php - 动态断言 Zend_ACL - 在 isAllowed 上创建不需要的对象

Question

在这篇文章之后，我尝试将动态 Zend_Acl 断言添加到我的项目中：http: //www.amazium.com/blog/content-driven-access-control-with-zend-acl

经过几天的思考，我仍然无法使其正常工作。它抛出一个错误：“可捕获的致命错误：传递给 Application_Model_User::populate() 的参数 1 必须是一个数组，给定的对象，在 C:\Program Files\Zend\Apache2\htdocs\guardian\application\models\User 中调用。 php 在第 14 行，并在第 92 行的 C:\Program Files\Zend\Apache2\htdocs\guardian\application\models\User.php 中定义”。

通过调试我发现了ClientController中的那一行

$subsidiary->setAllowed($this->_acl->isAllowed($user, $subsidiary));

导致问题。但我不知道如何使它工作。似乎 isAllowed 创建了一个 User 实例，尽管我直接将它传递到那里。

我的代码如下：

class My_Controller_Helper_Acl extends Zend_Acl{

public function __construct(){

    $this->add(new Zend_Acl_Resource('index'));
    $this->add(new Zend_Acl_Resource('client'));
    $this->add(new Zend_Acl_Resource('search'));
    $this->add(new Zend_Acl_Resource('subsidiary'));
    $this->add(new Zend_Acl_Resource('user'));
    $this->add(new Zend_Acl_Resource('error'));
    $this->add(new Zend_Acl_Resource('subs'));

    $guest = My_Role::ROLE_GUEST;
    $client = My_Role::ROLE_CLIENT;
    $technician = My_Role::ROLE_TECHNICIAN;
    $coordinator = My_Role::ROLE_COORDINATOR;
    $admin = My_Role::ROLE_ADMIN;

    $this->addRole(new Zend_Acl_Role($guest));
    $this->addRole(new Zend_Acl_Role($client));
    $this->addRole(new Zend_Acl_Role($technician), $client);
    $this->addRole(new Zend_Acl_Role($coordinator), $technician);
    $this->addRole(new Zend_Acl_Role($admin));

    $this->allow($guest, array('user', 'error'));
    $this->deny($guest, 'user', array('register', 'rights', 'delete'));
    $this->allow($client);
    $this->deny($client, 'client', 'new');
    $this->deny($client, 'client', 'delete');
    $this->deny($client, 'user', array('register', 'rights', 'delete'));
    $this->allow($client, 'subs', null, new My_Controller_Helper_UserOwned());
    $this->allow($coordinator, 'client', array('new', 'delete'));

    $this->allow($admin);

}
}


class My_Controller_Helper_UserOwned implements Zend_Acl_Assert_Interface{
/**
 * @param Zend_Acl $acl
 * @param Zend_Acl_Role_Interface $role
 * @param Zend_Acl_Resource_Interface $resource
 * @param unknown_type $privilege
 */
public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null, $privilege = null) {
    if (!$resource instanceof Application_Model_UserOwnedInterface){

        throw new Exception('UserOwnedInterface not implemented');
    }

    $auth = Zend_Auth::getInstance();
    if(!$auth->hasIdentity()){
        return false;
    }
    $user = new Application_Model_User($auth->getIdentity());

    return $resource->isOwnedByUser($user);
}
}

ClientController.php / listAction

$subsidiariesDb = new Application_Model_DbTable_Subsidiary ();

$subsidiaries = $subsidiariesDb->getByTown ();
$users = new Application_Model_DbTable_User();
$user = $users->getByUsername($this->_username);

foreach($subsidiaries as $subsidiary){
                $subsidiary->setAllowed($this->_acl->isAllowed($user, $subsidiary));
            }

$this->view->subsidiaries = $subsidiaries;
$this->renderScript ( 'client/town.phtml' );

城镇.phtml

<?php foreach ($this->subsidiaries as $subsidiary) :
if($subsidiary->getAllowed()){
    if ($town != $subsidiary->getSubsidiaryTown()){?>
        </ul>
        <p class="bold"><?php echo $subsidiary->getSubsidiaryTown(); ?></p>
        <?php $town = $subsidiary->getSubsidiaryTown(); ?>
        <ul>
    <?php }
    if ($subsidiary->getHq()) {?>
        <li class="bold"><a href="<?php echo $this->url(array('clientId' => $subsidiary->getClientId()), 'clientIndex');?>">
            <?php echo $subsidiary->getSubsidiaryName() . ' (centrála)'?>
        </a></li>
    <?php }
    else {?>
        <li><?php echo '<a href="' . $this->url(array('clientId' => $subsidiary->getClientId(), 'subsidiary' => $subsidiary->getIdSubsidiary()), 'subsidiaryIndex') . '">' . $subsidiary->getSubsidiaryName() . '</a>'?></li>
    <?php }
}
    endforeach; ?>

