23. News_Acl <?php class News_Acl extends Zend_Acl { protected $_name = 'news'; public function __construct() { //sample $this->addRole(new Zend_Acl_Role('marketing'), 'staff') ->addResource(new Zend_Acl_Resource($this->_name)) ->allow('marketing', $this->_name, array('publish', 'archive')); } }
24. NewsController <?php class NewsController extends Zend_Controller_Action { // resource name protected $_name = 'news'; public function init() { $this->_acl = new News_Acl; } }
25. NewsController::preDispatch() $action = $this->getRequest()->getActionName(); $auth = Zend_Auth::getInstance(); $role = $this->getRole($auth->getIdentity()); if (! $this->_acl->isAllowed($role, $this->_name, $action)) { throw new Exception('action not permitted'); //ここでエラーアクションに書き換えてもよい。 } parent::preDispatch();
47. Roleの受け入れ(subject設定) public function setRole( Zend_Role_Interface $role ) { $this->_role = $role; return $this; }
48. メソッドに制御を追加 public function getList() { if (!$this->getAcl()->isAllowed( $this->getRole(), $this, 'list') ) { throw new UnauthorizedException(); } // ... }
68. Mediator public function __call($method, $args) { $privilege = $this->_object->getPrivilege($method); if (! $this->_monitor->isAllowed( $this->_subject->getRole() , $this->_object, $privilege)) { throw new Exception('method not allowed'); } }
74. 許可されたメソッドだけを実行 public function __call($methodName, $args) { if (! $this->_isAllowed($methodName)) { throw new Exception('method not allowed'); } if (method_exists($this, '_' . $methodName)) { return call_user_func_array(array($this, ‘_’ . $methodName), $args); } // etc. etc. etc. }
75. メソッドと権限をマップして許可 protected function _isAllowed($methodName) { $privilege = $this->getPrivilege($methodName); if (!$this->_monitor || !$this->_subject) { throw new Exception('Acc is not activated.'); } return $this->_monitor ->isAllowed($this->_subject, $this, $privilege); }