本文整理汇总了PHP中Zend_Acl::deny方法的典型用法代码示例。如果您正苦于以下问题:PHP Zend_Acl::deny方法的具体用法?PHP Zend_Acl::deny怎么用?PHP Zend_Acl::deny使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Zend_Acl的用法示例。
在下文中一共展示了Zend_Acl::deny方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __construct
public function __construct()
{
$acl = new Zend_Acl();
//ролі
$acl->addRole(new Zend_Acl_Role('guest'));
//user наслідує усі параметри guest
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'));
//ресурси - доступні контролери
$acl->add(new Zend_Acl_Resource('users'));
$acl->add(new Zend_Acl_Resource('index'));
//дозвіл
$acl->deny();
//заборонити доступ всім
$acl->allow('admin', null);
//дозволити доступ admin-у до всього
//users це resource - контролер
// далі $privilege - екшн
$acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
$acl->allow('guest', 'index');
$acl->allow('user', 'users', array('logout'));
$acl->deny('user', 'users', array('login', 'registration'));
//глобальний доступ до змінної
//щоб використати у видах
Zend_Registry::set('acl', $acl);
/*
//isAllowed() - чи має доступ $role до $resourse і $privilege
//$resource - контролер
//$privilege - екшн
if($acl->isAllowed($role, $resource, $privilege)){
} */
}示例2: getAcl
public function getAcl()
{
$acl = new Zend_Acl();
// Add roles.
$acl->addRole('super');
// Admins inherit privileges from super users.
$acl->addRole('admin', 'super');
$acl->addRole('researcher');
// Contributors inherit privileges from researchers.
$acl->addRole('contributor', 'researcher');
// Add resources, corresponding to Omeka controllers.
$resources = array('Items', 'Collections', 'ElementSets', 'Files', 'Plugins', 'Settings', 'Security', 'Upgrade', 'Tags', 'Themes', 'SystemInfo', 'ItemTypes', 'Users', 'Search', 'Appearance', 'Elements');
foreach ($resources as $resource) {
$acl->addResource($resource);
}
// Define allow rules for everyone.
// Everyone can view and browse these resources.
$acl->allow(null, array('Items', 'ItemTypes', 'Tags', 'Collections', 'Search', 'ElementSets', 'Elements'), array('index', 'browse', 'show', 'home', 'print-cart'));
// Everyone can view an item's tags and use the item search.
$acl->allow(null, array('Items'), array('tags', 'search'));
// Everyone can view files.
$acl->allow(null, 'Files', 'show');
// Non-authenticated users can access the upgrade script, for logistical reasons.
$acl->allow(null, 'Upgrade');
// Deny privileges from admin users
$acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo', 'Appearance'));
// Assert ownership for certain privileges.
// Owners can edit and delete items and collections.
$acl->allow(null, array('Items', 'Collections'), array('edit', 'delete'), new Omeka_Acl_Assert_Ownership());
// Owners can edit files.
$acl->allow(null, 'Files', 'edit', new Omeka_Acl_Assert_Ownership());
// Define allow rules for specific roles.
// Super users have full privileges.
$acl->allow('super');
// Researchers can view and search items and collections that are not public.
$acl->allow('researcher', array('Items', 'Collections', 'Search'), 'showNotPublic');
// Contributors can add and tag items, edit or delete their own items, and see
// their items that are not public.
$acl->allow('contributor', 'Items', array('add', 'tag', 'batch-edit', 'batch-edit-save', 'change-type', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
// Contributors can edit their own files.
$acl->allow('contributor', 'Files', 'editSelf');
// Contributors have access to tag autocomplete.
$acl->allow('contributor', 'Tags', array('autocomplete'));
// Contributors can add collections, edit or delete their own collections, and
// see their collections that are not public.
$acl->allow('contributor', 'Collections', array('add', 'delete-confirm', 'editSelf', 'deleteSelf', 'showSelfNotPublic'));
$acl->allow('contributor', 'Elements', 'element-form');
// Define deny rules.
// Deny admins from accessing some resources allowed to super users.
$acl->deny('admin', array('Settings', 'Plugins', 'Themes', 'ElementSets', 'Security', 'SystemInfo'));
// Deny admins from deleting item types and item type elements.
$acl->deny('admin', 'ItemTypes', array('delete', 'delete-element'));
// Deny Users to admins since they normally have all the super permissions.
$acl->deny(null, 'Users');
$acl->allow(array('super', 'admin', 'contributor', 'researcher'), 'Users', null, new Omeka_Acl_Assert_User());
// Always allow users to login, logout and send forgot-password notifications.
