I have setup the bjyoungblood/bjy-authorize module, but I am currently getting a 403 "access denied" error for each URL except for the one configured in the home route.
My module.byjauthorize.global.php looks like following:
'bjyauthorize' => array(
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'index', 'action' => 'index', 'roles' => array('guest','user')),
array('controller' => 'index', 'action' => 'stuff', 'roles' => array('user')),
array('controller' => 'zfcuser', 'roles' => array()),
//backend
array('controller' => 'Application\Controller\Index', 'roles' => array('admin')),
array('controller' => 'MyModule\MyEntity\MyEntity', 'roles' => array('admin')),
),
'BjyAuthorize\Guard\Route' => array(
array('route' => 'zfcuser', 'roles' => array('user')),
array('route' => 'zfcuser/logout', 'roles' => array('user')),
array('route' => 'zfcuser/login', 'roles' => array('guest')),
array('route' => 'zfcuser/register', 'roles' => array('guest')),
array('route' => 'home', 'roles' => array('admin')),
array('route' => 'my-entity', 'roles' => array('admin')),
),
),
),
I tried deleting the BjyAuthorize\Guard\Route part, but with no effect.
When I remove the home route then the homepage is also blocked.
So both Controller- and Route-Guard seem to work.
How can I debug this behavior?
NOTE: following is valid for BjyAuthorize 1.2.*
First of all, consider that protecting both the routes and the controllers is unnecessary. I personally always protect the controllers only, since there may be multiple routes to a same controller.
Once you removed either the route or the controller guard's config, you can:
Install Zend Developer Tools, which allows you to have an overview of the currently set Acl role, like in this picture:
Check if you have configured the correct identity provider: the default one uses ZfcUser's user id and looks up his role in the user_role table.
Check that the guest role has access to the public pages, such as the zfcuser controller (for login actions) or the zfcuser/login route.
As Akrabat pointed out, the configuration for the BjyAuthorize\Guard\Controller and BjyAuthorize\Guard\Route are whitelists, which basically means that you have to setup access for the default guest role if you want to browse pages being un-authenticated.
As soon as a guard is configured, it blocks access to any not configured resource, so be sure that you have granted the role guest (or whatever you configured in $config['bjyauthorize']['default_role'] access at least the login controller or route.
As soon as you create one entry in the 'BjyAuthorize\Guard\Controller' array, then you need to create entries for every controller with permissions as appropriate.
I have this:
'BjyAuthorize\Guard\Controller' => array(
// Access for everyone
array('controller' => 'zfcuser', 'roles' => array('guest')),
array('controller' => 'Application\Controller\Index', 'action' => 'index', 'roles' => array('guest')),
array('controller' => 'error', 'roles' => array('guest')),
// Restricted
array('controller' => 'User\Controller\AdminUser', 'roles' => array('admin')),
),
It's important that you give guest access to zfuser (for logging in!) and error (hard to debug stuff otherwise).
I've not tried using controller and route guards simultaneously.
I had the exact same issue.
I think the problem is that BjyAuthorize is not well documented so many of us are simply copying and pasting and working out from the files provided. For instance from the following:
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'zfcuser', 'roles' => array()),
),
You would expect to add your controllers as such:
array('controller' => 'controllername', 'role' => array()),
However you need to add the full path otherwise it will not work:
array('controller' => 'Folder/Controller/Action', 'role' => array()),
I hope this saves someone a few hours work as I was totally befuddled by this!
debug your code by this in module.php
public function onBootstrap($e)
{ echo "<pre>";
var_dump($e->getTarget()->getServiceManager()->get('BjyAuthorize\Provider\Identity\ProviderInterface'));
}
Related
How to define which module to fire first in Zend Framework 2, I need this as I have two modules created 1>front and another is 2>admin and my main folder is mysite , so my requirement is when I fire:
http://example.com
it should fire front module.
I'm unable to figure how to call the front modules controller.
I'm using Zend Framework 2 for first time.
In any module.config.php -
set the route as -
'router' => array(
'routes' => array(
'home' => array(
'type' => 'Zend\Mvc\Router\Http\Literal',
'options' => array(
'route' => '/', // due to '/' - http://mysite.net will call the below module's controller - action
'defaults' => array(
'__NAMESPACE__' => 'Application\Controller', //Set the front module name here
'controller' => 'Index', //set the front module's controller name
'action' => 'index', //here the action name
),
),
),
//..... some other routes
)
)
It will work fine. Let us know the result to help further.
I'm building an app using Zend Framework v2.2.0 and I'm creating different modules for each section.
