I have been integrating the Auth and Acl with ZF2 in my application. I have followed the tutorial. http://p0l0.binware.org/index.php/2012/02/18/zend-framework-2-authentication-acl-using-eventmanager/
But, i can't get the features of ACL.
I have the used the ACL in Auth module instead of Users.
How can i restrict the access for guest? How to allow the member for all pages access?
I have not changed anything. Please check the tutorial.
Can anyone please sort out my problem? or else guide me to do.
Thanks.
Just starting to explore ACL. your problem comes up first in google search result.
It is clear that the namespaces in use in the tutorial are wrong (use Zend\Acl\Acl as ZendAcl,).
The ACL namespace is:
namespace Zend\Permissions\Acl;
class Acl implements AclInterface
ACL Setup in five minutes this is quick and easy way of setting up acl in your zendframework 2 application
I've had the same problem to resolve auth+acl control issue and finnaly I've got it. It's simple:
1 - Create a global or a special module acl config file: ....module/Profil/config/acl.config.php
You can place it under the global config directory of the application
return array(
'acl' => array(
'roles' => array(
'guest' => null,
'member' => 'guest',
'admin' => 'member'
),
'resources' => array(
'Profil' => array(
'Index' => array(
'allow' => array(
// action => member
'signup' => 'guest',
'index' => 'guest', // signin ;)
'home' => 'member',
'signout' => 'member',
'all' => 'admin',
),
'deny' => array(
'home' => 'guest',
),
),
),
),
),
);
Here I've defined how my module "Profil" can work and the roles that can use it and the limits for each one of them.
Roles:
A guest has no parent.A member inherits from the guest permissions.
The boss admin inherits from both member and guest.
Related
Using ZF2 to customise an Entity based on ZfcUser. Trying to use ScnSocialAuth and got a bit of a problem.
The problem is that I am using custom routes ('/account' instead of '/user') and when implementing ScnSocialAuth I cannot get the social code into my custom zfcuser view...?
I have \\view\zfc-user\user\register.php which overrides the zfcuser registration.
I have a customised route:
'account' => array(
'type' => 'Zend\Mvc\Router\Http\Literal',
'options' => array(
'route' => '/account',
),
),
These are my zfc config modification within \my-module\config\module.config.php
'zfcuser' => array(
// telling ZfcUser to use our own class
'user_entity_class' => 'WMember\Entity\WMember',
// telling ZfcUserDoctrineORM to skip the entities it defines
'enable_default_entities' => false,
'table_name' => 'w_member',
'login_redirect_route' => 'account',
),
My global \config\application.config.php
'ScnSocialAuth',
'MyModule1',
'ZfcBase',
'ZfcUser',
'BjyAuthorize',
'GoalioMailService',
'GoalioForgotPassword',
'my-user-module',
Therefore, after all this:
I can see my own extended User registration form by navigating to
/account/register with no Social login links visible
I can see the ScnSocialAuth when navigating to /user/register
a) I cannot create the view in my module to override \vendor\scn-social-auth\user\register.phtml as was done with zfcuser
Please help with getting ScnSocialAuth to work with my custom route setup.
If this is just wrong please let me know as I'm not ZF2 expert. Happy to take 'constructive' criticism.
Saw these posts: How to (correctly) extend ScnSocialAuth\Authentication\Adapter\HybridAuth::authenticate() method?
and this as a result of the above post:
https://github.com/SocalNick/ScnSocialAuth/issues/202
NOTE: still running ZF-2.3* due to PHP 5.3,5.4
Instead of adding a custom route to your config, you need to over-ride the zfcuser route
<?php
// #file MyUserModule/config/module.config.php
return array(
// other config ...
'router' => array(
'routes' => array(
'zfcuser' => array(
'options' => array(
// this is the only change needed to route zfcuser to /account
'route' => '/account',
),
),
),
),
// more config ...
);
The ScnSocialAuth module uses the forward() plugin to render the content from zfcusers register view (and login view iirc), which means it will only ever look at the zfcuser route and completely ignore your custom route. The only way to have it use your custom route would be to replace ScnSocialAuths UserController with your own using identical code but forwarding to your custom route (much more work there, and still the potential to break anything else that expects zfcuser to be the route used)
Is it be possible to make a website that doesn't reveal any relative URL's at all?
Say for example, I have a domain name "somedomain.xyz" and I want to route everything through the default route, and I want not to reveal any paths or route structures to the end user.
The end user shall only see the domain name in the browser's address bar, like:
http://somedomain.xyz
or
https://somedomain.xyz.
Any path like
http://somedomain.xyz/index.php
or
http://somedomain.xyz/index or
http://somedomain.xyz/index/index
shall show a 404.