$acl->allow(array(null, 'admin'), 'Users', array('login', 'logout', 'forgot-password', 'activate'));
return $acl;
}示例3: setUp
protected function setUp()
{
\Zend_Controller_Front::getInstance()->resetInstance();
$this->request = new \Zend_Controller_Request_Http();
\Zend_Session::$_unitTestEnabled = true;
$this->acl = new \Zend_Acl();
$this->acl->deny();
$this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_GUEST));
$this->acl->addRole(new \Zend_Acl_Role(Acl::ROLE_AUTHENTICATED), Acl::ROLE_GUEST);
parent::setUp();
}示例4: buildAcl
/**
*
*/
public function buildAcl()
{
if (is_null($this->acl)) {
$this->acl = new Zend_Acl();
}
$this->acl->removeAll();
$permissions = $this->getPermissionList();
$resources = $this->getResourceList();
$resourceParents = $this->getResourceParentList();
$roles = $this->getRoleList();
$roleParents = $this->getRoleParentList();
$rolesTmp = array();
foreach ($roles as $role) {
$roleId = $role['role_id'];
$roleName = $role['role_name'];
$rolesTmp[$roleId] = array('name' => $roleId, 'parents' => array());
$rolesTmp[$roleName] = array('name' => $roleName, 'parents' => array($roleId));
}
foreach ($roleParents as $roleParent) {
$roleId = $roleParent['role_id'];
$roleIdParent = $roleParent['role_id_parent'];
$rolesTmp[$roleId]['parents'][] = $roleIdParent;
}
foreach ($rolesTmp as $role) {
$this->acl->addRole($role['name'], $role['parents']);
}
#echo '<pre>';
$resourcesTmp = array();
foreach ($resources as $resource) {
$resourceId = $resource['resource_id'];
$resourceName = $resource['resource_name'];
$resourcesTmp[$resourceId] = array('name' => $resourceId, 'parent' => null);
$resourcesTmp[$resourceName] = array('name' => $resourceName, 'parent' => $resourceId);
}
foreach ($resourceParents as $resourceParent) {
$resourceId = $resourceParent['resource_id'];
$resourceIdParent = $resourceParent['resource_id_parent'];
$resourcesTmp[$resourceId]['parent'] = $resourceIdParent;
}
foreach ($resourcesTmp as $resource) {
$this->acl->addResource($resource['name'], $resource['parent']);
}
foreach ($permissions as $permission) {
if (empty($permission['allowed'])) {
$this->acl->deny($permission['role_id'], $permission['resource_id']);
} else {
$this->acl->allow($permission['role_id'], $permission['resource_id']);
}
}
}示例5: _initAlc
protected function _initAlc()
{
// Создаём объект Zend_Acl
$acl = new Zend_Acl();
//$acl->removeAll();
// указываем, что у нас есть ресурсы
//$acl->addResource(new Zend_Acl_Resource('error'));
$acl->addResource(new Zend_Acl_Resource('auth'));
$acl->addResource(new Zend_Acl_Resource('index'));
$acl->addResource(new Zend_Acl_Resource('models-generator'));
$acl->addResource(new Zend_Acl_Resource('slugify'));
$acl->addResource(new Zend_Acl_Resource('sefurl'));
$acl->addResource(new Zend_Acl_Resource('search-index'));
$acl->addResource(new Zend_Acl_Resource('test'));
$acl->addResource(new Zend_Acl_Resource('xml-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('csv-catalog-generator'));
$acl->addResource(new Zend_Acl_Resource('cache-manager'));
$acl->addResource(new Zend_Acl_Resource('update-image-catalog'));
$acl->addResource(new Zend_Acl_Resource('products-draft'));
// далее переходим к созданию ролей, которых у нас 2:
// гость (неавторизированный пользователь)
$acl->addRole('guest');
// администратор, который наследует доступ от гостя
$acl->addRole('admin', 'guest');
$acl->deny();
//$acl->allow('guest', array('default', 'catalog', 'error'));
$acl->allow('guest', 'auth');
$acl->allow('admin');
// получаем экземпляр главного контроллера
$fc = Zend_Controller_Front::getInstance();
// регистрируем плагин с названием AclUtils, в который передаём
// на ACL и экземпляр Zend_Auth
$fc->registerPlugin(new Plugin_AclUtils($acl, Zend_Auth::getInstance()));
}示例6: __construct
