需要指导以开始使用 Zend ACL [英] Need guidance to start with Zend ACL

问题描述

我目前在一个需要 ACL 的站点上工作，当我使用 Zend 时，使用他们的 ACL 类对我来说是有意义的，但我对如何做到这一点几乎没有想法.我已经阅读了文档，但它让我更加困惑......基本上我想做的就是设置两个用户组，例如normal"和admin"，普通用户可以访问所有有非admin控制器的页面，而admin显然可以访问admin控制器页面.

I am currently working on a site that requires ACL and as I am using Zend, it makes sense for me to make use of their ACL class but I have little to zero idea of how to do this. I have read the docs but it confused me further...basically all I want to do is to set up two user groups e.g. "normal" and "admin", normal users can access all pages that have a controller that is not admin while admin can obviously access the admin controller pages.

我有很多问题:

1. 我该如何设置?
2. 我应该通过 DB 还是 config.ini 运行它?
3. 在哪里放置我的 ACL.php?
4. 我该如何编写这样的脚本?
5. 然后我如何调用，这是在索引中完成的吗?.

如果您能指导我访问网站或好的教程，我将不胜感激.

I would very much appreciate if you guide me to a website or a good tutorial.

推荐答案

我不久前实现了类似的事情.示例代码中遵循基本概念.

I implemented similar thing not so long ago. Basic concept follows in an example code.

我创建了自己的 configAcl.php 文件，该文件加载到 bootstrap 文件中，在我的例子中是 index.php.根据您的情况，情况如下:

I created my own configAcl.php file which is loaded in bootstrap file, in my case it is index.php. Here is how it'd be according to your case:

$acl = new Zend_Acl();

$roles  = array('admin', 'normal');

// Controller script names. You have to add all of them if credential check
// is global to your application.
$controllers = array('auth', 'index', 'news', 'admin');

foreach ($roles as $role) {
    $acl->addRole(new Zend_Acl_Role($role));
}
foreach ($controllers as $controller) {
    $acl->add(new Zend_Acl_Resource($controller));
}

// Here comes credential definiton for admin user.
$acl->allow('admin'); // Has access to everything.

// Here comes credential definition for normal user.
$acl->allow('normal'); // Has access to everything...
$acl->deny('normal', 'admin'); // ... except the admin controller.

// Finally I store whole ACL definition to registry for use
// in AuthPlugin plugin.
$registry = Zend_Registry::getInstance();
$registry->set('acl', $acl);

另一种情况是，如果您想在所有控制器上仅允许普通用户列出"操作.很简单，你可以像这样添加一行:

Another case is if you want to allow normal user only "list" action on all your controllers. It's pretty simple, you'd add line like this:

$acl->allow('normal', null, 'list'); // Has access to all controller list actions.

接下来你应该创建一个新的插件，当有一些控制器动作的请求时它会自动处理凭据检查.此检查发生在每次调用控制器操作之前调用的 preDispatch() 方法中.

Next you should create new plugin which takes care of credential checking automatically when there is a request for some controller action. This checking takes place in preDispatch() method that is called before every call to the controller action.

这是 AuthPlugin.php:

Here is AuthPlugin.php:

class AuthPlugin extends Zend_Controller_Plugin_Abstract
{
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $loginController = 'auth';
        $loginAction     = 'login';

        $auth = Zend_Auth::getInstance();

        // If user is not logged in and is not requesting login page
        // - redirect to login page.
        if (!$auth->hasIdentity()
                && $request->getControllerName() != $loginController
                && $request->getActionName()     != $loginAction) {

            $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
            $redirector->gotoSimpleAndExit($loginAction, $loginController);
        }

        // User is logged in or on login page.

        if ($auth->hasIdentity()) {
            // Is logged in
            // Let's check the credential
            $registry = Zend_Registry::getInstance();
            $acl = $registry->get('acl');
            $identity = $auth->getIdentity();
            // role is a column in the user table (database)
            $isAllowed = $acl->isAllowed($identity->role,
                                         $request->getControllerName(),
                                         $request->getActionName());
            if (!$isAllowed) {
                $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
                $redirector->gotoUrlAndExit('/');
            }
        }
    }
}

最后的步骤是加载您的 configAcl.php 并在引导程序文件(可能是 index.php)中注册 AuthPlugin.

Final steps are loading your configAcl.php and register the AuthPlugin in bootstrap file (probably index.php).

require_once '../application/configAcl.php';

$frontController = Zend_Controller_Front::getInstance();
$frontController->registerPlugin(new AuthPlugin());

所以这是基本概念.我没有测试上面的代码(复制、粘贴和重写只是为了展示目的)所以它不是防弹的.只是提供一个想法.

So this is the basic concept. I didn't test the code above (copy and paste and rewrite just for the showcase purpose) so it's not bullet-proof. Just to give an idea.

编辑

为了清楚起见.AuthPlugin 中的上述代码假设 $identity 对象填充了用户数据(数据库中的角色"列).这可以在登录过程中完成，如下所示:

For the clarity. The code above in AuthPlugin suppose that the $identity object is filled with user data ("role" column in the database). This could be done within the login process like this:

[...]
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('Users');
$authAdapter->setIdentityColumn('username');
$authAdapter->setCredentialColumn('password');
$authAdapter->setIdentity($username);
$authAdapter->setCredential(sha1($password));
$authAdapter->setCredentialTreatment('? AND active = 1');
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
    $data = $authAdapter->getResultRowObject(null, 'password'); // without password
    $auth->getStorage()->write($data);
[...]

这篇关于需要指导以开始使用 Zend ACL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！