ZF2 redirect if ACL does not allow access to page

I have module which builds my ACL tree which is working fine.

I also have a navigation configuration file in the config/autoload directory which details my application structure along with resources associated with the entries. I also have a navigation factory in my application module config.

All of this is working fine and I am rendering my menu based on the permissions on the role of the logged in user and the resources against the page in the navigation config.

What I can't work out is how to prevent access to the pages which the user doesn't have access to (the ones which are hidden in the rendered navigation menu). I would like this to be managed within a module.

I'm assuming that in the my Module.php file, in the onBootstrap function, I would need to run isAllowed against the ACL and redirect (as in this question - Forward to another controller/action from module.php). isAllowed seems to require the resource to query against however. This would need to be obtained from the navigation config.

I can get this working if I hardcode the resource required in the isAllowed function. Effectively, I just need to get the resource of the current page request from the navigation config.

I'm sure this must be standard functionality but I can't find any specific examples.

Any help appreciated.

Chris

Answers


Is this what you are looking for, or are you looking for how to access your config from within the onBootstrap method?

public function onBootstrap($event) {
    $matched_route = $event->getRouteMatch()->getMatchedRouteName();
    $someOtherClass = new MyClassThatAuthenticatesRoutes();
    if(!($someOtherClass->isAllowed($matched_route)){
        $response = $event->getResponse();
        $response->setStatusCode(401);
        $response->setReasonPhrase('Not allowed!');
        return $response;
    }

If you're looking for just the config you can go:

 $sm = $e->getApplication()->getServiceManager();
 $config = $sm->get('config');

If you're needing to match the routes for ACL look into doing something like:

/**
 * Retrieve the route match
 * 
 * @return string
 */
protected function getMatchRoute()
{
    $router  = $this->getServiceLocator()->get('router');
    $request = $this->getServiceLocator()->get('request');      

    $this->routeMatch = $router->match($request)->getMatchedRouteName();

    return $this->routeMatch;
}

Then in your controller:

// note, $acl is just a class I wrote to extend class Zend\Permissions\Acl\Acl
// because I needed additional functionality    
$acl = new \PATH_TO\Acl\Acl(); 

// checkAcl(), just however you plan on handling permissions
// $role is obviously just that, the role of the user, where ever 
// you are setting that.
// the second param is from the method in the above code block which is the 
// resource (page) you are wanting to check against
$access = $acl->checkAcl($role, $this->getMatchRoute());

// they don't have access so redirect them
if (!$access)
{
    return $this->redirect()->toRoute('your_route', array());
}

If you need to see anymore code just let me know but hopefully this gets you started.


Need Your Help

How to extract specific segments from powerline?

tmux powerline

Powerline (https://github.com/Lokaltog/powerline) is a generic installation for powerlines for shells, vim, tmux, etc. Once installed including the following the tmux config will generate the right...

Excel VBA Conditional Filter

excel vba excel-vba autofilter

simple VBA question. I need a VBA subroutine that will filter my data based on a condition (in this case, if what's in column C equals 11-Jun-12 [41071 in numeric form]) without looping through the