2009年12月14日星期一

Re: [fw-mvc] Problems with ACL assertions

Your assertion is doing three things here:

1) Checking to see if the user is authenticated
2) Grabbing the credentials from the request
3) Doing an assertion

This is three responsibilities.

1) Belongs in an actionhelper
2) Belongs in a controller
3) Belongs right here

This is how I do it:
Have your Profile entity implement Zend_Resource_Interface and your User implement Zend_Role_Interface

You have an actionhelper which checks for authentication.
When you grab the profile, pass in the user and the profile to your ACL
Assertion does its magic.

If you need more information, I'll be happy to flesh it out. I also wrote a blog post about it a while ago, but I'm too lazy to find the link...just google it.

On Mon, Dec 14, 2009 at 12:41 PM, Andrew Sledge <andrew.j.sledge@gmail.com> wrote:
Hi Abraham,

Thanks for your response.

getParam/getParams fails as well.

I am trying to determine if the user has access to the particular
requested id.  For instance, if the user requests the object of id 6,
and the user's id is 6, then the user can have access to that object.
Otherwise, the user is denied.

If you have a better (read: de-coupled) solution for this problem,
please pass it along.

Abraham Block wrote:
> Notwithstanding the fact that I would never couple my ACL assertions to the
> HTTP request, I think you need to use getParam instead of getQuery.
>
> On Mon, Dec 14, 2009 at 12:32 PM, Andrew Sledge
> <andrew.j.sledge@gmail.com>wrote:
>
>> Hi everyone.
>>
>> I am having trouble getting request params in my custom ACL assertion
>> class.  I am passing the parameters via a custom route.  The ACLs are
>> registering correctly, so I know that's not it.
>>
>> The following code should help explain:
>>
>> Bootstrap.php
>> [CODE]
>> protected function _initRoutes()
>> {
>>        $frontController = Zend_Controller_Front::getInstance();
>>        $router = $frontController->getRouter();
>>        $route = new Zend_Controller_Router_Route(
>>                '/user/profile/id/:id',
>>            array(
>>                                'controller' => 'user',
>>                                'action'     => 'profile',
>>                )
>>        );
>>       $router->addRoute('applicationview', $route);
>>       return $router;
>> }
>>
>> protected function _initAcl()
>> {
>>        require_once(dirname(__FILE__) . '/Acl.php');
>>        require_once(dirname(__FILE__) .
>> '/../library/Home/Controller/Plugin/AuthPlugin.php');
>>        $frontController = Zend_Controller_Front::getInstance();
>>        $frontController->registerPlugin(new AuthPlugin());
>> }
>> [/CODE]
>>
>> Acl.php:
>> $acl->allow('staffer', 'user', 'profile', new Home_Acl_Assert_Profile());
>>
>> library/Home/Acl/Assert/Profile.php:
>> [CODE]
>> class Home_Acl_Assert_Profile implements Zend_Acl_Assert_Interface
>> {
>>  public function assert(Zend_Acl $acl,Zend_Acl_Role_Interface
>> $role=null, Zend_Acl_Resource_Interface $resource=null,$privileges=null)
>>  {
>>    $auth = Zend_Auth::getInstance();
>>    if ($auth->hasIdentity()) {
>>      $request = new Zend_Controller_Request_Http();
>>      $requestid = $request->getQuery('id');
>>      $identity = $auth->getIdentity();
>>      if($identity->role == 'admin' || ($requestid == $identity->uid)) {
>>        return "allowed";
>>      } else {
>>        return "denied";
>>      }
>>    } else {
>>      return "denied";
>>    }
>>    return "denied";
>>  }
>> }
>> [/CODE]
>>
>> If I request /user/profile/?id=1 the assertion class recognizes the ID
>> parameter (returns allowed).  If I use /user/profile/id/1, if fails
>> (returns denied).  Any thoughts on how I can get the assertion class to
>> recognize the parameters?
>>
>>
>>
>>
>>
>> --
>> Andrew Sledge
>> andrew.j.sledge@gmail.com
>>
>> PGP Key: 0x869E3649
>> http://pgp.mit.edu:11371/pks/lookup?search=0xDD779230869E3649
>>
>>
>

--

没有评论: