Have Geek Brain

How do I force the user to log in to view any page?

I am currently playing with Zend Framework and I have an authentication code using Zend_Auth. I'm trying to find a way to make sure the user is logged in before they can view anything, but I don't want to do this on a per controller basis.

I think it's a plugin, but all the books I have on it are pretty rubbish in that regard.

+1


a source to share


5 answers


A plugin is a good idea. I answered a similar question:

How do I centralize the code from my init functions across all controllers?



Also check the documentation page for Zend Controller Plugins

+1


a source 


Zend_Auth::getInstance()->hasIdentity()

You can use this to determine if the user is logged in and then use a redirector to redirect to the login page if not.



However, it is easiest to use the Redirector Zend Controller Action Helper .

+2


a source


Have a look at Zend ___ Acl which can be used to determine if a user has access to certain resources. A resource can be almost anything, but in this context, you can use an ACL to define your controllers and actions as resources. Each registered user is assigned several roles (we store them in the database). In the plugin, you check the controller request and action after routing is complete. Collect user roles via Zend_Auth and check them against ACLs. If the ACL says the user has permission to access the resource, do nothing, otherwise you can redirect / redirect to your error controller and print the error.

// Pseudo-code. You need to define the ACL and roles somehow.
class AclPlugin extends Zend_Controller_Plugin {
    public function routeShutdown(Zend_Controller_Request_Abstract $request)
    {

        $controller = $request->getControllerName();
        $action = $request->getActionName();
        $roles = Zend_Auth::getInstance()->getRoles();
        $acl = new MyAcl();
        if($acl->hasAccess($roles, $controller, $action)) { return; }
        // None of the user roles gave her access to the requested 
        // controller/action, so re-write the request to the error controller
        $request->setControllerName('error')
                ->setActionName('authorizationFailed')
                ->setParam('resource', array('controller' => $controller
                                             'action' => $action));
    }
}
class MyAcl extends Zend_Acl {
    public function hasAccess($roles, $controller, $action) {
        foreach($roles as $role) {
            if($acl->isAllowed($role, $controller, $action)) {
                return true; // Simplified. Here we say if one of the user roles can
                             // access a resource, that is good enough. 
                             // Might want to do something a bit more complicated.
            }
        }
        return false;
    }
}
+1


a source


How to set up a global controller that extends Zend_Controller_Action and then your controllers extend from the global controller. Then does your global controller put Zend_Auth :: getInstance () -> hasIdentity () in init () or preDispatch?

+1


a source


I've been pondering the same subject lately (ZF newbie) and thinking about doing authentication checks in bootstrap (possibly with a list of "workaround" controllers / actions).

0


a source






More articles:


All Articles