<?php

use Phalcon\Acl;
use Phalcon\Events\Event;
use Phalcon\Mvc\Dispatcher;

class AclPlugin extends Phalcon\Mvc\User\Plugin
{
    public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
    {
        // We only have two roles for now, authenticated users and guests.
        if ($this->auth->hasIdentity()) {
            $role = \Acl\Acl::ROLE_USER;
        } else {
            $role = \Acl\Acl::ROLE_GUEST;
        }

        // Support annotations for actions to define custom resources.
        $controllerClass = $dispatcher->getControllerClass();
        $activeMethod = $dispatcher->getActiveMethod();

        $annotation = $this->annotations->getMethod($controllerClass, $activeMethod);

        // ACL annotation found. use that.
        if ($annotation->has('Acl')) {
            $resource = $annotation->get('Acl')->getArgument('resource');
        }
        // Otherwise, default to controller name.
        else {
            $resource = $dispatcher->getControllerName();
        }

        // Now, check and redirect user to login page if
        // this role does not have access to this resource.
        if ($this->acl->isAllowed($role, $resource, 'Read') == Acl::DENY) {

            // Forward to login page.
            $dispatcher->forward(array(
                'controller' => 'auth',
                'action'     => 'index',
            ));

            // Return false to stop the dispatch loop.
            return false;
        }
    }
}