duanqinjiao5244 2016-05-23 09:03
浏览 76
已采纳

拒绝访问私人区域Phalcon PHP ACL

I would like to deny access to the private areas on my website. But I don't know what I am doing wrong.

I don't want to use Acl::DENY as the default rule. Instead I am using Acl::ALLOW as the global rule and denying access to the private resources.

Here is my code:

<?php 
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Acl\Adapter\Memory as AclList;


class SecurityPlugin extends Plugin {

    public function getAcl() {
        if (!isset($this->persistent->acl)) {

            $acl = new AclList();
            $acl->setDefaultAction(Acl::ALLOW);

            $roles = array(
                'admin' => new Role('Administrators'),
                'guests' => new Role('Guests')
            );
            foreach ($roles as $role) {
                $acl->addRole($role);
            }

            //Private area resources
            $privateResources = array(
                'admin'        => array('index'),
                'products'     => array('index', 'search', 'new');

            foreach ($privateResources as $resource => $actions) {
                $acl->addResource(new Resource($resource), $actions);
            }

            foreach ($privateResources as $resource => $actions) {
                foreach ($actions as $action) {
                    $acl->deny('Guests', $resource, $action);
                }
            }

        }

        return $this->persistent->acl;
    }


    public function beforeDispatch(Event $event, Dispatcher $dispatcher) {

        $auth = $this->session->get('auth');
        if (!$auth) {
            $role = 'Guests';
        } else {
            $role = 'Admin';
        }

        $controller = $dispatcher->getControllerName();
        $action = $dispatcher->getActionName();

        $acl = $this->getAcl();

        $allowed = $acl->isAllowed($role, $controller, $action);
        if ($allowed != Acl::ALLOW) {
            $dispatcher->forward(array(
                'controller' => 'errors',
                'action'     => 'show401'
            ));
            $this->session->destroy();
            return false;
        }
    }
}

Thank you, for trying to help me.

  • 写回答

1条回答 默认 最新

  • double2022 2016-05-23 14:11
    关注

    You forgot to actually assign your ACL definitions to $this->persistent->acl

    public function getAcl() {
        if (!isset($this->persistent->acl)) {
    
            $acl = new AclList();
    
            ...
    
            //The acl is stored in session
            $this->persistent->acl = $acl;
        }
    
        return $this->persistent->acl;
    }
    

    By looking at your code, I am guessing you used the Phalcon INVO example for this SecurityPlugin? If so, refer to line 88. If not, this is a nice and easy example that can help you.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 使用ESP8266连接阿里云出现问题
  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角