

library/Home/Acl/Assert/Profile.php:
[CODE]
class Home_Acl_Assert_Profile implements Zend_Acl_Assert_Interface
{
 public function assert(Zend_Acl $acl,Zend_Acl_Role_Interface
$role=null, Zend_Acl_Resource_Interface $resource=null,$privileges=null)
 {
   $auth = Zend_Auth::getInstance();
   if ($auth->hasIdentity()) {
     $request = new Zend_Controller_Request_Http();
     $requestid = $request->getQuery('id');
     $identity = $auth->getIdentity();
     if($identity->role == 'admin' || ($requestid == $identity->uid)) {
       return "allowed";
     } else {
       return "denied";
     }
   } else {
     return "denied";
   }
   return "denied";
 }
}
[/CODE]

If I request /user/profile/?id=1 the assertion class recognizes the ID
parameter (returns allowed).  If I use /user/profile/id/1, if fails
(returns denied).  Any thoughts on how I can get the assertion class to
recognize the parameters?





--
Andrew Sledge
andrew.j.sledge@gmail.com

PGP Key: 0x869E3649
http://pgp.mit.edu:11371/pks/lookup?search=0xDD779230869E3649


没有评论: