BjyAuthorize конфигурация для ресурсов
Я настроил свой BjyAuthorised, используя SamUser и другие ресурсы онлайн. Я думал, что следующая конфигурация предполагает блокировку всех пользователей, кроме 'admin'. Однако роль пользователя не влияет на результат. Любой пользователь может получить доступ к этому ресурсу. Пожалуйста помоги.
Мой конфигурационный файл BjyAuthorise:
<?php
return array(
'bjyauthorize' => array(
'default_role' => 'guest',
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation' => array(),
),
),
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
array(array('admin'), 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation', array('index')),
),
),
),
'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' => array(
'object_manager' => 'doctrine.entity_manager.orm_default',
'role_entity_class' => 'Application\Entity\Role',
),
),
// 'guards' => array(
// 'BjyAuthorize\Guard\Controller' => array(
// array('controller' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation',
// 'action' => array('index'),
// 'roles' => array('admin')),
// ),
// ),
);
Файл конфигурации модуля
<?php
namespace OnlineFieldEvaluation;
return array(
'controllers' => array(
'invokables' => array(
'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluationController',
),
),
// The following section is new and should be added to your file
'router' => array(
'routes' => array(
'OnlineFieldEvaluation' => array(
'type' => 'segment',
'options' => array(
'route' => '/onlinefieldevaluation[/][:action][/:id]',
'constraints' => array(
'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
'id' => '[0-9]+',
),
'defaults' => array(
'controller' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation',
'action' => 'index',
),
),
),
),
),
'view_manager' => array(
'template_path_stack' => array(
'OnlineFieldEvaluation' => __DIR__ . '/../view',
),
),
// Doctrine config
'doctrine' => array(
'driver' => array(
__NAMESPACE__ . '_driver' => array(
'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
'cache' => 'array',
'paths' => array(__DIR__ . '/../src/' . __NAMESPACE__ . '/Entity')
),
'orm_default' => array(
'drivers' => array(
__NAMESPACE__ . '\Entity' => __NAMESPACE__ . '_driver'
)
),
),
),
);
Системный пользовательский класс
<?php
namespace Application\Entity;
use BjyAuthorize\Provider\Role\ProviderInterface;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
use ZfcUser\Entity\UserInterface;
/**
* Systemuser
*
* @ORM\Table(name="systemuser",uniqueConstraints={@ORM\UniqueConstraint(name="email_idx", columns={"email"})})
* @ORM\Entity
* ORM\Entity(repositoryClass="Application\Entity\Repository\SystemuserRepository")
*/
class Systemuser implements UserInterface, ProviderInterface {
/**
* @var int
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @var string
*
* @ORM\Column(name="email", type="string", length=100, nullable=false)
*/
private $email;
/**
* @var string
* @ORM\Column(name="displayname", type="string", length=50, nullable=true)
*/
protected $displayName;
/**
* @var string
*
* @ORM\Column(name="username", type="string", length=100, nullable=true)
*/
private $username;
/**
* @var string
*
* @ORM\Column(name="password", type="string", length=64, nullable=false)
*/
private $password;
/**
* @var string $country
*
* @ORM\Column(type="string", length=255, nullable=true)
*/
private $country;
/**
* var \Application\Entity\Role
*
* ORM\ManyToOne(targetEntity="Application\Entity\Role")
* ORM\JoinColumns({
* ORM\JoinColumn(name="role_id", referencedColumnName="id",nullable=true)
* })
*/
//private $role;
/**
* @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="Application\Entity\Role")
* @ORM\JoinTable(name="users_roles",
* joinColumns={@ORM\JoinColumn(name="user_id", referencedColumnName="id")},
* inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id")}
* )
*/
protected $roles;
/**
* Initialies the roles variable.
*/
public function __construct()
{
$this->roles = new ArrayCollection();
}
/**
* Get role.
*
* @return array
*/
public function getRoles()
{
return $this->roles->getValues();
}
/**
* Add a role to the user.
*
* @param Role $role
*
* @return void
*/
public function addRole($role)
{
$this->roles[] = $role;
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set id.
