views:

18

answers:

1

When a user is a guest, and he accesses /admin/ I would like that to redirect to /admin/login and when a user is in the default module and accesses a resource which he doesn't have access to, I want it to redirect to /error.

Assuming /admin is a module, how could I accomplish this? Here's what I have so far:

<?php
class KG_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{

    public function __construct( 
    Zend_Acl $acl,
    Zend_Auth $auth
    ) {
    $this->_acl = $acl;
    $this->_auth = $auth;
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {

    $auth = $this->_auth;

    if($auth->hasIdentity()) {
        $identity = $auth->getIdentity();
        $role = strtolower($identity->role);
    }else{
        $role = 'guest';
    }

    $controller = $request->controller;
    $action = $request->action;
    $module = $request->module;

    if ( $module == 'admin' ) {

        if (!$this->_acl->isAllowed($role, $controller, $action)) {
        if ($role == 'guest') {
            $request->setControllerName('index');
            $request->setActionName('index');
        } else {
            $request->setControllerName('login');
            $request->setActionName('index');
        }
        }       

    } else {
        if (!$this->_acl->isAllowed($role, $controller, $action)) {
        if ($role == 'guest') {
            $request->setControllerName('user');
            $request->setActionName('login');
        } else {
            $request->setControllerName('error');
            $request->setActionName('noauth');
        }
        }       
    }

    }    
}

And for defining roles:

<?php

class Model_Acl extends Zend_Acl {

    public function __construct() {

    $this->addRole(new Zend_Acl_Role('guest'));
    $this->addRole(new Zend_Acl_Role('user'), 'guest');
    $this->addRole(new Zend_Acl_Role('administrator'), 'user');

    $this->add(new Zend_Acl_Resource('index'));
    $this->add(new Zend_Acl_Resource('error'));
    $this->add(new Zend_Acl_Resource('admin'));
    $this->add(new Zend_Acl_Resource('page'));
    $this->add(new Zend_Acl_Resource('news'));
    $this->add(new Zend_Acl_Resource('mvc:user_signin'));
    $this->add(new Zend_Acl_Resource('mvc:user_signout'));
    $this->add(new Zend_Acl_Resource('menu'));
    $this->add(new Zend_Acl_Resource('menuitem'));
    $this->add(new Zend_Acl_Resource('user'));
    $this->add(new Zend_Acl_Resource('search'));
    $this->add(new Zend_Acl_Resource('feed'));
    $this->add(new Zend_Acl_Resource('bug'));

    $this->allow(null, array('index', 'error'));

    $this->allow('guest', 'page', array('index', 'open'));
    $this->allow('guest', 'menu', array('render'));
    $this->allow('guest', 'user', array('login'));
    $this->allow('guest', 'search', array('index', 'search'));
    $this->allow('guest', 'feed');
    $this->allow('guest', 'news');

    $this->allow('guest', new Zend_Acl_Resource('mvc:user_signin'), 'navigate');
    $this->deny('guest', new Zend_Acl_Resource('mvc:user_signout'), 'navigate');
    $this->allow('user', new Zend_Acl_Resource('mvc:user_signout'), 'navigate');

    $this->allow('user', 'page', array('list', 'create', 'edit', 'delete'));

    $this->allow('administrator', null);

    }

}

I tried to ->deny('guest', 'admin') to get it to redirect to the admin login controller. Would appreciate advice on a decent solution to this.

A: 

I ended up customizing my code that defines new resources and instead of using just the controller I made the resources follow the format "module.controller", then I branched out on that and so far so good.

meder