+----+-----------+------------+
| id | name | type |
+----+-----------+------------+
| 1 | guest | user |
| 2 | member | user |
| 3 | moderator | user |
| 4 | owner | user |
| 5 | admin | user |
| 6 | index | controller |
+----+-----------+------------+
在下一个表中,规则表:
+----+---------+------+-------------+----------------------+
| id | user_id | rule | resource_id | extras |
+----+---------+------+-------------+----------------------+
| 1 | 2 | 3 | 1 | null |
| 2 | 3 | 3 | 2 | null |
| 3 | 4 | 3 | 3 | null |
| 4 | 5 | 3 | 4 | null |
| 5 | 6 | 1 | 1 | index,login,register |
| 6 | 6 | 2 | 2 | login,register |
| 7 | 6 | 1 | 2 | logout |
+----+---------+------+-------------+----------------------+
好的,很抱歉,不过我要提供我要做的事情的完整图片.
因此,它的工作方式是,可以授予角色(aka用户)(规则:1)对控制器的访问权限,角色可以继承(规则:3)来自另一个角色或角色的访问权限,而被拒绝(规则:2)访问权限到控制器. (用户是资源,而控制器是资源)
使用extras列可以授予/拒绝执行操作的权限.
所有这些都有效,在zend中设置ACL并不是问题.
我现在想做的是显示关系.为此,我需要找到一个最低级别的角色,如果该角色已被明确删除,则该角色被授予对控制器停止访问的权限.我计划列出角色.当我单击某个角色时,我希望它显示该角色有权访问的所有控制器.然后单击控制器将显示允许该角色执行的操作.
因此,在上面的示例中,允许访客查看登录控制器的索引操作以及登录操作.
成员继承相同的访问权限,但随后被拒绝访问登录操作和注册操作.
主持人继承成员的规则.
因此,如果我要选择角色主持人.我想查看列出的控制器索引.如果单击控制器,它将显示允许的动作为“动作:索引”. (最初授予来宾,但此后一直没有被禁止)
有没有这样做的例子.我显然正在使用Zend MVC(PHP)和MysqL.
即使只是一个persudo代码示例也将是一个有用的起点-这是我整理的拼图的最后部分之一.
附言显然,我有ACL对象-可以更轻松地进行查询,还是通过PHP / MysqL更好地完成自己的任务?
目的是显示角色可以访问的内容,然后允许我以GUI样式添加或编辑角色,控制器和操作(这有点容易)-目前,我一直在手动更新数据库建立网站.
解决方法:
在我做了一些搜索并且找不到答案之后,我对此有了更多的思考,这是我想出的解决方案(以防万一它对其他人有用):
伪装优先:
>显示页面,列出ACL $acl-> getRoles()中的所有角色(用户级别)作为链接.
>单击链接,重新加载页面,并将角色作为参数.
>现在,从ACL $acl-> getResources()中获取所有控制器,以检查资源不是角色(由getResources返回的数组也将包含角色).
>遍历每个控制器,从规则表中获取所有条目,其中控制器ID在resource_id字段中,并展开其他内容(逗号分隔的动作)
>接下来,遍历每个动作,调用isAllowed(我有角色,控制器和动作).如果找到至少一个“允许”,则将控制器涂成绿色(允许访问控制器中的至少一个动作),否则将其涂成红色(不能访问该控制器中的任何东西),每个列表项都可单击以重新加载页面
>现在,单击控制器时,我将重新加载页面,现在,当在操作列表中运行时,调用isAllowed会创建所选控制器的操作列表,并根据isAllowed的结果将操作着色为绿色或红色
答案的自我几乎与问题一样漫长,但是它对我有用,非常清楚地说明了每个角色可以做什么.这是它是否可以帮助任何人:
现在查看代码:
AdminController:
public function aclAction()
{
$this->view->content_title = "Access Rules:";
// Get the ACL - its stored in the session:
$usersNs = new Zend_Session_Namespace("ZEND_SITE");
$acl = $usersNs->acl;
// List all Roles in the ACL:
$roles = $acl->getRoles();
// Pass the roles to the view:
$this->view->roles = $roles;
// Check if a role has been clicked on:
$role = this->_getParam('role');
if(!is_null($role))
{
// Pass the role to the view:
$this->view->role = $role;
// Get all the resources (controllers) from the ACL, don't add roles:
$controllers = array();
foreach ($acl->getResources() as $res)
{
if (!in_array($res, $roles))
{
$controllers[] = $res;
}
}
// Create a Rules Model:
$rules = new Model_ACLrules();
// Store controllers + access:
$all_controllers = array();
// Check if the controller has been passed:
$cont = $this->_getParam('cont');
// Loop through each controller:
foreach ($controllers as $controller)
{
// Get all actions for the controller:
// THIS IS THE PART I DON'T LIKE - BUT I SEE NO WAY TO GET
// THE RULES FROM THE ACL - THERE LOOKS TO BE A METHOD
// BUT IT IS A PROTECTED METHOD - SO I AM GETTING THE ACTIONS
// FROM THE DB, BUT THIS MEANS TWO sql QUERIES - ONE TO FIND