*
* @param int $id
* @return UserInterface
*/
public function setId($id) {
$this->id = $id;
}
/**
* Set email
*
* @param string $email
* @return Systemuser
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* Get email
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set username
*
* @param string $username
* @return Systemuser
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* Get username
*
* @return string
*/
public function getUsername()
{
return $this->username;
}
/**
* Set password
*
* @param string $password
* @return Systemuser
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* Get password
*
* @return string
*/
public function getPassword()
{
return $this->password;
}
/**
* Set displayname
*
* @param string $displayName
* @return Systemuser
*/
public function setDisplayname($displayname)
{
$this->displayName= $displayname;
return $this;
}
/**
* Get displayname
*
* @return string
*/
public function getDisplayname()
{
return $this->displayName;
}
/**
* Set country
*
* @param string $country
* @return Conference
*/
public function setCountry($country)
{
$this->country = $country;
return $this;
}
/**
* Get country
*
* @return string
*/
public function getCountry()
{
return $this->country;
}
/**
* Get state.
*
* @return int
*/
public function getState() {
return null;
}
/**
* Set state.
*
* @param int $state
* @return UserInterface
*/
public function setState($state) {
//does nothing
}
/**
* Set role
*
* @param \Application\Entity\Role $role
* @return Systemuser
// */
// public function setRole(\Application\Entity\Role $role = null)
// {
// $this->role = $role;
//
// return $this;
// }
/**
* Get role
*
* @return \Application\Entity\Role
*/
// public function getRole()
// {
// return $this->role;
// }
}
Ролевый класс
<?php
namespace Application\Entity;
use BjyAuthorize\Acl\HierarchicalRoleInterface;
use Doctrine\ORM\Mapping as ORM;
//use Zend\Permissions\Acl\Role\RoleInterface;
/**
* Role
*
* @ORM\Table(name="role")
* @ORM\Entity
* ORM\Entity(repositoryClass="Application\Entity\Repository\RoleRepository")
*/
class Role implements HierarchicalRoleInterface
{
/**
* @var string
*
* @ORM\Column(name="id", type="string", length=20, nullable=false)
* @ORM\Id
*/
private $id;
/**
* @var string
*
* @ORM\Column(name="name", type="string", length=100, nullable=false)
*/
private $name;
/**
* @var Role
* @ORM\ManyToOne(targetEntity="Application\Entity\Role")
*/
protected $parent;
public function getRoleId() {
return $this->getId();
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
*
* @param string $id
*/
public function setId( $id ){
$this->id = $id;
}
/**
* Set name
*
* @param string $name
* @return Role
*/
public function setName($name)
{
$this->name = $name;
return $this;
}
/**
* Get name
*
* @return string
*/
public function getName()
{
return $this->name;
}
/**
* Get the parent role
*
* @return Role
*/
public function getParent()
{
return $this->parent;
}
/**
* Set the parent role.
*
* @param Role $parent
*
* @return void
*/
public function setParent(Role $parent)
{
$this->parent = $parent;
}
}
1 ответ
Мне наконец удалось настроить BjyAuthorize со следующей настройкой. Тем не менее, мне все еще неясно, как можно использовать "resource_providers" и "rule_providers". Похоже, охранники хорошо работают, если я определяю ресурсы и правила, или нет. Я не уверен, какую разницу эти два свойства конфигурации предполагают сделать.
bjyauthorize файл конфигурации
<?php
return array(
'bjyauthorize' => array(
'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
'role_providers' => array(
'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' => array(
'object_manager' => 'doctrine.entitymanager.orm_default',
'role_entity_class' => 'Application\Entity\Role',
),
),
'default_role' => 'guest',
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation' => array(),
),
),
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
// ...
),
'deny' => array(
// ...
),
),
),
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'zfcuser',
'roles' => array('guest')
),
array('controller' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation',
'action' => array('index'),
'roles' => array('student')),
),
),
),
);
Systemuser.php
<?php
/**
* BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
*
* @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
namespace Application\Entity;
use BjyAuthorize\Provider\Role\ProviderInterface;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
use ZfcUser\Entity\UserInterface;
/**
* An example of how to implement a role aware user entity.
