In the code below, the Plugin is ALWAYS run for each request (I can only
assume this as I cannot see your bootstrap information). This means you
might want to add some conditional logic to the plugin to detect whether
or not a user is actually logged in.
When users login, upon a successful login, the loginAction will populate
the Auth component (via Zend_Session) with an object, and in this object
is a property called 'role'.
If there is no loginAction, there is no object in the Auth Component (in
the session), and thus, line 18 of the plugin would fail due to the fact
that you're trying to access a property of an object that does not exist.
> *<?php
> class Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract {
>
> private $_acl= null;
> private $_auth = null;
>
> public function __construct(Zend_Acl $acl, Zend_Auth $auth) {
> $this->_acl=$acl;
> $this->_auth=$auth;
> }
>
> public function preDispatch(Zend_Controller_Request_Abstract $request) {
>
> $resource = $request->getControllerName();
> $action = $request->getActionName();
>
Try chainging this:
> $auth_all_items_stored = $this->_auth->getStorage()->read();
> $role = $auth_all_items_stored->role;
>
> if(!$this->_acl->isAllowed($role, $resource, $action)) {
>
> $request->setControllerName('authentication')
> ->setActionName('login');
> }
To this:
if (!is_object($auth_all_items_stored)
|| !$this->_acl->isAllowed($auth_all_items_stored->role, $resource,
$action) {
...
}
That should redirect to the auth controller / login action if there is
either no session information available, or if the current user is not
allowed to access this particular rule.
Either way, just ensure you actually have an object in the auth/session
first.
-ralph
没有评论:
发表评论