用户模型（部分）

class Application_Model_User implements Zend_Acl_Role_Interface{

private $idUser;
private $username;
private $password;
private $salt;
private $role;
private $userSubsidiaries;

public function __construct ($options = array()){
    if (!empty($options)){
        $this->populate($options);
                    //see what the options are in debug below
    }
}

public function getRoleId(){
    return $this->getRole();
}

public function populate(array $data){

    $this->idUser = isSet($data['id_user']) ? $data['id_user'] : null;
    $this->username = isSet($data['username']) ? $data['username'] : null;
    $this->password = isSet($data['password']) ? $data['password'] : null;
    $this->salt = isSet($data['salt']) ? $data['salt'] : null;
    $this->role = isSet($data['role']) ? $data['role'] : null;

    $this->userSubsidiaries = array();
    $subsidiaries = isSet($data['user_subsidiaries']) ? $data['user_subsidiaries'] : null;
    $this->addSubsidiaryToUser($subsidiaries);

    return $this;
}

public function toArray($toUpdate = false, $withSubsidiaries = true){
    if (!$toUpdate){
        $data['id_user'] = $this->idUser;
    }
    $data['username'] = $this->username;
    $data['password'] = $this->password;
    $data['salt'] = $this->salt;
    $data['role'] = $this->role;

    if($withSubsidiaries){
        $data['user_subsidiaries'] = $this->userSubsidiaries;
    }

    return $data;
}

public function hasSubsidiary($subsidiary){
    if($subsidiary instanceOf Application_Model_Subsidiary){
        $subsidiary = $subsidiary->getIdSubsidiary();
    }
    return in_array($subsidiary, $this->getUserSubsidiaries());
}

public function getUserSubsidiaries(){
    return $this->userSubsidiaries;
}

public function addSubsidiaryToUser($subsidiary){
    if(is_array($subsidiary)){
        foreach($subsidiary as $sub){
            $this->addSubsidiaryToUser($sub);
        }
    } elseif ($subsidiary instanceof Application_Model_Subsidiary){
        $this->userSubsidiaries[] = $subsidiary->getIdSubsidiary();
    } elseif (is_numeric($subsidiary)){
        $this->userSubsidiaries[] = $subsidiary;
    } else{
        throw new Exception('Invalid subsidiary provided.');
    }

    return $this;
}

}

当我在填充函数中对 User 中的 $options 参数进行调试时，我在 ClientController [user = $users->getByUsername($this->_username);] 中创建用户时得到结果 (1)，这是正确的. 与isAllowed一致，我在开头提到，我得到结果（2）。但我不明白为什么用户对象甚至在该行上创建。我很绝望。你知道错在哪里吗？

结果（1）：

object(Application_Model_User)#169 (6) {
["idUser":"Application_Model_User":private] => string(1) "6"
["username":"Application_Model_User":private] => string(6) "klient"
["password":"Application_Model_User":private] => string(64) "82a78c724f3242148990897a3b754e1f57442311fab5cde74c2a238d8c8858fc"
["salt":"Application_Model_User":private] => string(88) "Ewxm5Pa7t0MHn9GtROi8Rg5bis0hUhXF/QnnaRmiwgOUqz1elGj/AzYcaVlHa+J6vTpdyvy3mtlmXfmoQlAswg=="
["role":"Application_Model_User":private] => string(1) "4"
["userSubsidiaries":"Application_Model_User":private] => array(1) {
[0] => string(1) "2"
}
}

结果（2）：

object(stdClass)#18 (5) {
["id_user"] => string(1) "6"
["username"] => string(6) "klient"
["password"] => string(64) "82a78c724f3242148990897a3b754e1f57442311fab5cde74c2a238d8c8858fc"
["salt"] => string(88) "Ewxm5Pa7t0MHn9GtROi8Rg5bis0hUhXF/QnnaRmiwgOUqz1elGj/AzYcaVlHa+J6vTpdyvy3mtlmXfmoQlAswg=="
["role"] => string(1) "4"
}

score 0 · Accepted Answer

如对原始问题的评论中所述，此问题现已解决。

我删除了

$user = new Application_Model_User($auth->getIdentity());

并且只使用

return $resource->isOwnedByUser($role);

php - 动态断言 Zend_ACL - 在 isAllowed 上创建不需要的对象

1 回答 1

Related

Reference