Using ZF-11.1.2, php-5.3.5
Trying to implement an ACL, and I keep getting "Maximum execution time of 30
seconds exceeded in /var/www/library/Zend-1.11.2/Acl.php on line 886" in my
error log. I am sure it's my implementation of Zend_Acl. It must be that I
don't quite understand the way the allow/deny rules work.
My understanding is that all resources are denied from a role unless
explicitly allowed. What is wrong with the code below that makes the server
hiccup?
class My_Bootstrap_Resource_Acl extends
Zend_Application_Resource_ResourceAbstract
{
public function init()
{
// configure access
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource('index'))
->add(new Zend_Acl_Resource('blog'))
->add(new Zend_Acl_Resource('contact'))
->add(new Zend_Acl_Resource('cart'))
->add(new Zend_Acl_Resource('checkout'))
->add(new Zend_Acl_Resource('process'))
->add(new Zend_Acl_Resource('order'))
->add(new Zend_Acl_Resource('account'))
->add(new Zend_Acl_Resource('error'))
->add(new Zend_Acl_Resource('login'))
->add(new Zend_Acl_Resource('logout'))
->addRole(new Zend_Acl_Role('guest')) // define the roles; note the
inheritance
->addRole(new Zend_Acl_Role('member')) // can comment freely without being
moderated
// define the access list; note the inheritance here as well
->allow('guest', array('index', 'blog', 'trailers', 'hitches', 'truckbeds',
'contact', 'cart', 'login', 'error'))
->deny('guest', 'blog', 'comment') //guest cannot comment but can do
everything else related to the blog resource, i.e. 'view'
->allow('member');
Zend_Registry::set('acl', $acl);
return $acl;
}
}
The $acl is set in the registry so that I can grab it in a front controller
plugin and use Zend_Auth to figure out the role of the current user, and
apply it to the configured acl.
class My_Plugin_AuthAccess extends Zend_Controller_Plugin_Abstract
{
private $_auth;
private $_acl;
private $_notAuthenticated = array(
'default', // module
'login', // controller
'index', // action
);
private $_notAllowed = array(
'default', // module
'error', // controller
'privileges', // action
);
public function preDispatch($request)
{
$acl = Zend_Registry::get('acl');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$role = 'member';
} else {
$role = 'guest';
}
$controller = $request->controller;
$action = $request->action;
$module = $request->module;
$resource = $controller;
if (!$acl->has($resource)) {
$resource = NULL;
}
if (!$acl->isAllowed($role, $resource, $action)) {
if (!$auth->hasIdentity()) {
list($module, $controller, $action) = $this->_notAuthenticated;
} else {
list($module, $controller, $action) = $this->_noAllowed;
}
$request
->setModuleName($module)
->setControllerName($controller)
->setActionName($action);
$request->setDispatched(false);
}
}
}
Are my implementations correct? Any help would be greatly appreciated.
PS: As a side note, php keeps telling me that strict standards are not being
upheld in my implementation of
Zend_Controller_Plugin_Abstract::preDispatch(), and it sites the last line
of my class. I've studied the code for the abstract class and can't see
where I went wrong. Any ideas on that?
--regards,
nathan
没有评论:
发表评论