-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaccess_control.inc
63 lines (54 loc) · 2.04 KB
/
access_control.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
/**
* @copyright 2012-2019 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
*/
namespace Application\Models;
use Application\Authentication\Auth;
use Zend\Permissions\Acl\Acl;
use Zend\Permissions\Acl\Role\GenericRole as Role;
use Zend\Permissions\Acl\Role\RoleInterface;
use Zend\Permissions\Acl\Resource\GenericResource as Resource;
use Zend\Permissions\Acl\Resource\ResourceInterface;
use Zend\Permissions\Acl\Assertion\AssertionInterface;
$ZEND_ACL = new Acl();
$ZEND_ACL->addRole(new Role('Anonymous'))
->addRole(new Role('Public' ), 'Anonymous')
->addRole(new Role('Staff' ), 'Public' )
->addRole(new Role('Administrator'));
/**
* Declare all the resources
*/
$ZEND_ACL->addResource(new Resource('index'));
$ZEND_ACL->addResource(new Resource('people'));
$ZEND_ACL->addResource(new Resource('users'));
$ZEND_ACL->addResource(new Resource('login'));
$ZEND_ACL->addResource(new Resource('departments'));
$ZEND_ACL->addResource(new Resource('emergencyContacts'));
$ZEND_ACL->addResource(new Resource('hr'));
$ZEND_ACL->addResource(new Resource('synchronize'));
$ZEND_ACL->addResource(new Resource('jobTitleCodes'));
/**
* Assign permissions to the resources
*/
$ZEND_ACL->allow(null,['login', 'index', 'departments']);
// Permissions for unauthenticated browsing
$ZEND_ACL->allow(null,
['people'],
['index', 'view', 'photo', 'search']);
// Allow Staff to do stuff
// Staff need to be able to update their own Emergency Contact Information
class OwnInfoAssertion implements AssertionInterface
{
public function assert(Acl $acl, RoleInterface $role=null, ResourceInterface $resource=null, $privilege=null)
{
if (isset($_REQUEST['username'])) {
$user = Auth::getAuthenticatedUser();
return $user->getUsername() == $_REQUEST['username'];
}
return false;
}
}
$ZEND_ACL->allow('Staff', 'people', 'updateEmergencyContacts', new OwnInfoAssertion());
// Administrator is allowed access to everything
$ZEND_ACL->allow('Administrator');