Alex Savenko / semena

security.php 2.94 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 
<?php

use Phalcon\Events\Event,
    Phalcon\Mvc\User\Plugin,
    Phalcon\Mvc\Dispatcher,
    Phalcon\Acl;

    class security extends Plugin
    {
        public function getAcl()
        {
            if (!isset($this->persistent->acl)) {

                $acl = new Phalcon\Acl\Adapter\Memory();

                $acl->setDefaultAction(Phalcon\Acl::DENY);

                //Register roles
                $roles = array(
                    "admin" => new Phalcon\Acl\Role('Admin'),
                    'guests' => new Phalcon\Acl\Role('Guests'),
                    'user' => new Phalcon\Acl\Role('User'),
                    'staff' => new Phalcon\Acl\Role('Staff')
                );
                foreach ($roles as $role) {
                    $acl->addRole($role);
                }

                //Private area resources
                $adminResources = array(
                    "seo"=>array("index")

                );

                foreach ($adminResources as $resource => $actions) {
                    $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
                }

                //Public area resources
                $publicResources = array(
                    'page' => array('index','login',"logout")
                );
                foreach ($publicResources as $resource => $actions) {
                    $acl->addResource(new Phalcon\Acl\Resource($resource), $actions);
                }

                //Grant access to public areas
                foreach ($roles as $role) {
                    foreach ($publicResources as $resource => $actions) {
                        $acl->allow($role->getName(), $resource, '*');
                    }
                }

                //Grant acess to private area to role Admin
                foreach ($adminResources as $resource => $actions) {
                    foreach ($actions as $action){
                        $acl->allow('Admin', $resource, $action);
                    }
                }

                //The acl is stored in session, APC would be useful here too
                $this->persistent->acl = $acl;
            }

            return $this->persistent->acl;
        }

        /**
         * This action is executed before execute any action in the application
         */
        public function check(Dispatcher $dispatcher)
        {

            $controller = $dispatcher->getControllerName();
            $action = $dispatcher->getActionName();

            $acl = $this->getAcl();
            if ($this->session->get("user-status")){
                $status = $this->session->get("user-status");
            } else {
                $status = 'Guests';
            }

            $allowed = $acl->isAllowed($status, $controller, $action);
            if ($allowed) {
                return true;
            } else {
                return false;
            }

        }

}