phalcon: 目录分组后的acl权限控制
楼主在做acl权限的时候,发现官方的acl只能针对未分组的目录,如下:
app/ ___|./controller ___|./logic ___|./plugins ___|./models ..............
但是对分组不支持,后来想想,是支持的.分组的目录如下
app/ ___|./admin/ __________|./controllers __________|./logic __________|./views __________|./module.php ___|./home/ __________|./controllers __________|./logic __________|./views __________|./module.php .........................................
那么可以将,如下代码,直接加入到,分组目录下的 module.php代码中
$di['aclResource']=function(){
return include_once '../app/configs/frontAcl.php';
};
$di['dispatcher'] = function(){
$eventManager = new PhalconEventsManager();
$securyDeep = new SecurityDeep();
$eventManager->attach("dispatch", $securyDeep);
$dispatch = new PhalconMvcDispatcher();
$dispatch->setEventsManager($eventManager);
return $dispatch;
};
全代码:
use PhalconLoader,
PhalconMvcUrl,
PhalconMvcDispatcher,
PhalconDiInterface,
PhalconMvcModuleDefinitionInterface,
PhalconDIInjectable,
PhalconMvcRouter;
class Module extends Injectable implements ModuleDefinitionInterface
{
/**
* Registers the module auto-loader
*/
public function registerAutoloaders(DiInterface $dependencyInjector = null)
{
$loader = new Loader();
$loader->registerNamespaces(array(
'AppHomeControllers' => __DIR__ .'/controllers/'
))->register();
$loader->registerDirs(
array(
'modelsDir' => '../app/models/',
'pluginsDir' => '../app/plugins/',
)
)->register();
}
/**
* Registers the module-only services
*
* @param DiInterface $di
*/
public function registerServices(DiInterface $di)
{
$di['aclResource']=function(){
return include_once '../app/configs/frontAcl.php';
};
$di['dispatcher'] = function(){
$eventManager = new PhalconEventsManager();
$securyDeep = new SecurityHome();
$eventManager->attach("dispatch", $securyDeep);
$dispatch = new PhalconMvcDispatcher();
$dispatch->setEventsManager($eventManager);
return $dispatch;
};
/**
* @return mixed
*/
$di['baseUrl'] = function () {
$url = new Url();
$url->setBaseUri('/');
return $url;
};
/**
* 设置view
*/
$di->set('view', function () use($di) {
$view = new PhalconMvcView();
//var_dump($di['modules']['home']['viewsDir']);exit;
$view->setViewsDir(BASE_PATH . $di['modules']['home']['viewsDir']);
$view->registerEngines(array(
'.phtml' => 'PhalconMvcViewEnginePhp'
));
return $view;
});
}
}
acl文件:
return new PhalconConfig(array(
'Manager'=>array(
'rote'=> new PhalconAclRole("Manager"),
'resource'=>array(
//登录
'Index'=> array("index", 'error'),
//用户中心
'User'=> array("center", 'password','editcenter','editpwd','login','loginout'),
//verzhun登录
'Veryzhun'=>array('login','logining'),
//默认所有权限
'Capacity'=>array('index','airline','route'),
'Clearance'=>array('airport','route'),
'Operate'=>array('factor','compare'),
'Traffic'=>array('index','history','monitor'),
'Utilization'=>array('moment','night'),
)
),
'Operator'=>array(
'rote'=> new PhalconAclRole("Operator"),
'resource'=>array(
'Index'=> array("index", 'error'),
'User'=> array("center", 'password','editcenter','editpwd','login','loginout'),
'Veryzhun'=>array('login','logining'),
'Traffic'=>array('index','history','monitor'),
//默认所有权限
//'Capacity'=>array('index','airline','route'),
'Clearance'=>array('airport','route'),
'Operate'=>array('factor','compare'),
'Traffic'=>array('index','history','monitor'),
'Utilization'=>array('moment','night'),
)
)
));
权限验证:
/**
* 权限控制
*/
use PhalconMvcUserPlugin,
PhalconEventsEvent,
PhalconMvcDispatcher;
class SecurityHome extends Plugin{
public function __construct() { }
public function _getAcl()
{
$acl = new PhalconAclAdapterMemory();
//默认权限禁止
$acl->setDefaultAction(PhalconAcl::DENY);
//读取所有权限
$aclResource = $this->_callAcl();
if(!empty($aclResource))
{
foreach ($aclResource as $key=>$value)
{
//创建角色到acl
$acl->addRole($value['rote']);
//所有的操作
foreach ((array)$value['resource'] as $k=>$v)
{
//echo $k.'<br>';
foreach((array)$v as $ky=>$vy)
{
//添加资源
$acl->addResource(new PhalconAclResource(strtolower($k)), $vy);
//添加访问权限
$acl->allow($key, strtolower($k), $vy);
//echo '|--'.$k.':'.$vy.'<br>';
}
}
}
}
return $acl;
}
public function _callAcl()
{
if($this->persistent->acl == null || $this->persistent->acl['Operator']['rote'] == null)
{
$this->persistent->acl = $this->aclResource;
}
return $this->persistent->acl;
}
/**
* 事件触发
* @param Event $event
* @param Dispatcher $dispatcher
*/
public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
{
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
//权限
$role = 'Operator';
$acl = $this->_getAcl();
$isAllowed = $acl->isAllowed($role, strtolower($controller), strtolower($action));
if(!$isAllowed)
{
$dispatcher->forward(array(
'controller'=>'index',
'action'=>'error',
'params'=>array('msg'=>'no access')
));
//echo "no access";
//exit;
}
}
}
接收获取到的数据:
/**
* 提示页面
*/
public function errorAction()
{
//获取传过来的参数
$param = $this->dispatcher->getParams();
$msg = isset($param['msg']) ? $param['msg'] : '' ;
$this->view->web_title = '错误';
$this->view->pick('index/error');
}