Permalink
Browse files

merge upstream

  • Loading branch information...
2 parents a074811 + 7bfbe3e commit a47a2925109530d47b8cf5d30539692f869e4dfb @bjyoungblood committed Dec 19, 2012
View
@@ -164,6 +164,18 @@ In either a controller or a view script, you can call
```$this->isAllowed($resource[, $privilege])```, which will query the ACL
using the currently authenticated (or default) user's roles.
+Whenever you need to stop processing your action you can throw an UnAuthorizedException and users will see you message on a 403 page.
+
+```
+function cafeAction() {
+ if (!$this->isAllowed('alcohol', 'consume')) {
+ throw new UnAuthorizedException("Grow a beard first!");
+ }
+
+ // party on ...
+}
+```
+
License
-------
Released under the MIT License. See file LICENSE included with the source
View
@@ -17,7 +17,7 @@
],
"require": {
"php": ">=5.3.3",
- "zendframework/zendframework": "2.0.*",
+ "zendframework/zendframework": "2.*",
"zf-commons/zfc-base": "dev-master",
"zf-commons/zfc-user": "dev-master"
},
@@ -0,0 +1,7 @@
+<?php
+
+namespace BjyAuthorize\Exception;
+
+class UnAuthorizedException extends \Exception
+{
+}
@@ -11,7 +11,7 @@
class Controller implements GuardInterface, RuleProviderInterface, ResourceProviderInterface
{
- protected $securityService;
+ protected $serviceLocator;
protected $rules = array();
@@ -20,9 +20,9 @@ class Controller implements GuardInterface, RuleProviderInterface, ResourceProvi
*/
protected $listeners = array();
- public function __construct(array $rules, $security)
+ public function __construct(array $rules, $serviceLocator)
{
- $this->securityService = $security;
+ $this->serviceLocator = $serviceLocator;
foreach ($rules as $rule)
{
@@ -11,7 +11,7 @@
class Route implements GuardInterface, RuleProviderInterface, ResourceProviderInterface
{
- protected $securityService;
+ protected $serviceLocator;
protected $rules = array();
@@ -20,9 +20,9 @@ class Route implements GuardInterface, RuleProviderInterface, ResourceProviderIn
*/
protected $listeners = array();
- public function __construct(array $rules, $security)
+ public function __construct(array $rules, $serviceLocator)
{
- $this->securityService = $security;
+ $this->serviceLocator = $serviceLocator;
foreach ($rules as $rule)
{
@@ -37,12 +37,21 @@ public function getRoles()
$builder->select($this->roleIdFieldName,$this->parentRoleFieldName)
->from($this->tableName, $this->tableName);
- $result = $builder->execute();
+ $rowset = $builder->execute();
$roles = array();
- foreach($result as $row) {
- $roles[] = new Role($row[$this->roleIdFieldName], $row[$this->parentRoleFieldName]);
+ // Pass One: Build each object
+ foreach ($rowset as $row) {
+ $roleId = $row[$this->roleIdFieldName];
+ $roles[$roleId] = new Role($roleId, $row[$this->parentRoleFieldName]);
}
- return $roles;
+ // Pass Two: Re-inject parent objects to preserve hierarchy
+ foreach ($roles as $roleId=>$roleObj) {
+ $parentRoleObj = $roleObj->getParent();
+ if ($parentRoleObj && $parentRoleObj->getRoleId()) {
+ $roleObj->setParent($roles[$parentRoleObj->getRoleId()]);
+ }
+ }
+ return array_values($roles);
}
}
@@ -12,6 +12,7 @@ class ZendDb implements ProviderInterface
{
protected $sm;
+ protected $adapterName = 'bjyauthorize_zend_db_adapter';
protected $tableName = 'user_role';
protected $roleIdFieldName = 'role_id';
protected $parentRoleFieldName = 'parent';
@@ -20,6 +21,10 @@ public function __construct($options, $serviceManager)
{
$this->sm = $serviceManager;
+ if (isset($options['adapter'])) {
+ $this->adapterName = $options['adapter'];
+ }
+
if (isset($options['table'])) {
$this->tableName = $options['table'];
}
@@ -35,7 +40,7 @@ public function __construct($options, $serviceManager)
public function getRoles()
{
- $tableGateway = new TableGateway($this->tableName, $this->sm->get('bjyauthorize_zend_db_adapter'));
+ $tableGateway = new TableGateway($this->tableName, $this->sm->get($this->adapterName));
$sql = new Select;
$sql->from($this->tableName);
@@ -58,7 +58,7 @@ public function __construct(array $config = array(), ServiceLocatorInterface $se
if (isset($config['guards'])) {
foreach ($config['guards'] as $class => $options) {
- $this->addGuard(new $class($options, $this));
+ $this->addGuard(new $class($options, $serviceLocator));
}
}
}
@@ -86,7 +86,7 @@ public function setIdentityProvider(IdentityProvider $provider)
$this->identityProvider = $provider;
return $this;
}
-
+
public function getIdentityProvider()
{
return $this->identityProvider;
@@ -10,6 +10,7 @@
use Zend\Mvc\MvcEvent;
use Zend\Stdlib\ResponseInterface as Response;
use Zend\View\Model\ViewModel;
+use BjyAuthorize\Exception\UnAuthorizedException;
class UnauthorizedStrategy implements ListenerAggregateInterface
{
@@ -71,6 +72,14 @@ public function onDispatchError(MvcEvent $e)
case 'error-unauthorized-route':
$viewVariables['route'] = $e->getParam('route');
break;
+ case Application::ERROR_EXCEPTION:
+ if (!($e->getParam('exception') instanceof UnAuthorizedException)) {
+ return;
+ }
+
+ $viewVariables['reason'] = $e->getParam('exception')->getMessage();
+ $viewVariables['error'] = 'error-unauthorized';
+ break;
default:
/*
* do nothing if there is no error in the event or the error
View
@@ -8,6 +8,8 @@
.
<?php elseif ($error == 'error-unauthorized-route') : ?>
You are not authorized to access <?php echo $route;?>.
+ <?php elseif ($error == 'error-unauthorized') : ?>
+ You are not authorized <?php echo $reason; ?>.
<?php else : ?>
An unknown error occured.
<?php endif;?>

0 comments on commit a47a292

Please sign in to comment.