2009年12月14日星期一

Re: [fw-mvc] Problems with ACL assertions

Instead of this creating a new instance of new
Zend_Controller_Request_Http() you could try to get the request object
from Zend_Controller_Front. I don't think the routes are applied to
your request.

Cheers!
Andreas

On 14.12.2009, at 18:32, Andrew Sledge wrote:

> Hi everyone.
>
> I am having trouble getting request params in my custom ACL assertion
> class. I am passing the parameters via a custom route. The ACLs are
> registering correctly, so I know that's not it.
>
> The following code should help explain:
>
> Bootstrap.php
> [CODE]
> protected function _initRoutes()
> {
> $frontController = Zend_Controller_Front::getInstance();
> $router = $frontController->getRouter();
> $route = new Zend_Controller_Router_Route(
> '/user/profile/id/:id',
> array(
> 'controller' => 'user',
> 'action' => 'profile',
> )
> );
> $router->addRoute('applicationview', $route);
> return $router;
> }
>
> protected function _initAcl()
> {
> require_once(dirname(__FILE__) . '/Acl.php');
> require_once(dirname(__FILE__) .
> '/../library/Home/Controller/Plugin/AuthPlugin.php');
> $frontController = Zend_Controller_Front::getInstance();
> $frontController->registerPlugin(new AuthPlugin());
> }
> [/CODE]
>
> Acl.php:
> $acl->allow('staffer', 'user', 'profile', new Home_Acl_Assert_Profile
> ());
>
> library/Home/Acl/Assert/Profile.php:
> [CODE]
> class Home_Acl_Assert_Profile implements Zend_Acl_Assert_Interface
> {
> public function assert(Zend_Acl $acl,Zend_Acl_Role_Interface
> $role=null, Zend_Acl_Resource_Interface $resource=null,
> $privileges=null)
> {
> $auth = Zend_Auth::getInstance();
> if ($auth->hasIdentity()) {
> $request = new Zend_Controller_Request_Http();
> $requestid = $request->getQuery('id');
> $identity = $auth->getIdentity();
> if($identity->role == 'admin' || ($requestid == $identity->uid)) {
> return "allowed";
> } else {
> return "denied";
> }
> } else {
> return "denied";
> }
> return "denied";
> }
> }
> [/CODE]
>
> If I request /user/profile/?id=1 the assertion class recognizes the ID
> parameter (returns allowed). If I use /user/profile/id/1, if fails
> (returns denied). Any thoughts on how I can get the assertion class
> to
> recognize the parameters?
>
>
>
>
>
> --
> Andrew Sledge
> andrew.j.sledge@gmail.com
>
> PGP Key: 0x869E3649
> http://pgp.mit.edu:11371/pks/lookup?search=0xDD779230869E3649
>

没有评论: