【问题标题】:PhalconPHP & ACL: guests were able to access restricted contentPhalconPHP & ACL:访客能够访问受限内容
【发布时间】:2014-12-09 05:05:23
【问题描述】:

我不想让客人电话/新。他们应该只能访问 phones/index 和另一件事。但客人可以访问 电话 控制器的所有操作。我需要你的帮助来找出我犯的错误。

这里是 ACL 插件

<?php

use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Acl\Adapter\Memory as AclList;

/**
 * SecurityPlugin
 *
 * This is the security plugin which controls that users only have access to the modules they're assigned to
 */
class SecurityPlugin extends Plugin
{

    /**
     * Returns an existing or new access control list
     *
     * @returns AclList
     */
    public function getAcl()
    {


        if (!isset($this->persistent->acl)) {

            $acl = new AclList();

            $acl->setDefaultAction(Acl::DENY);

            //Register roles
            $roles = array(
                'admin' => new Role('Admin'),
                'editor' => new Role('Editor'),
                'guests' => new Role('Guests')
            );

            foreach ($roles as $role) {
                $acl->addRole($role);
            }

            //Admin area resources
            $adminResources = array(
                'dashboard' => array('index'),
                'phones' => array('index', 'all', 'new', 'edit', 'save', 'create', 'delete', 'search'),
                'users' => array('index', 'search', 'new', 'edit', 'save', 'create', 'delete', 'saveProfile', 'profile'),
            );

            foreach ($adminResources as $resource => $actions) {
                $acl->addResource(new Resource($resource), $actions);
            }

            //Editor area resources
            $editorResources = array(
                'dashboard' => array('index'),
                'phones' => array('index', 'all', 'new', 'edit', 'save', 'create', 'search'),
                'users' => array('saveProfile', 'profile'),
            );

            foreach ($editorResources as $resource => $actions) {
                $acl->addResource(new Resource($resource), $actions);
            }


            //Public area resources
            $publicResources = array(
                'index' => array('index'),
                'about' => array('index'),
                'login' => array('index', 'check', 'logout'),
                'errors' => array('show404', 'show500'),
                'contact' => array('index', 'send'),
                'phones' => array('index', 'search'),
            );
            foreach ($publicResources as $resource => $actions) {
                $acl->addResource(new Resource($resource), $actions);
            }

            //Grant access to public areas to both users and guests
            foreach ($roles as $role) {
                foreach ($publicResources as $resource => $actions) {
                    $acl->allow($role->getName(), $resource, '*');
                }
            }

            //Grant access to private area to role Admin
            foreach ($adminResources as $resource => $actions) {
                foreach ($actions as $action) {
                    $acl->allow('Admin', $resource, $action);
                }
            }

            //Grant access to private area to role Admin
            foreach ($editorResources as $resource => $actions) {
                foreach ($actions as $action) {
                    $acl->allow('Editor', $resource, $action);
                }
            }

            //The acl is stored in session, APC would be useful here too
            $this->persistent->acl = $acl;
        }

        return $this->persistent->acl;
    }

    /*
     * This action is executed before execute any action in the application
     *
     * @param Event $event
     * @param Dispatcher $dispatcher
     */
    public function beforeDispatch(Event $event, Dispatcher $dispatcher)
    {

        $auth = $this->session->get('auth');

        if (!$auth) {
            $role = 'Guests';
        } else {
            switch ($auth['role']) {
                case 1:
                    $role = "Admin";
                    break;
                case 2:
                    $role = "Editor";
                    break;
                default:
                    $role = "Guests";
                    break;
            }
        }

        $controller = $dispatcher->getControllerName();
        $action = $dispatcher->getActionName();

        $acl = $this->getAcl();

        $allowed = $acl->isAllowed($role, $controller, $action);
        if ($allowed != Acl::ALLOW) {
            $dispatcher->forward(array(
                'controller' => 'errors',
                'action' => 'show401'
            ));
            return false;
        }
    }
}

【问题讨论】:

  • 在添加公共资源时:$acl-&gt;allow($role-&gt;getName(), $resource, '*'); 不会因为通配符而允许访问资源中的任何操作。
  • 是的,我想通了。我是新来的,是从 Invo 复制过来的。不过感谢您的回复。
  • 你能把它作为答案并接受它吗?我来这里是因为我认为你需要帮助 :)

标签: acl phalcon


【解决方案1】:

我通过将通配符更改为特定操作来解决此问题。我实际上是从 invo 复制代码并忽略了这件事。

//Grant access to public areas to both users and guests
foreach ($roles as $role) {
    foreach ($publicResources as $resource => $actions) {
        $acl->allow($role->getName(), $resource, $actions);
    }
}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2023-03-15
    • 1970-01-01
    • 1970-01-01
    • 2011-02-24
    • 1970-01-01
    相关资源
    最近更新 更多