api/app/plugins/SecurityPlugin.php

<?php
use Phalcon\Acl;
use Phalcon\Acl\Role;
use Phalcon\Acl\Resource;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;
use Phalcon\Acl\Adapter\Memory as AclList;
/**
 * SecurityPlugin
 *
 * This is the security plugin which controls that users only have access to the modules they're assigned to
 */
class SecurityPlugin extends Plugin {
	/**
	 * Returns an existing or new access control list
	 *
	 * @return s AclList
	 */
	public function getAcl() {
		if (! isset ( $this->persistent->acl )) {
			$acl = new AclList ();
			// Register roles
			$roles = array (
					'users' => new Role ( 'Users' ),
					'guests' => new Role ( 'Guests' ) 
			);
			foreach ( $roles as $role ) {
				$acl->addRole ( $role );
			}
			// Private area resources
			$privateResources = array ();
			foreach ( $privateResources as $resource => $actions ) {
				$acl->addResource ( new Resource ( $resource ), $actions );
			}
			// Public area resources
			$publicResources = array (
					'index' => array (
							'index' 
					),
					'logs' => array (
							'index' 
					),
					'errors' => array (
							'show401',
							'show404',
							'show500' 
					),
					'session' => array (
							'index',
							'register',
							'start',
							'end' 
					) 
			);
			foreach ( $publicResources as $resource => $actions ) {
				$acl->addResource ( new Resource ( $resource ), $actions );
			}
			// Grant access to public areas to both users and guests
			foreach ( $roles as $role ) {
				foreach ( $publicResources as $resource => $actions ) {
					foreach ( $actions as $action ) {
						$acl->allow ( $role->getName (), $resource, $action );
					}
				}
			}
			// Grant access to private area to role Users
			foreach ( $privateResources as $resource => $actions ) {
				foreach ( $actions as $action ) {
					$acl->allow ( 'Guests', $resource, $action );
				}
			}
			// The acl is stored in session, APC would be useful here too
			$this->persistent->acl = $acl;
		}
		return $this->persistent->acl;
	}
	/**
	 * This action is executed before execute any action in the application
	 *
	 * @param Event $event        	
	 * @param Dispatcher $dispatcher        	
	 * @return bool
	 */
	public function beforeDispatch(Event $event, Dispatcher $dispatcher) {
		$auth = $this->session->get ( 'auth' );
		if (! $auth) {
			$role = 'Guests';
		} else {
			$role = 'Users';
		}
		$controller = $dispatcher->getControllerName ();
		$controller = strtolower ( $controller );
		$action = $dispatcher->getActionName ();
		$controller = strtolower ( $action );
		$acl = $this->getAcl ();
		$allowed = $acl->isAllowed ( $role, $controller, $action );
		if ($allowed != Acl::ALLOW) {
			$dispatcher->forward(array(
				'controller' => 'errors',
				'action'     => 'show401'
			));
			$this->session->destroy();
			return false;
		}
	}
}
?>
初次提交 2023-04-07 19:05:18 +08:00			`<?php`
			`use Phalcon\Acl;`
			`use Phalcon\Acl\Role;`
			`use Phalcon\Acl\Resource;`
			`use Phalcon\Events\Event;`
			`use Phalcon\Mvc\User\Plugin;`
			`use Phalcon\Mvc\Dispatcher;`
			`use Phalcon\Acl\Adapter\Memory as AclList;`
			`/**`
			`* SecurityPlugin`
			`*`
			`* This is the security plugin which controls that users only have access to the modules they're assigned to`
			`*/`
			`class SecurityPlugin extends Plugin {`
			`/**`
			`* Returns an existing or new access control list`
			`*`
			`* @return s AclList`
			`*/`
			`public function getAcl() {`
			`if (! isset ( $this->persistent->acl )) {`
			`$acl = new AclList ();`
			`// Register roles`
			`$roles = array (`
			`'users' => new Role ( 'Users' ),`
			`'guests' => new Role ( 'Guests' )`
			`);`
			`foreach ( $roles as $role ) {`
			`$acl->addRole ( $role );`
			`}`
			`// Private area resources`
			`$privateResources = array ();`
			`foreach ( $privateResources as $resource => $actions ) {`
			`$acl->addResource ( new Resource ( $resource ), $actions );`
			`}`
			`// Public area resources`
			`$publicResources = array (`
			`'index' => array (`
			`'index'`
			`),`
			`'logs' => array (`
			`'index'`
			`),`
			`'errors' => array (`
			`'show401',`
			`'show404',`
			`'show500'`
			`),`
			`'session' => array (`
			`'index',`
			`'register',`
			`'start',`
			`'end'`
			`)`
			`);`
			`foreach ( $publicResources as $resource => $actions ) {`
			`$acl->addResource ( new Resource ( $resource ), $actions );`
			`}`
			`// Grant access to public areas to both users and guests`
			`foreach ( $roles as $role ) {`
			`foreach ( $publicResources as $resource => $actions ) {`
			`foreach ( $actions as $action ) {`
			`$acl->allow ( $role->getName (), $resource, $action );`
			`}`
			`}`
			`}`
			`// Grant access to private area to role Users`
			`foreach ( $privateResources as $resource => $actions ) {`
			`foreach ( $actions as $action ) {`
			`$acl->allow ( 'Guests', $resource, $action );`
			`}`
			`}`
			`// The acl is stored in session, APC would be useful here too`
			`$this->persistent->acl = $acl;`
			`}`
			`return $this->persistent->acl;`
			`}`
			`/**`
			`* This action is executed before execute any action in the application`
			`*`
			`* @param Event $event`
			`* @param Dispatcher $dispatcher`
			`* @return bool`
			`*/`
			`public function beforeDispatch(Event $event, Dispatcher $dispatcher) {`
			`$auth = $this->session->get ( 'auth' );`
			`if (! $auth) {`
			`$role = 'Guests';`
			`} else {`
			`$role = 'Users';`
			`}`
			`$controller = $dispatcher->getControllerName ();`
			`$controller = strtolower ( $controller );`
			`$action = $dispatcher->getActionName ();`
			`$controller = strtolower ( $action );`
			`$acl = $this->getAcl ();`
			`$allowed = $acl->isAllowed ( $role, $controller, $action );`
			`if ($allowed != Acl::ALLOW) {`
			`$dispatcher->forward(array(`
			`'controller' => 'errors',`
			`'action' => 'show401'`
			`));`
			`$this->session->destroy();`
			`return false;`
			`}`
			`}`
			`}`
			`?>`