BjyAuthorize конфигурация для ресурсов

Я настроил свой BjyAuthorised, используя SamUser и другие ресурсы онлайн. Я думал, что следующая конфигурация предполагает блокировку всех пользователей, кроме 'admin'. Однако роль пользователя не влияет на результат. Любой пользователь может получить доступ к этому ресурсу. Пожалуйста помоги.

Мой конфигурационный файл BjyAuthorise:

    <?php
    return array(
        'bjyauthorize' => array(
            'default_role' => 'guest',
            'resource_providers' => array(
                'BjyAuthorize\Provider\Resource\Config' => array(
                    'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation' => array(),
                ),
            ),
            'rule_providers' => array(
                'BjyAuthorize\Provider\Rule\Config' => array(
                    'allow' => array(
                        array(array('admin'), 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation', array('index')),
                    ),
                ),
            ),
            'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
            'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' => array(
                'object_manager'    => 'doctrine.entity_manager.orm_default',
                'role_entity_class' => 'Application\Entity\Role',
            ),
        ),
 //           'guards' => array(
 //               'BjyAuthorize\Guard\Controller' => array(
 //                   array('controller' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation',
 //                       'action' => array('index'),
 //                       'roles' => array('admin')),
 //               ),
 //           ),
    );

Файл конфигурации модуля

<?php
namespace OnlineFieldEvaluation;
return array(
    'controllers' => array(
        'invokables' => array(
            'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluationController',
        ),
    ),

    // The following section is new and should be added to your file
    'router' => array(
            'routes' => array(
                    'OnlineFieldEvaluation' => array(
                            'type'    => 'segment',
                            'options' => array(
                                    'route'    => '/onlinefieldevaluation[/][:action][/:id]',
                                    'constraints' => array(
                                            'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
                                            'id'     => '[0-9]+',
                                    ),
                                    'defaults' => array(
                                            'controller' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation',
                                            'action'     => 'index',
                                    ),
                            ),
                    ),
            ),
    ),      
    'view_manager' => array(
        'template_path_stack' => array(
            'OnlineFieldEvaluation' => __DIR__ . '/../view',
        ),
    ),

    // Doctrine config
    'doctrine' => array(
        'driver' => array(
            __NAMESPACE__ . '_driver' => array(
                'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
                'cache' => 'array',
                'paths' => array(__DIR__ . '/../src/' . __NAMESPACE__ . '/Entity')
            ),
            'orm_default' => array(
                'drivers' => array(
                    __NAMESPACE__ . '\Entity' => __NAMESPACE__ . '_driver'
                )
            ),
        ),
    ),
);

Системный пользовательский класс

<?php
namespace Application\Entity;

use BjyAuthorize\Provider\Role\ProviderInterface;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
use ZfcUser\Entity\UserInterface;

/**
 * Systemuser
 *
 * @ORM\Table(name="systemuser",uniqueConstraints={@ORM\UniqueConstraint(name="email_idx", columns={"email"})})
 * @ORM\Entity
 * ORM\Entity(repositoryClass="Application\Entity\Repository\SystemuserRepository")
 */
class Systemuser implements UserInterface, ProviderInterface {

    /**
     * @var int
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;

    /**
     * @var string
     *
     * @ORM\Column(name="email", type="string", length=100, nullable=false)
     */
    private $email;

    /**
     * @var string
     * @ORM\Column(name="displayname", type="string", length=50, nullable=true)
     */
    protected $displayName;

    /**
     * @var string
     *
     * @ORM\Column(name="username", type="string", length=100, nullable=true)
     */
    private $username;

    /**
     * @var string
     *
     * @ORM\Column(name="password", type="string", length=64, nullable=false)
     */
    private $password;

    /**
     * @var string $country
     *
     * @ORM\Column(type="string", length=255, nullable=true)
     */
    private $country;

    /**
     * var \Application\Entity\Role
     *
     * ORM\ManyToOne(targetEntity="Application\Entity\Role")
     * ORM\JoinColumns({
     * ORM\JoinColumn(name="role_id", referencedColumnName="id",nullable=true)
     * })
     */
//private $role;


    /**
     * @var \Doctrine\Common\Collections\Collection
     * @ORM\ManyToMany(targetEntity="Application\Entity\Role")
     * @ORM\JoinTable(name="users_roles",
     *      joinColumns={@ORM\JoinColumn(name="user_id", referencedColumnName="id")},
     *      inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id")}
     * )
     */
    protected $roles;

    /**
     * Initialies the roles variable.
     */
    public function __construct()
    {
        $this->roles = new ArrayCollection();
    }


    /**
     * Get role.
     *
     * @return array
     */
    public function getRoles()
    {
        return $this->roles->getValues();
    }

    /**
     * Add a role to the user.
     *
     * @param Role $role
     *
     * @return void
     */
    public function addRole($role)
    {
        $this->roles[] = $role;
    }

    /**
     * Get id
     *
     * @return integer
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Set id.
     *
     * @param int $id
     * @return UserInterface
     */
    public function setId($id) {
        $this->id = $id;
    }