public function __construct()
{
$acl = new Zend_Acl();
// добавляем роли
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
// добавляем ресурсы
$acl->add(new Zend_Acl_Resource('sites'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->add(new Zend_Acl_Resource('logs'));
$acl->add(new Zend_Acl_Resource('auth'));
$acl->add(new Zend_Acl_Resource('maps'));
$acl->add(new Zend_Acl_Resource('best'));
$acl->add(new Zend_Acl_Resource('news'));
// если нет роли то все запрещаем
$acl->deny();
// админу по умолчанию разрешено все
$acl->allow('admin', null);
// гостю только контроллер с экшеном для входа
$acl->allow('guest', 'auth', array('index', 'check'));
$acl->allow('guest', 'maps', array('cronmaps'));
$acl->allow('guest', array('module' => 'best', 'controller' => 'news'), array('scan', 'redirect'));
// если надо запретить экшены в разрешенном контроллере
/*$acl->deny('user', 'users', array(
'login', 'registration'
));
*
*/
Zend_Registry::set('acl', $acl);
}示例7: testRemoveDenyWithNullResourceAppliesToAllResources
/**
* @group ZF-9643
*/
public function testRemoveDenyWithNullResourceAppliesToAllResources()
{
$this->_acl->addRole('guest');
$this->_acl->addResource('blogpost');
$this->_acl->addResource('newsletter');
$this->_acl->allow();
$this->_acl->deny('guest', 'blogpost', 'read');
$this->_acl->deny('guest', 'newsletter', 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
$this->_acl->removeDeny('guest', 'newsletter', 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
$this->_acl->removeDeny('guest', null, 'read');
$this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
// ensure deny null/all resources works
$this->_acl->deny('guest', null, 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
}示例8: addResource
/**
* @return void
*/
public function addResource($obj)
{
if (!is_object($obj) || $this->_acl->has($obj)) {
return false;
}
$nameParts = explode('_', strtolower(get_class($obj)));
$simpleName = array_pop($nameParts);
if (!$this->_acl->has($simpleName)) {
$this->_acl->addResource(new Zend_Acl_Resource($simpleName));
}
$this->_acl->addResource($obj->getResourceId(), $simpleName);
if ($obj->isPrivate()) {
$this->_acl->deny(null, $obj->getResourceId(), null, new Default_Model_Acl_HasPermissionAssertion());
}
return true;
}示例9: _loadRules
/**
* Метод загружающий правила ACL
* из хранилища правил в объект Zend_Acl
*
* @throws Excore_Acl_Rules_Exception
* @return void
*/
protected function _loadRules()
{
$rules = $this->_rules->getAll();
foreach ($rules as $rule) {
if (!in_array($rule['type'], $this->_ruleTypes)) {
throw new Excore_Acl_Rules_Exception("Rule type `{$rule['type']}` is invalid rule type for current settings");
}
if (!$this->_acl->hasRole(new Zend_Acl_Role($rule['roleId']))) {
throw new Excore_Acl_Rules_Exception("Role `{$rule['roleId']}` found in rules storage, but was not in roles storage");
}
if (!$this->_acl->has(new Zend_Acl_Resource($rule['resourceId']))) {
throw new Excore_Acl_Rules_Exception("Resource `{$rule['resourceId']}` found in rules storage, but was not in resources storage");
}
$assert = $rule['assert'];
if ($assert !== null) {
$assert = new $assert();
}
switch ($rule['type']) {
case $this->_ruleTypes['TYPE_ALLOW']:
$this->_acl->allow(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
break;
case $this->_ruleTypes['TYPE_DENY']:
$this->_acl->deny(new Zend_Acl_Role($rule['roleId']), new Zend_Acl_Resource($rule['resourceId']), $rule['privileges'], $assert);
break;
}
}
}示例10: testGetSelectAclIntegration
public function testGetSelectAclIntegration()
{
// Test ItemTable::getSelect() when the ACL is not available.
$this->assertEquals("SELECT items.* FROM omeka_items AS items", (string) $this->table->getSelect());
// Test ItemTable::getSelect() when the ACL is available.
