48 lines
1.5 KiB
PHP
48 lines
1.5 KiB
PHP
<?php
|
|
|
|
use Phalcon\Events\Event;
|
|
use Phalcon\Mvc\Dispatcher;
|
|
|
|
use Httpcb\Acl;
|
|
|
|
class AclPlugin extends Phalcon\Mvc\User\Plugin
|
|
{
|
|
public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
|
|
{
|
|
// We only have two roles for now, authenticated users and guests.
|
|
if ($this->auth->hasIdentity()) {
|
|
$role = Acl::ROLE_USER;
|
|
} else {
|
|
$role = Acl::ROLE_GUEST;
|
|
}
|
|
|
|
// Support annotations for actions to define custom resources.
|
|
$controllerClass = $dispatcher->getControllerClass();
|
|
$activeMethod = $dispatcher->getActiveMethod();
|
|
|
|
$annotation = $this->annotations->getMethod($controllerClass, $activeMethod);
|
|
|
|
// ACL annotation found. use that.
|
|
if ($annotation->has('Acl')) {
|
|
$resource = $annotation->get('Acl')->getArgument('resource');
|
|
}
|
|
// Otherwise, default to controller name.
|
|
else {
|
|
$resource = $dispatcher->getControllerName();
|
|
}
|
|
|
|
// Now, check and redirect user to login page if
|
|
// this role does not have access to this resource.
|
|
if ($this->acl->isAllowed($role, $resource, 'Read') == \Phalcon\Acl::DENY) {
|
|
|
|
// Forward to login page.
|
|
$dispatcher->forward(array(
|
|
'controller' => 'auth',
|
|
'action' => 'index',
|
|
));
|
|
|
|
// Return false to stop the dispatch loop.
|
|
return false;
|
|
}
|
|
}
|
|
}
|