    /**
     * Set email
     *
     * @param string $email
     * @return Systemuser
     */
    public function setEmail($email)
    {
        $this->email = $email;

        return $this;
    }

    /**
     * Get email
     *
     * @return string
     */
    public function getEmail()
    {
        return $this->email;
    }

    /**
     * Set username
     *
     * @param string $username
     * @return Systemuser
     */
    public function setUsername($username)
    {
        $this->username = $username;

        return $this;
    }

    /**
     * Get username
     *
     * @return string
     */
    public function getUsername()
    {
        return $this->username;
    }

    /**
     * Set password
     *
     * @param string $password
     * @return Systemuser
     */
    public function setPassword($password)
    {
        $this->password = $password;

        return $this;
    }

    /**
     * Get password
     *
     * @return string
     */
    public function getPassword()
    {
        return $this->password;
    }

    /**
     * Set displayname
     *
     * @param string $displayName
     * @return Systemuser
     */
    public function setDisplayname($displayname)
    {
        $this->displayName= $displayname;

        return $this;
    }

    /**
     * Get displayname
     *
     * @return string
     */
    public function getDisplayname()
    {
        return $this->displayName;
    }

    /**
     * Set country
     *
     * @param string $country
     * @return Conference
     */
    public function setCountry($country)
    {
        $this->country = $country;

        return $this;
    }

    /**
     * Get country
     *
     * @return string
     */
    public function getCountry()
    {
        return $this->country;
    }

    /**
     * Get state.
     *
     * @return int
     */
    public function getState() {
        return null;
    }

    /**
     * Set state.
     *
     * @param int $state
     * @return UserInterface
     */
    public function setState($state) {
        //does nothing
    }

    /**
     * Set role
     *
     * @param \Application\Entity\Role $role
     * @return Systemuser
//     */
//    public function setRole(\Application\Entity\Role $role = null)
//    {
//        $this->role = $role;
//
//        return $this;
//    }

    /**
     * Get role
     *
     * @return \Application\Entity\Role
     */
//    public function getRole()
//    {
//        return $this->role;
//    }



}

Ролевый класс

<?php
namespace Application\Entity;

use BjyAuthorize\Acl\HierarchicalRoleInterface;
use Doctrine\ORM\Mapping as ORM;
//use Zend\Permissions\Acl\Role\RoleInterface;

/**
 * Role
 *
 * @ORM\Table(name="role")
 * @ORM\Entity
 * ORM\Entity(repositoryClass="Application\Entity\Repository\RoleRepository")
 */
class Role implements HierarchicalRoleInterface
{

    /**
     * @var string
     *
     * @ORM\Column(name="id", type="string", length=20, nullable=false)
     * @ORM\Id
     */
    private $id;

    /**
     * @var string
     *
     * @ORM\Column(name="name", type="string", length=100, nullable=false)
     */
    private $name;

    /**
     * @var Role
     * @ORM\ManyToOne(targetEntity="Application\Entity\Role")
     */
    protected $parent;



    public function getRoleId() {
        return $this->getId();
    }

    /**
     * Get id
     *
     * @return integer
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     *
     * @param string $id
     */
    public function setId( $id ){
        $this->id = $id;
    }

    /**
     * Set name
     *
     * @param string $name
     * @return Role
     */
    public function setName($name)
    {
        $this->name = $name;

        return $this;
    }

    /**
     * Get name
     *
     * @return string
     */
    public function getName()
    {
        return $this->name;
    }

    /**
     * Get the parent role
     *
     * @return Role
     */
    public function getParent()
    {
        return $this->parent;
    }

    /**
     * Set the parent role.
     *
     * @param Role $parent
     *
     * @return void
     */
    public function setParent(Role $parent)
    {
        $this->parent = $parent;
    }

}

1 ответ

Мне наконец удалось настроить BjyAuthorize со следующей настройкой. Тем не менее, мне все еще неясно, как можно использовать "resource_providers" и "rule_providers". Похоже, охранники хорошо работают, если я определяю ресурсы и правила, или нет. Я не уверен, какую разницу эти два свойства конфигурации предполагают сделать.

bjyauthorize файл конфигурации

<?php
return array(
    'bjyauthorize' => array(
        'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
        'role_providers' => array(
            'BjyAuthorize\Provider\Role\ObjectRepositoryProvider' => array(
                'object_manager' => 'doctrine.entitymanager.orm_default',
                'role_entity_class' => 'Application\Entity\Role',
            ),
        ),
        'default_role' => 'guest',
        'resource_providers' => array(
            'BjyAuthorize\Provider\Resource\Config' => array(
                'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation' => array(),
            ),
        ),
        'rule_providers' => array(
            'BjyAuthorize\Provider\Rule\Config' => array(
                'allow' => array(
                // ...
                ),
                'deny' => array(
                // ...
                ),
            ),
        ),
        'guards' => array(
            'BjyAuthorize\Guard\Controller' => array(
                array(
                    'controller' => 'zfcuser',
                    'roles' => array('guest')
                ),
                array('controller' => 'OnlineFieldEvaluation\Controller\OnlineFieldEvaluation',
                    'action' => array('index'),
                    'roles' => array('student')),
            ),
        ),
    ),
);

