phalcon: 目录分组后的acl权限控制
楼主在做acl权限的时候,发现官方的acl只能针对未分组的目录,如下:
app/ ___|./controller ___|./logic ___|./plugins ___|./models ..............
但是对分组不支持,后来想想,是支持的.分组的目录如下
app/ ___|./admin/ __________|./controllers __________|./logic __________|./views __________|./module.php ___|./home/ __________|./controllers __________|./logic __________|./views __________|./module.php .........................................
那么可以将,如下代码,直接加入到,分组目录下的 module.php代码中
$di['aclResource']=function(){ return include_once '../app/configs/frontAcl.php'; }; $di['dispatcher'] = function(){ $eventManager = new PhalconEventsManager(); $securyDeep = new SecurityDeep(); $eventManager->attach("dispatch", $securyDeep); $dispatch = new PhalconMvcDispatcher(); $dispatch->setEventsManager($eventManager); return $dispatch; };
全代码:
use PhalconLoader, PhalconMvcUrl, PhalconMvcDispatcher, PhalconDiInterface, PhalconMvcModuleDefinitionInterface, PhalconDIInjectable, PhalconMvcRouter; class Module extends Injectable implements ModuleDefinitionInterface { /** * Registers the module auto-loader */ public function registerAutoloaders(DiInterface $dependencyInjector = null) { $loader = new Loader(); $loader->registerNamespaces(array( 'AppHomeControllers' => __DIR__ .'/controllers/' ))->register(); $loader->registerDirs( array( 'modelsDir' => '../app/models/', 'pluginsDir' => '../app/plugins/', ) )->register(); } /** * Registers the module-only services * * @param DiInterface $di */ public function registerServices(DiInterface $di) { $di['aclResource']=function(){ return include_once '../app/configs/frontAcl.php'; }; $di['dispatcher'] = function(){ $eventManager = new PhalconEventsManager(); $securyDeep = new SecurityHome(); $eventManager->attach("dispatch", $securyDeep); $dispatch = new PhalconMvcDispatcher(); $dispatch->setEventsManager($eventManager); return $dispatch; }; /** * @return mixed */ $di['baseUrl'] = function () { $url = new Url(); $url->setBaseUri('/'); return $url; }; /** * 设置view */ $di->set('view', function () use($di) { $view = new PhalconMvcView(); //var_dump($di['modules']['home']['viewsDir']);exit; $view->setViewsDir(BASE_PATH . $di['modules']['home']['viewsDir']); $view->registerEngines(array( '.phtml' => 'PhalconMvcViewEnginePhp' )); return $view; }); } }
acl文件:
return new PhalconConfig(array( 'Manager'=>array( 'rote'=> new PhalconAclRole("Manager"), 'resource'=>array( //登录 'Index'=> array("index", 'error'), //用户中心 'User'=> array("center", 'password','editcenter','editpwd','login','loginout'), //verzhun登录 'Veryzhun'=>array('login','logining'), //默认所有权限 'Capacity'=>array('index','airline','route'), 'Clearance'=>array('airport','route'), 'Operate'=>array('factor','compare'), 'Traffic'=>array('index','history','monitor'), 'Utilization'=>array('moment','night'), ) ), 'Operator'=>array( 'rote'=> new PhalconAclRole("Operator"), 'resource'=>array( 'Index'=> array("index", 'error'), 'User'=> array("center", 'password','editcenter','editpwd','login','loginout'), 'Veryzhun'=>array('login','logining'), 'Traffic'=>array('index','history','monitor'), //默认所有权限 //'Capacity'=>array('index','airline','route'), 'Clearance'=>array('airport','route'), 'Operate'=>array('factor','compare'), 'Traffic'=>array('index','history','monitor'), 'Utilization'=>array('moment','night'), ) ) ));
权限验证:
/** * 权限控制 */ use PhalconMvcUserPlugin, PhalconEventsEvent, PhalconMvcDispatcher; class SecurityHome extends Plugin{ public function __construct() { } public function _getAcl() { $acl = new PhalconAclAdapterMemory(); //默认权限禁止 $acl->setDefaultAction(PhalconAcl::DENY); //读取所有权限 $aclResource = $this->_callAcl(); if(!empty($aclResource)) { foreach ($aclResource as $key=>$value) { //创建角色到acl $acl->addRole($value['rote']); //所有的操作 foreach ((array)$value['resource'] as $k=>$v) { //echo $k.'<br>'; foreach((array)$v as $ky=>$vy) { //添加资源 $acl->addResource(new PhalconAclResource(strtolower($k)), $vy); //添加访问权限 $acl->allow($key, strtolower($k), $vy); //echo '|--'.$k.':'.$vy.'<br>'; } } } } return $acl; } public function _callAcl() { if($this->persistent->acl == null || $this->persistent->acl['Operator']['rote'] == null) { $this->persistent->acl = $this->aclResource; } return $this->persistent->acl; } /** * 事件触发 * @param Event $event * @param Dispatcher $dispatcher */ public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher) { $controller = $dispatcher->getControllerName(); $action = $dispatcher->getActionName(); //权限 $role = 'Operator'; $acl = $this->_getAcl(); $isAllowed = $acl->isAllowed($role, strtolower($controller), strtolower($action)); if(!$isAllowed) { $dispatcher->forward(array( 'controller'=>'index', 'action'=>'error', 'params'=>array('msg'=>'no access') )); //echo "no access"; //exit; } } }
接收获取到的数据:
/** * 提示页面 */ public function errorAction() { //获取传过来的参数 $param = $this->dispatcher->getParams(); $msg = isset($param['msg']) ? $param['msg'] : '' ; $this->view->web_title = '错误'; $this->view->pick('index/error'); }