// THE RESOURCE FROM THE DB TO GET ITS ID THEN ONE TO FIND
// ALL THE EXTRAS FOR IT:
$all_rules = $rules->findAllActions($controller);
// Store if the role is allowed access somewhere in the controller:
$allowed = false;
// Store selected controller actions:
$cont_actions = array();
// Loop through all returned row of actions for the resource:
foreach ($all_rules as $rule)
{
// Split the extras field:
$extras = explode(",", $rule->extras);
// Check if the role has access to any of the actions:
foreach ($extras as $act)
{
// Store matching selected controller:
$match = ($cont==$controller)?true:false;
// Store the action if we are looking at a resource:
if ($match)$temp = array("action"=>$act,"allowed"=>false);
// Check if the role is allowed:
if ($acl->isAllowed($role,$controller,$act))
{
// Change the controllers allowed to ture as at least one item is allowed:
$allowed = true;
// Change the matched controllers action to true:
if ($match)$temp = array("action"=>$act,"allowed"=>true);
}
// Check if the action has already been added if we are looking at a resource:
if ($match)
{
$add = true;
// This is done because there Could be several rows of extras, for example
// login is allowed for guest, then on another row login is denied for member,
// this means the login action will be found twice for the resource,
// no point in showing login action twice:
foreach ($cont_actions as $a)
{
// Action already in the array, don't add it again:
if ($a['action'] == $act) $add = false;
}
if($add) $cont_actions[] = $temp;
}
}
}
// Pass a list of controllers to the view:
$all_controllers[] = array("controller" => $controller, "allowed" => $allowed);
// Check if we had a controller:
if(!is_null($cont))
{
// Pass the selected controller to the view:
$this->view->controller = $cont;
// Check if this controller in the loop is the controller selected:
if ($cont == $controller)
{
// Add the controller + actions to the all rules:
$this->view->actions = $cont_actions;
}
}
}
// Pass the full controller list to the view:
$this->view->controllers = $all_controllers;
}
}
接下来的视图:acl.phtml:
<h2>Roles:</h2>
<ul>
<?PHP
foreach ($this->roles as $name)
{
echo '<li><a href="'.$this->baseUrl('admin/acl') . '/role/' . $name . '">' . ucfirst($name) . '</a><br/></li>';
}
?>
</ul>
<?PHP if (isset($this->controllers)): ?>
<h2><?PHP echo ucfirst($this->role); ?>'s Controllers:</h2>
<ul>
<?PHP
$array = $this->controllers;
sort($array);
foreach ($array as $controller)
{
$font = ($controller['allowed'])?'green':'red';
echo '<li><a href="'.$this->baseUrl('admin/acl') . '/role/' . $this->role . '/cont/'.$controller['controller'].'" style="color:'.$font.';">'.ucfirst($controller['controller']).'</a></li>';
}
?>
</ul>
<?PHP if (isset($this->controller)): ?>
<h2><?PHP echo ucfirst($this->role)."'s, ".ucfirst($this->controller);?> Actions:</h2>
<ul>
<?PHP
$array = $this->actions;
sort($array);
foreach ($array as $action)
{
$font = ($action['allowed'])?'green':'red';
echo '<li><font style="color:'.$font.';">'.ucfirst($action['action']).'</font></li>';
}
?>
</ul>
<?PHP endif;?>
<?PHP endif; ?>
例:
我希望这对某人有帮助,如果有人可以提出更好的解决方案,或者可能会改善答案,我现在将其保留为开放状态.
