2009年12月14日星期一

Re: [fw-mvc] Problems with ACL assertions

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksmeOIACgkQ3XeSMIaeNknZ5wCfdSWgekFmBzyqX1MPOc8O4R4E
dwEAn0iuTWtLkD7W0Lvm4Xl5yC3lTUsz
=Weqy
-----END PGP SIGNATURE-----
Hi Abraham,

Thanks for your response.

getParam/getParams fails as well.

I am trying to determine if the user has access to the particular
requested id. For instance, if the user requests the object of id 6,
and the user's id is 6, then the user can have access to that object.
Otherwise, the user is denied.

If you have a better (read: de-coupled) solution for this problem,
please pass it along.

Abraham Block wrote:
> Notwithstanding the fact that I would never couple my ACL assertions to the
> HTTP request, I think you need to use getParam instead of getQuery.
>
> On Mon, Dec 14, 2009 at 12:32 PM, Andrew Sledge
> <andrew.j.sledge@gmail.com>wrote:
>
>> Hi everyone.
>>
>> I am having trouble getting request params in my custom ACL assertion
>> class. I am passing the parameters via a custom route. The ACLs are
>> registering correctly, so I know that's not it.
>>
>> The following code should help explain:
>>
>> Bootstrap.php
>> [CODE]
>> protected function _initRoutes()
>> {
>> $frontController = Zend_Controller_Front::getInstance();
>> $router = $frontController->getRouter();
>> $route = new Zend_Controller_Router_Route(
>> '/user/profile/id/:id',
>> array(
>> 'controller' => 'user',
>> 'action' => 'profile',
>> )
>> );
>> $router->addRoute('applicationview', $route);
>> return $router;
>> }
>>
>> protected function _initAcl()
>> {
>> require_once(dirname(__FILE__) . '/Acl.php');
>> require_once(dirname(__FILE__) .
>> '/../library/Home/Controller/Plugin/AuthPlugin.php');
>> $frontController = Zend_Controller_Front::getInstance();
>> $frontController->registerPlugin(new AuthPlugin());
>> }
>> [/CODE]
>>
>> Acl.php:
>> $acl->allow('staffer', 'user', 'profile', new Home_Acl_Assert_Profile());
>>
>> library/Home/Acl/Assert/Profile.php:
>> [CODE]
>> class Home_Acl_Assert_Profile implements Zend_Acl_Assert_Interface
>> {
>> public function assert(Zend_Acl $acl,Zend_Acl_Role_Interface
>> $role=null, Zend_Acl_Resource_Interface $resource=null,$privileges=null)
>> {
>> $auth = Zend_Auth::getInstance();
>> if ($auth->hasIdentity()) {
>> $request = new Zend_Controller_Request_Http();
>> $requestid = $request->getQuery('id');
>> $identity = $auth->getIdentity();
>> if($identity->role == 'admin' || ($requestid == $identity->uid)) {
>> return "allowed";
>> } else {
>> return "denied";
>> }
>> } else {
>> return "denied";
>> }
>> return "denied";
>> }
>> }
>> [/CODE]
>>
>> If I request /user/profile/?id=1 the assertion class recognizes the ID
>> parameter (returns allowed). If I use /user/profile/id/1, if fails
>> (returns denied). Any thoughts on how I can get the assertion class to
>> recognize the parameters?
>>
>>
>>
>>
>>
>> --
>> Andrew Sledge
>> andrew.j.sledge@gmail.com
>>
>> PGP Key: 0x869E3649
>> http://pgp.mit.edu:11371/pks/lookup?search=0xDD779230869E3649
>>
>>
>

--
Andrew Sledge
andrew.j.sledge@gmail.com

PGP Key: 0x869E3649
http://pgp.mit.edu:11371/pks/lookup?search=0xDD779230869E3649

没有评论: