ACL, permission, authentification a test

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ACL, permission, authentification a test

mbariou
Thanks a lot for your great work on ACL
I hope I understand some part of the ACL module, but I've some difficulties to make the link with the ZF authentification. To go through the gap, I use my own session and user management, so I am able to use correcly some part of the ACL module for answer quickly to my client. I give you here how I solve the problem, but certainly I don't use correctly ZF, because I've some shortage to undesrstand how some part  works, but I will improve myself in the following days  :-), here is my way  and thank for your interest. I interface also (preg) template (ex-phplib) and QuickForm from PEAR (not in the following example, only perm and ACL) eveything run smartly, not smarty....

<pre>
<?php

/**
 *
 * Basics perms Nomenclature
 *
 * view:  Access for reading document
 * transmit  you can transmit a link for the object through a mail for example
 * print         you can print the page as is
 * exportPDF        you can export the page as a PDF document
 * exportXML        you can export the page as an XML document
 * clic                you can clic on some specific link
 * create        you can create any document or record
 * update                you can update any document or record
 * suppress        you can suppress any document or record
 * updato                you can update the document or the record if you are the owner
 * suppresso        you can suppress the document or the record if you are the owner
 * publish                you can publish a document
 * unpublish        you can unpublish a document
 * mngnote                you can manage (view, create, update, suppress) your note against a document or a record
 * suppnote        you can suppress any note against a document or a record
 * manageperm        you can modify permissions
 *
 */
 
 
/**
 * Basics groups nomenclature
 *
 * nogroup : default group for every visitor (not registred) (perm: view)
 * user :                 group for registered users not logged in but identified by  cookie (perm : view, transmit, print)
 * userlog : group for logged basic users (perm : view, transmit, print, exportPDF, clic)
 * checker:        group for checking and control (perm : view, transmit, print, exportPDF, clic, mngnote)
 * editor : group for user with editing capabilities (perm : view, transmit, print, exportPDF, clic,
 * create, updato, suppresso, exportXML, exportCSV)
 * publisher:        group for user with publishing capabilities (perm : view, transmit, print, suppnote, exportPDF, clic, publish)
 * admin  : group for user administrator (perm : view, transmit, print, exportPDF, clic, manageperm)
 *
 */
 
require_once '/home/config/Bsh_Class/lib_zf/Zend/Acl.php';
require_once '/home/config/Bsh_Class/lib_zf/Zend/Acl/Role.php';


class Zend_Acl_perm extends Zend_Acl{
        var $group;
       
        function __construct($groups=null){
                if(isset($groups)){
                        $this->group=$groups;
                }
        }
       
        function set_group($groups){
                $this->group=$groups;
        }
       
        function have_perm($testperm){
                if(is_array($this->group)){
                        $i=0;
                        while(isset($this->group[$i])){
                                $val=$this->isAllowed($this->group[$i], null, $testperm) ? "allowed" : "denied";
                                if($val=="allowed"){
                                        return true;
                                }
                                $i++;
                        }
                        return false;
                }
                if(is_string($this->group)){
                        $val=$this->isAllowed($this->group, null, $testperm) ? "allowed" : "denied";
                                if($val=="allowed"){
                                        return true;
                                }else{
                                        return false;
                                }
                       
                }
        }
       
       
}


$acl = new Zend_Acl_perm();


/**
 * Groups and inheritance relationships
 */
 
$acl->addRole(new Zend_Acl_Role('nogroup'));
$acl->addRole(new Zend_Acl_Role('user'), 'nogroup');
$acl->addRole(new Zend_Acl_Role('userlog'), 'user');
$acl->addRole(new Zend_Acl_Role('checker'), 'userlog');
$acl->addRole(new Zend_Acl_Role('editor'), 'userlog');
$acl->addRole(new Zend_Acl_Role('publisher'), 'userlog');
$acl->addRole(new Zend_Acl_Role('admin'), 'userlog');

/**
 * Groups permissions allocations
 */

$acl->allow('nogroup', null, 'view');
$acl->allow('user', null, array('transmit', 'print'));
$acl->allow('userlog', null, array('exportPDF', 'clic'));
$acl->allow('editor', null, array('create', 'update', 'suppresso', 'exportXML', 'exportCSV'));
$acl->allow('checker', null, array('mngnote'));
$acl->allow('publisher', null, array('publish', 'unpublish', 'suppnote'));
$acl->allow('admin');

/**
 * Check perm allocation
 */

print "<BR/> Nogroup perms [view] => ";
echo $acl->isAllowed('nogroup', null, 'view') ?
     "allowed" : "denied"; // allowed

print "<BR/> User perms [transmit] => ";
echo $acl->isAllowed('user', null, 'transmit') ?
     "allowed" : "denied"; // denied
     
print "<BR/> Userlog perms [exportPDF] => ";  
echo $acl->isAllowed('userlog', null, 'exportPDF') ?
     "allowed" : "denied"; // allowed

print "<BR/> Editor perms [suppresso] => ";  
echo $acl->isAllowed('editor', null, 'suppresso') ?
     "allowed" : "denied"; // allowed because of inheritance from guest
 
print "<BR/> Checker perms [mngnote] => ";  
echo $acl->isAllowed('checker', null, 'mngnote') ?
     "allowed" : "denied"; // denied because no allow rule for 'update'
 
print "<BR/> Publisher perms [publish] => ";  
echo $acl->isAllowed('publisher', null, 'view') ?
     "allowed" : "denied"; // allowed because administrator is allowed all privileges

print "<BR/> Publisher perms [mngnote] => ";  
echo $acl->isAllowed('publisher', null, 'mngnote') ?
     "allowed" : "denied"; // allowed because administrator is allowed all privileges
     
/**
 * Here I Make a test to access to a resource
 * In this place I make the assumption =>  I manage a session and my user is logged
 * Among my USER data user I've an array containing the list of groups in which he is registered
 * $UID->groups;  $buffer_group=$UID->groups
 *
 */
 
$buffer_group=array("checker");
$acl->set_group($buffer_group);
$testperm='mngnote';
if($acl->have_perm($testperm)){
        print "<BR/> The current user has perm ".$testperm."<BR/>";
}else{
        print "<BR/> The current user has NO perm ".$testperm."<BR/>";
}

?>
</pre>