persistent->acl )) { $acl = new AclList (); // Register roles $roles = array ( 'users' => new Role ( 'Users' ), 'guests' => new Role ( 'Guests' ) ); foreach ( $roles as $role ) { $acl->addRole ( $role ); } // Private area resources $privateResources = array (); foreach ( $privateResources as $resource => $actions ) { $acl->addResource ( new Resource ( $resource ), $actions ); } // Public area resources $publicResources = array ( 'index' => array ( 'index' ), 'logs' => array ( 'index' ), 'errors' => array ( 'show401', 'show404', 'show500' ), 'session' => array ( 'index', 'register', 'start', 'end' ) ); foreach ( $publicResources as $resource => $actions ) { $acl->addResource ( new Resource ( $resource ), $actions ); } // Grant access to public areas to both users and guests foreach ( $roles as $role ) { foreach ( $publicResources as $resource => $actions ) { foreach ( $actions as $action ) { $acl->allow ( $role->getName (), $resource, $action ); } } } // Grant access to private area to role Users foreach ( $privateResources as $resource => $actions ) { foreach ( $actions as $action ) { $acl->allow ( 'Guests', $resource, $action ); } } // The acl is stored in session, APC would be useful here too $this->persistent->acl = $acl; } return $this->persistent->acl; } /** * This action is executed before execute any action in the application * * @param Event $event * @param Dispatcher $dispatcher * @return bool */ public function beforeDispatch(Event $event, Dispatcher $dispatcher) { $auth = $this->session->get ( 'auth' ); if (! $auth) { $role = 'Guests'; } else { $role = 'Users'; } $controller = $dispatcher->getControllerName (); $controller = strtolower ( $controller ); $action = $dispatcher->getActionName (); $controller = strtolower ( $action ); $acl = $this->getAcl (); $allowed = $acl->isAllowed ( $role, $controller, $action ); if ($allowed != Acl::ALLOW) { $dispatcher->forward(array( 'controller' => 'errors', 'action' => 'show401' )); $this->session->destroy(); return false; } } } ?>