不久前我實現了類似的東西。基本概念如下代碼示例。
我創建了我自己的configAcl.php文件,它被加載到bootstrap文件中,在我的情況下是index.php。下面是它會如何根據你的情況是:
$acl = new Zend_Acl();
$roles = array('admin', 'normal');
// Controller script names. You have to add all of them if credential check
// is global to your application.
$controllers = array('auth', 'index', 'news', 'admin');
foreach ($roles as $role) {
$acl->addRole(new Zend_Acl_Role($role));
}
foreach ($controllers as $controller) {
$acl->add(new Zend_Acl_Resource($controller));
}
// Here comes credential definiton for admin user.
$acl->allow('admin'); // Has access to everything.
// Here comes credential definition for normal user.
$acl->allow('normal'); // Has access to everything...
$acl->deny('normal', 'admin'); // ... except the admin controller.
// Finally I store whole ACL definition to registry for use
// in AuthPlugin plugin.
$registry = Zend_Registry::getInstance();
$registry->set('acl', $acl);
另一種情況是,如果你想允許普通用戶在所有的控制器只有「名單」的行動。這很簡單,你會添加一行:
$acl->allow('normal', null, 'list'); // Has access to all controller list actions.
接下來您需要創建新的插件,它負責證書自動檢查的時候有一些控制器動作的請求。這種檢查發生在preDispatch()方法中,該方法在每次調用控制器動作之前調用。
這裏是AuthPlugin.php:
class AuthPlugin extends Zend_Controller_Plugin_Abstract
{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$loginController = 'auth';
$loginAction = 'login';
$auth = Zend_Auth::getInstance();
// If user is not logged in and is not requesting login page
// - redirect to login page.
if (!$auth->hasIdentity()
&& $request->getControllerName() != $loginController
&& $request->getActionName() != $loginAction) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoSimpleAndExit($loginAction, $loginController);
}
// User is logged in or on login page.
if ($auth->hasIdentity()) {
// Is logged in
// Let's check the credential
$registry = Zend_Registry::getInstance();
$acl = $registry->get('acl');
$identity = $auth->getIdentity();
// role is a column in the user table (database)
$isAllowed = $acl->isAllowed($identity->role,
$request->getControllerName(),
$request->getActionName());
if (!$isAllowed) {
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
$redirector->gotoUrlAndExit('/');
}
}
}
}
最後的步驟加載您configAcl.php和引導文件中註冊AuthPlugin(可能的index.php)。
require_once '../application/configAcl.php';
$frontController = Zend_Controller_Front::getInstance();
$frontController->registerPlugin(new AuthPlugin());
所以這是基本概念。我沒有測試上面的代碼(複製粘貼和重寫只是爲了展示目的),所以它不是防彈的。只是想提供一個想法。
編輯
對於清晰度。上面AuthPlugin中的代碼假設$ identity對象被用戶數據填充(數據庫中的「role」列)。這可以在登錄過程中完成,如下所示:
[...]
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('Users');
$authAdapter->setIdentityColumn('username');
$authAdapter->setCredentialColumn('password');
$authAdapter->setIdentity($username);
$authAdapter->setCredential(sha1($password));
$authAdapter->setCredentialTreatment('? AND active = 1');
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
$data = $authAdapter->getResultRowObject(null, 'password'); // without password
$auth->getStorage()->write($data);
[...]
這是在我的網站結構? 應用 控制器 車型 意見 PUBLIC CSS 圖像0JS 閃光燈 庫 的Zend 什麼建議嗎? – Udders 2009-02-16 09:23:24