$acl = new Zend_Acl();
$acl->add(new Zend_Acl_Resource('Items'));
$acl->deny(null, 'Items', 'showNotPublic');
Zend_Registry::get('bootstrap')->getContainer()->acl = $acl;
$this->assertContains("WHERE (items.public = 1)", (string) $this->table->getSelect());
}示例11: deny
/**
* Deny access to this role for a particular permissible object (or globally)
*
* @param string permission to deny
* @param QFrame_Permissible (optional) permissible object to deny access to
*/
public function deny($permission, QFrame_Permissible $permissible = null)
{
$resource = $permissible === null ? "GLOBAL" : $permissible->getPermissionID();
if (!$this->acl->hasRole($permission)) {
$this->acl->addRole(new Zend_Acl_Role($permission));
}
if (!$this->acl->has($resource)) {
$this->acl->add(new Zend_Acl_Resource($resource));
}
$this->acl->deny($permission, $resource);
}示例12: __construct
public function __construct()
{
$acl = new Zend_Acl();
//roles
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('user'), 'guest');
$acl->addRole(new Zend_Acl_Role('admin'));
//resources
$acl->add(new Zend_Acl_Resource('users'));
$acl->add(new Zend_Acl_Resource('index'));
//permissions
$acl->deny();
$acl->allow('admin', null);
//Guest rights
$acl->allow('guest', 'users', array('login', 'registration', 'confirm'));
$acl->allow('guest', 'index');
//User rights
$acl->allow('user', 'users', array('logout'));
$acl->deny('user', 'users', array('login', 'registration'));
Zend_Registry::set('acl', $acl);
}示例13: _loadPermissions
protected function _loadPermissions()
{
$acls = Auth_Model_AclMapper::getInstance()->fetchAll(array());
/* @var $acl Auth_Model_Acl */
foreach ($acls as $acl) {
if ($acl->get_allowed() == 'yes') {
$this->_acl->allow($this->getRoleCode($acl->get_role_id()), $acl->get_resource_code(), $acl->get_privilege_code());
} else {
$this->_acl->deny($this->getRoleCode($acl->get_role_id()), $acl->get_resource_code(), $acl->get_privilege_code());
}
}
}示例14: preDispatch
/**
* Hlavni logika ACL
*
* @param $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$controller = $request->getControllerName();
$action = $request->getActionName();
$module = $request->getModuleName();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$acl = new Zend_Acl();
$identity = $auth->getIdentity();
$acl->addRole(new Zend_Acl_Role('user'))->addRole(new Zend_Acl_Role('owner'))->addRole(new Zend_Acl_Role('admin'), 'owner');
if ($identity->owner == true) {
$inherit = 'owner';
} elseif ($identity->administrator == true) {
$inherit = 'admin';
} else {
$inherit = 'user';
}
$acl->addRole(new Zend_Acl_Role($identity->email), $inherit);
$projekt = $request->getParam('projekt');
// Zakladni resource
foreach ($this->_resources as $val => $key) {
$acl->add(new Zend_Acl_Resource($key));
}
// Prava pro zakladni resource
$acl->allow('owner');
$acl->deny('admin', 'account');
$acl->allow('user', array('index', 'project', 'assignment', 'calendar', 'people', 'auth', 'redir'));
$acl->deny('user', 'account');
$acl->deny('user', 'project', $this->_create);
$acl->deny('user', 'people', $this->_create);
$acl->deny('user', 'project', $this->_manage);
$acl->deny('user', 'people', $this->_manage);
if ($request->id == $identity->iduser) {
$acl->allow('user', 'people', $this->_manage);
}
// Resource pro projektovou podsekci
$this->_projectAcl($acl, $identity);
Zend_Registry::set('acl', $acl);
if ($identity->administrator == 1) {
$isAllowed = true;
} elseif (in_array($projekt . '|' . $request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $projekt . '|' . $request->getControllerName(), $request->getActionName());
} elseif (in_array($request->getControllerName(), $this->_resources)) {
$isAllowed = $acl->isAllowed($identity->email, $request->getControllerName(), $request->getActionName());
} else {
$isAllowed = false;
}
$error = $request->getParam('error_handler');
if (is_null($error)) {
if (!$isAllowed) {
$module = $this->_noacl['module'];
$controller = $this->_noacl['controller'];
$action = $this->_noacl['action'];
}
}
$request->setModuleName($module);
$request->setControllerName($controller);
$request->setActionName($action);
}
}示例15: __construct
public function __construct()
{
$acl = new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('guest'));
$acl->addRole(new Zend_Acl_Role('admin'));
$acl->add(new Zend_Acl_Resource('admin'));
$acl->add(new Zend_Acl_Resource('index'));
$acl->deny();
$acl->allow('admin', null);
$acl->allow('guest', 'admin', array('login'));
$acl->allow('guest', 'index');
Zend_Registry::set('acl', $acl);
}