Systemuser.php

<?php
/**
 * BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
 *
 * @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
 * @license http://framework.zend.com/license/new-bsd New BSD License
 */

namespace Application\Entity;

use BjyAuthorize\Provider\Role\ProviderInterface;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
use ZfcUser\Entity\UserInterface;

/**
 * An example of how to implement a role aware user entity.
 *
 * @ORM\Entity
 * @ORM\Table(name="systemuser")
 *
 * @author Tom Oram <tom@scl.co.uk>
 */
class Systemuser implements UserInterface, ProviderInterface
{
    /**
     * @var int
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @var string
     * @ORM\Column(type="string", length=255, unique=true, nullable=true)
     */
    protected $username;

    /**
     * @var string
     * @ORM\Column(type="string", unique=true,  length=255)
     */
    protected $email;

    /**
     * @var string
     * @ORM\Column(type="string", length=50, nullable=true)
     */
    protected $displayName;

    /**
     * @var string
     * @ORM\Column(type="string", length=128)
     */
    protected $password;

    /**
     * @var int
     */
    protected $state;

    /**
     * @var \Doctrine\Common\Collections\Collection
     * @ORM\ManyToMany(targetEntity="Application\Entity\Role")
     * @ORM\JoinTable(name="users_roles",
     *      joinColumns={@ORM\JoinColumn(name="user_id", referencedColumnName="id")},
     *      inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id")}
     * )
     */
    protected $roles;

    /**
     * Initialies the roles variable.
     */
    public function __construct()
    {
        $this->roles = new ArrayCollection();
    }

    /**
     * Get id.
     *
     * @return int
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Set id.
     *
     * @param int $id
     *
     * @return void
     */
    public function setId($id)
    {
        $this->id = (int) $id;
    }

    /**
     * Get username.
     *
     * @return string
     */
    public function getUsername()
    {
        return $this->username;
    }

    /**
     * Set username.
     *
     * @param string $username
     *
     * @return void
     */
    public function setUsername($username)
    {
        $this->username = $username;
    }

    /**
     * Get email.
     *
     * @return string
     */
    public function getEmail()
    {
        return $this->email;
    }

    /**
     * Set email.
     *
     * @param string $email
     *
     * @return void
     */
    public function setEmail($email)
    {
        $this->email = $email;
    }

    /**
     * Get displayName.
     *
     * @return string
     */
    public function getDisplayName()
    {
        return $this->displayName;
    }

    /**
     * Set displayName.
     *
     * @param string $displayName
     *
     * @return void
     */
    public function setDisplayName($displayName)
    {
        $this->displayName = $displayName;
    }

    /**
     * Get password.
     *
     * @return string
     */
    public function getPassword()
    {
        return $this->password;
    }

    /**
     * Set password.
     *
     * @param string $password
     *
     * @return void
     */
    public function setPassword($password)
    {
        $this->password = $password;
    }

    /**
     * Get state.
     *
     * @return int
     */
    public function getState()
    {
        return $this->state;
    }

    /**
     * Set state.
     *
     * @param int $state
     *
     * @return void
     */
    public function setState($state)
    {
        $this->state = $state;
    }

    /**
     * Get role.
     *
     * @return array
     */
    public function getRoles()
    {
        return $this->roles->getValues();
    }

    /**
     * Add a role to the user.
     *
     * @param Role $role
     *
     * @return void
     */
    public function addRole($role)
    {
        $this->roles[] = $role;
    }
}

Role.php

<?php
/**
 * BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
 *
 * @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
 * @license http://framework.zend.com/license/new-bsd New BSD License
 */

namespace Application\Entity;

use BjyAuthorize\Acl\HierarchicalRoleInterface;
use Doctrine\ORM\Mapping as ORM;

/**
 * An example entity that represents a role.
 *
 * @ORM\Entity
 * @ORM\Table(name="role")
 *
 * @author Tom Oram <tom@scl.co.uk>
 */
class Role implements HierarchicalRoleInterface
{
    /**
     * @var int
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @var string
     * @ORM\Column(type="string", length=255, unique=true, nullable=true)
     */
    protected $roleId;

    /**
     * @var Role
     * @ORM\ManyToOne(targetEntity="Application\Entity\Role")
     */
    protected $parent;

    /**
     * Get the id.
     *
     * @return int
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Set the id.
     *
     * @param int $id
     *
     * @return void
     */
    public function setId($id)
    {
        $this->id = (int)$id;
    }

    /**
     * Get the role id.
     *
     * @return string
     */
    public function getRoleId()
    {
        return $this->roleId;
    }

    /**
     * Set the role id.
     *
     * @param string $roleId
     *
     * @return void
     */
    public function setRoleId($roleId)
    {
        $this->roleId = (string) $roleId;
    }

    /**
     * Get the parent role
     *
     * @return Role
     */
    public function getParent()
    {
        return $this->parent;
    }

    /**
     * Set the parent role.
     *
     * @param Role $parent
     *
     * @return void
     */
    public function setParent(Role $parent)
    {
        $this->parent = $parent;
    }
}
Другие вопросы по тегам