禁止访问私有区域 Phalcon PHP ACL
Deny acces of private area Phalcon PHP ACL
我想拒绝访问我网站上的私有区域。但我不知道我做错了什么。
我不想使用 Acl::DENY
作为默认规则。
相反,我使用 Acl::ALLOW
作为全局规则并拒绝访问私有资源。
这是我的代码:
<?php
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Acl\Adapter\Memory as AclList;
class SecurityPlugin extends Plugin {
public function getAcl() {
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::ALLOW);
$roles = array(
'admin' => new Role('Administrators'),
'guests' => new Role('Guests')
);
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array(
'admin' => array('index'),
'products' => array('index', 'search', 'new');
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->deny('Guests', $resource, $action);
}
}
}
return $this->persistent->acl;
}
public function beforeDispatch(Event $event, Dispatcher $dispatcher) {
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'Guests';
} else {
$role = 'Admin';
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array(
'controller' => 'errors',
'action' => 'show401'
));
$this->session->destroy();
return false;
}
}
}
谢谢你的帮助。
您忘记实际将 ACL 定义分配给 $this->persistent->acl
public function getAcl() {
if (!isset($this->persistent->acl)) {
$acl = new AclList();
...
//The acl is stored in session
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
通过查看您的代码,我猜您为此 SecurityPlugin 使用了 Phalcon INVO 示例?
如果是这样,请参考 line 88. If not, this 是一个很好且简单的示例,可以帮助您。
我想拒绝访问我网站上的私有区域。但我不知道我做错了什么。
我不想使用 Acl::DENY
作为默认规则。
相反,我使用 Acl::ALLOW
作为全局规则并拒绝访问私有资源。
这是我的代码:
<?php
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Acl\Adapter\Memory as AclList;
class SecurityPlugin extends Plugin {
public function getAcl() {
if (!isset($this->persistent->acl)) {
$acl = new AclList();
$acl->setDefaultAction(Acl::ALLOW);
$roles = array(
'admin' => new Role('Administrators'),
'guests' => new Role('Guests')
);
foreach ($roles as $role) {
$acl->addRole($role);
}
//Private area resources
$privateResources = array(
'admin' => array('index'),
'products' => array('index', 'search', 'new');
foreach ($privateResources as $resource => $actions) {
$acl->addResource(new Resource($resource), $actions);
}
foreach ($privateResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->deny('Guests', $resource, $action);
}
}
}
return $this->persistent->acl;
}
public function beforeDispatch(Event $event, Dispatcher $dispatcher) {
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'Guests';
} else {
$role = 'Admin';
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array(
'controller' => 'errors',
'action' => 'show401'
));
$this->session->destroy();
return false;
}
}
}
谢谢你的帮助。
您忘记实际将 ACL 定义分配给 $this->persistent->acl
public function getAcl() {
if (!isset($this->persistent->acl)) {
$acl = new AclList();
...
//The acl is stored in session
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
通过查看您的代码,我猜您为此 SecurityPlugin 使用了 Phalcon INVO 示例? 如果是这样,请参考 line 88. If not, this 是一个很好且简单的示例,可以帮助您。