*
* @ORM\Entity
* @ORM\Table(name="systemuser")
*
* @author Tom Oram <tom@scl.co.uk>
*/
class Systemuser implements UserInterface, ProviderInterface
{
/**
* @var int
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;
/**
* @var string
* @ORM\Column(type="string", length=255, unique=true, nullable=true)
*/
protected $username;
/**
* @var string
* @ORM\Column(type="string", unique=true, length=255)
*/
protected $email;
/**
* @var string
* @ORM\Column(type="string", length=50, nullable=true)
*/
protected $displayName;
/**
* @var string
* @ORM\Column(type="string", length=128)
*/
protected $password;
/**
* @var int
*/
protected $state;
/**
* @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="Application\Entity\Role")
* @ORM\JoinTable(name="users_roles",
* joinColumns={@ORM\JoinColumn(name="user_id", referencedColumnName="id")},
* inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id")}
* )
*/
protected $roles;
/**
* Initialies the roles variable.
*/
public function __construct()
{
$this->roles = new ArrayCollection();
}
/**
* Get id.
*
* @return int
*/
public function getId()
{
return $this->id;
}
/**
* Set id.
*
* @param int $id
*
* @return void
*/
public function setId($id)
{
$this->id = (int) $id;
}
/**
* Get username.
*
* @return string
*/
public function getUsername()
{
return $this->username;
}
/**
* Set username.
*
* @param string $username
*
* @return void
*/
public function setUsername($username)
{
$this->username = $username;
}
/**
* Get email.
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set email.
*
* @param string $email
*
* @return void
*/
public function setEmail($email)
{
$this->email = $email;
}
/**
* Get displayName.
*
* @return string
*/
public function getDisplayName()
{
return $this->displayName;
}
/**
* Set displayName.
*
* @param string $displayName
*
* @return void
*/
public function setDisplayName($displayName)
{
$this->displayName = $displayName;
}
/**
* Get password.
*
* @return string
*/
public function getPassword()
{
return $this->password;
}
/**
* Set password.
*
* @param string $password
*
* @return void
*/
public function setPassword($password)
{
$this->password = $password;
}
/**
* Get state.
*
* @return int
*/
public function getState()
{
return $this->state;
}
/**
* Set state.
*
* @param int $state
*
* @return void
*/
public function setState($state)
{
$this->state = $state;
}
/**
* Get role.
*
* @return array
*/
public function getRoles()
{
return $this->roles->getValues();
}
/**
* Add a role to the user.
*
* @param Role $role
*
* @return void
*/
public function addRole($role)
{
$this->roles[] = $role;
}
}
Role.php
<?php
/**
* BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
*
* @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
namespace Application\Entity;
use BjyAuthorize\Acl\HierarchicalRoleInterface;
use Doctrine\ORM\Mapping as ORM;
/**
* An example entity that represents a role.
*
* @ORM\Entity
* @ORM\Table(name="role")
*
* @author Tom Oram <tom@scl.co.uk>
*/
class Role implements HierarchicalRoleInterface
{
/**
* @var int
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;
/**
* @var string
* @ORM\Column(type="string", length=255, unique=true, nullable=true)
*/
protected $roleId;
/**
* @var Role
* @ORM\ManyToOne(targetEntity="Application\Entity\Role")
*/
protected $parent;
/**
* Get the id.
*
* @return int
*/
public function getId()
{
return $this->id;
}
/**
* Set the id.
*
* @param int $id
*
* @return void
*/
public function setId($id)
{
$this->id = (int)$id;
}
/**
* Get the role id.
*
* @return string
*/
public function getRoleId()
{
return $this->roleId;
}
/**
* Set the role id.
*
* @param string $roleId
*
* @return void
*/
public function setRoleId($roleId)
{
$this->roleId = (string) $roleId;
}
/**
* Get the parent role
*
* @return Role
*/
public function getParent()
{
return $this->parent;
}
/**
* Set the parent role.
*
* @param Role $parent
*
* @return void
*/
public function setParent(Role $parent)
{
$this->parent = $parent;
}
}