In a module, called Company, there is this route:
'company_wines' => array(
'type' => 'Zend\Mvc\Router\Http\Segment',
'options' => array(
'route' => '/:slug_company/:action/',
'constraints'=>array(
':slug_company'=>'[a-zA-Z0-9\-_]+',
':action'=>'(wines|red\-wines|white\-wines|sparkling\-wines|dessert\-wines|rose\-wines){1}',
),
'defaults' => array(
'controller' => 'Company\Controller\Company',
),
),
),
In another module, called Vineyard, I have this route:
'vineyard_page' => array(
'type' => 'Zend\Mvc\Router\Http\Segment',
'options' => array(
'route' => '/vineyard/:slug_vineyard/',
'constraints'=>array(
':slug_vineyard'=>'[a-zA-Z0-9\-_]+',
),
'defaults' => array(
'controller' => 'Vineyard\Controller\Vineyard',
'action' => 'vineyard',
),
),
),
When I test with url domain.ext/Company-name/red-wines/ or domain.ext/Company-name/white-wines etc, the Company controller is invoked.
If I test with domain.ext/vineyard/Vineyard-name/, the Vineyard controller is not invoked, is still invoked the Company one and the error message say that the controller cannot dispatch the request. Off course there is no method called VineyardnameAction() in CompanyController class.
I was expecting that the route match against the list of values specified on regex for :action, also if the :slug_company regex match the "flag" vineyard, then there is no action that match the Vineyard-name part...
If I test the :action regex with preg_match_all, nothing is found in a string like domain.ext/vineyard/Vineyard-name/.
If I disable Company module or delete the the company_wines route, vineyard route is working.
I've solved creating different routes for each wines types, but I would like to understand whath I'm doing wrong :)
Your syntax is wrong:
'constraints' => array(
'slug_vineyard'=>'[a-zA-Z0-9\-_]+',
),
'constraints'=>array(
'slug_company'=>'[a-zA-Z0-9\-_]+',
'action'=>'(wines|red\-wines|white\-wines|sparkling\-wines|dessert\-wines|rose\-wines){1}',
),
remove the colon from the default / constraints section and it should work fine.
As you have put the colon in there the constraints aren't being forced so default constraints will be used, which ever route comes first will match.
Hi i set up zend framework 2 + BjyAuthorize + ZfcUser running, now i need some help.
Where to customize user register to chose roles?
Make all controllers under / route public and /admin for authenticated users?
How to configure access control for controller / action under /admin route on database?
I don't understand what you want to do.
Looking at the examples for the Route Guard at https://github.com/bjyoungblood/BjyAuthorize it does not seem like you can use wildcards. I'd use the Controller Guard and set permissions so that guests, users and admins can access everything apart from whatever controller(s) are used in the admin section.
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'admin', 'roles' => array('admin')),
array(
'controller' => array('index', 'anothercontroller', 'yetanothercontroller', ...),
'roles' => array('guest','user')),
)
Instead of array('controller' => 'admin', 'roles' => array('admin')),, set rules for each action. For example, assuming "founder" and "moderator" are sub-roles of "admin":
array(
'controller' => 'admin',
'action' => array('addUser', 'deleteUser'),
'roles' => array('founder')),
array(
'controller' => 'admin',
'action' => array('deleteComment'),
'roles' => array('moderator')),
I want to write routes for this type of urls
http://www.example.com/category/sub-category/id.html
here category is dynamic. means- i have 100 of categories in my db.
sub category is also dynamic.
i need to show page based on id value.
Any one please suggest.
Try reading the docs first its very simple :
'sample' => array(
'type' => 'Segment',
'options' => array(
'route' => '/:category[/:sub_category[/:id]].html',
'defaults' => array(
'controller' => 'Your Controller',
'action' => 'Your Action',
),
),
),
With this router config you can have :
http://www.example.com/category.html
http://www.example.com/category/sub-category.html
http://www.example.com/category/sub-category/id.html
I have been integrating the Auth and Acl with ZF2 in my application. I have followed the tutorial. http://p0l0.binware.org/index.php/2012/02/18/zend-framework-2-authentication-acl-using-eventmanager/
But, i can't get the features of ACL.
I have the used the ACL in Auth module instead of Users.
How can i restrict the access for guest? How to allow the member for all pages access?
I have not changed anything. Please check the tutorial.
Can anyone please sort out my problem? or else guide me to do.
Thanks.
Just starting to explore ACL. your problem comes up first in google search result.
It is clear that the namespaces in use in the tutorial are wrong (use Zend\Acl\Acl as ZendAcl,).
The ACL namespace is:
namespace Zend\Permissions\Acl;
class Acl implements AclInterface
ACL Setup in five minutes this is quick and easy way of setting up acl in your zendframework 2 application
I've had the same problem to resolve auth+acl control issue and finnaly I've got it. It's simple:
1 - Create a global or a special module acl config file: ....module/Profil/config/acl.config.php
You can place it under the global config directory of the application
return array(
'acl' => array(
'roles' => array(
'guest' => null,
'member' => 'guest',
'admin' => 'member'
),
'resources' => array(
'Profil' => array(
'Index' => array(
'allow' => array(
// action => member
'signup' => 'guest',
'index' => 'guest', // signin ;)
'home' => 'member',
'signout' => 'member',
'all' => 'admin',
),
'deny' => array(
'home' => 'guest',
),
),
),
),
),
);
Here I've defined how my module "Profil" can work and the roles that can use it and the limits for each one of them.
Roles:
A guest has no parent.A member inherits from the guest permissions.
The boss admin inherits from both member and guest.