卡卡的程式部落格

首先先在bootstrap.php檔案裡加上下面這個function

    protected function _initControllers()
    {
        $this->bootstrap('FrontController');  
        //require_once '../library/Controller/Helper/Acl.php';
        //require_once '../library/Controller/Plugin/Auth.php';

        $acl = new Controller_Helper_Acl();
        $auth = Zend_Auth::getInstance();

        $front = Zend_Controller_Front::getInstance();
        $front->registerPlugin(new Controller_Plugin_Auth($auth, $acl));

    }

$acl和$auth這兩個都需要實作

我分別把auth和acl這兩個class放在library底下的Controller/Plugin 和 Controller/Helper/

Acl裡面實作角色 目錄 權限設定

class Controller_Helper_Acl extends Zend_Acl
{
    public function __construct()
    {
        $this->add(new Zend_Acl_Resource('importstu'));
        $this->add(new Zend_Acl_Resource('coursesetup'));
        $this->add(new Zend_Acl_Resource('homeworksetup'));
        $this->add(new Zend_Acl_Resource('teacher'));
        $this->add(new Zend_Acl_Resource('homework'));
        //$this->add(new Zend_Acl_Resource('Article_Page'));
        $this->add(new Zend_Acl_Resource('index'));
        $this->add(new Zend_Acl_Resource('login'));
        $this->add(new Zend_Acl_Resource('error'));

        $this->addRole(new Zend_Acl_Role('guest'));
        $this->addRole(new Zend_Acl_Role('student'));
        $this->addRole(new Zend_Acl_Role('ta'));
        $this->addRole(new Zend_Acl_Role('teacher'));

        $this->allow('teacher');

        $this->allow('ta', null, null);

        $this->allow('student', null, null);
        $this->deny('student', 'importstu');
        $this->deny('student', 'coursesetup', 'teacher');
        $this->deny('student', 'teacher');
        $this->deny('student', 'homeworksetup');
        
        $this->deny('guest');
        $this->allow('guest', 'login');

    }
}

Resource的名稱我一律用小寫 到時候抓到controller name就轉小寫進來判斷
allow和deny就是讓角色可以進入或禁止進入那些目錄 參數為(角色,controller,action)
null默認為全部, 嫌麻煩的話不寫也是可以~

Auth是一個plugin

在裡面 會抓現在的資料進去Acl並作判斷

class Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
    private $_auth;
    private $_acl;
    
    public function __construct($auth, $acl)
    {
        $this->_auth = $auth;
        $this->_acl = $acl;
    }

// 重载 preDispatch() 方法    
    public function preDispatch($request)
    {
        parent::preDispatch($request);
        $role = 'guest';
        if (Zend_Auth::getInstance()->hasIdentity())
        {
            $userInfo = $this->getStudentInfo();
            if($userInfo->role == 1)
            {
                $role = 'teacher';
            }
            else if($userInfo->role == 2)
            {
                $role = 'ta';
            }
            else if($userInfo->role == 3)
            {
                $role = 'student';
            }
        }
        else
        {
            $role = 'guest';
        }

        $controller = $request->controller;
        $action = $request->action;
        $module = $request->module;
        $resource = strtolower($controller); //前面提到會轉小寫做判斷

         if (!$this->_acl->has($resource)) //沒加入判斷的controller 預設通過
         {
            $resource = null;  
         }
       
        
        if (!$this->_acl->isAllowed($role, $resource, $action))
        {
            
             if (!Zend_Auth::getInstance()->hasIdentity())
             {
                //// 使用者沒登入 就轉登入畫面
                ////
             }
             else
             {
                // 用户没有目錄的權限 就提示錯誤
                   ////
             }
         }
        
        // 設置轉向
         $request->setModuleName($module);
        $request->setControllerName($controller);
        $request->setActionName($action);

    }
}

設置大概差不多就是這樣~

參考網址:

http://blogold.chinaunix.net/u2/86974/showart_2219380.html

http://stackoverflow.com/questions/5209671/zend-framework-nedd-typical-example-of-acl

http://codeutopia.net/blog/2009/02/06/zend_acl-part-1-misconceptions-and-simple-acls/