On Mon, Dec 14, 2009 at 12:54 PM, Andreas Baumgart <ab@polycast.de> wrote:
Instead of this creating a new instance of new Zend_Controller_Request_Http() you could try to get the request object from Zend_Controller_Front. I don't think the routes are applied to your request.
Cheers!
Andreas
On 14.12.2009, at 18:32, Andrew Sledge wrote:
Hi everyone.
I am having trouble getting request params in my custom ACL assertion
class. I am passing the parameters via a custom route. The ACLs are
registering correctly, so I know that's not it.
The following code should help explain:
Bootstrap.php
[CODE]
protected function _initRoutes()
{
$frontController = Zend_Controller_Front::getInstance();
$router = $frontController->getRouter();
$route = new Zend_Controller_Router_Route(
'/user/profile/id/:id',
array(
'controller' => 'user',
'action' => 'profile',
)
);
$router->addRoute('applicationview', $route);
return $router;
}
protected function _initAcl()
{
require_once(dirname(__FILE__) . '/Acl.php');
require_once(dirname(__FILE__) .
'/../library/Home/Controller/Plugin/AuthPlugin.php');
$frontController = Zend_Controller_Front::getInstance();
$frontController->registerPlugin(new AuthPlugin());
}
[/CODE]
Acl.php:
$acl->allow('staffer', 'user', 'profile', new Home_Acl_Assert_Profile());
library/Home/Acl/Assert/Profile.php:
[CODE]
class Home_Acl_Assert_Profile implements Zend_Acl_Assert_Interface
{
public function assert(Zend_Acl $acl,Zend_Acl_Role_Interface
$role=null, Zend_Acl_Resource_Interface $resource=null,$privileges=null)
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$request = new Zend_Controller_Request_Http();
$requestid = $request->getQuery('id');
$identity = $auth->getIdentity();
if($identity->role == 'admin' || ($requestid == $identity->uid)) {
return "allowed";
} else {
return "denied";
}
} else {
return "denied";
}
return "denied";
}
}
[/CODE]
If I request /user/profile/?id=1 the assertion class recognizes the ID
parameter (returns allowed). If I use /user/profile/id/1, if fails
(returns denied). Any thoughts on how I can get the assertion class to
recognize the parameters?
--
Andrew Sledge
andrew.j.sledge@gmail.com
PGP Key: 0x869E3649
http://pgp.mit.edu:11371/pks/lookup?search=0xDD779230869E3649
没有评论:
发表评论