And I don't care about SEO stuff and static pages.
Is that possible with ZF2, and if yes, then how?
similar question: hide module and action name from zf2 routing
Just create a hostname route for subdomain.xyz like so:
'my-route' => array(
'type' => 'Hostname',
'options' => array(
'route' => 'subdomain.xyz',
'defaults' => array(
'controller' => 'MyApp\Controller\TheController',
'action' => 'whatever-action',
),
),
),
see here for a complete solution, with using HTTP POST vars for the routing:
ZF2 routing via post vars
Hi i set up zend framework 2 + BjyAuthorize + ZfcUser running, now i need some help.
Where to customize user register to chose roles?
Make all controllers under / route public and /admin for authenticated users?
How to configure access control for controller / action under /admin route on database?
I don't understand what you want to do.
Looking at the examples for the Route Guard at https://github.com/bjyoungblood/BjyAuthorize it does not seem like you can use wildcards. I'd use the Controller Guard and set permissions so that guests, users and admins can access everything apart from whatever controller(s) are used in the admin section.
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'admin', 'roles' => array('admin')),
array(
'controller' => array('index', 'anothercontroller', 'yetanothercontroller', ...),
'roles' => array('guest','user')),
)
Instead of array('controller' => 'admin', 'roles' => array('admin')),, set rules for each action. For example, assuming "founder" and "moderator" are sub-roles of "admin":
array(
'controller' => 'admin',
'action' => array('addUser', 'deleteUser'),
'roles' => array('founder')),
array(
'controller' => 'admin',
'action' => array('deleteComment'),
'roles' => array('moderator')),
I want to redirect some pages to the login page instead of page 403.
By default BjyAuthorize redirects everything to a 403 page. Is it possible to configure this behavior?
I found this: RedirectionStrategy. How do I use this?
Finally I got it.
With version 1.2.* of BjyAuthorize, you simply add in config/autoload/bjyauthorize.global.php :
return array(
'bjyauthorize' => array(
'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
// [...]
),
);
And it will redirect you to the route configured in vendor/bjyoungblood/bjy-authorize/src/BjyAuthorize/View/RedirectionStrategy.php
Check this UnauthorizedStrategy class by Rob Allen: https://gist.github.com/akrabat/3783912
When using this class you have to configure BjyAuthorize to use it, like this:
return array(
'bjyauthorize' => array(
'unauthorized_strategy' => 'Application\View\UnauthorizedStrategy',
),
);
Edit:
Don't forget to add the relevant service manager config to allow the service manager to instantiate the UnauthorizedStrategy object:
'service_manager' => array(
'invokables' => array(
'Application\View\UnauthorizedStrategy' => 'Application\View\UnauthorizedStrategy',
),
I'm also trying and I came across this page: https://github.com/bjyoungblood/BjyAuthorize/issues/24
This way, you can extend the UnauthorizedStrategy.
I have setup the bjyoungblood/bjy-authorize module, but I am currently getting a 403 "access denied" error for each URL except for the one configured in the home route.
My module.byjauthorize.global.php looks like following:
'bjyauthorize' => array(
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'index', 'action' => 'index', 'roles' => array('guest','user')),
array('controller' => 'index', 'action' => 'stuff', 'roles' => array('user')),
array('controller' => 'zfcuser', 'roles' => array()),
//backend
array('controller' => 'Application\Controller\Index', 'roles' => array('admin')),
array('controller' => 'MyModule\MyEntity\MyEntity', 'roles' => array('admin')),
),
'BjyAuthorize\Guard\Route' => array(
array('route' => 'zfcuser', 'roles' => array('user')),
array('route' => 'zfcuser/logout', 'roles' => array('user')),
array('route' => 'zfcuser/login', 'roles' => array('guest')),
array('route' => 'zfcuser/register', 'roles' => array('guest')),
array('route' => 'home', 'roles' => array('admin')),
array('route' => 'my-entity', 'roles' => array('admin')),
),
),
),
I tried deleting the BjyAuthorize\Guard\Route part, but with no effect.
When I remove the home route then the homepage is also blocked.
So both Controller- and Route-Guard seem to work.
How can I debug this behavior?
NOTE: following is valid for BjyAuthorize 1.2.*
First of all, consider that protecting both the routes and the controllers is unnecessary. I personally always protect the controllers only, since there may be multiple routes to a same controller.
Once you removed either the route or the controller guard's config, you can:
Install Zend Developer Tools, which allows you to have an overview of the currently set Acl role, like in this picture:
Check if you have configured the correct identity provider: the default one uses ZfcUser's user id and looks up his role in the user_role table.
Check that the guest role has access to the public pages, such as the zfcuser controller (for login actions) or the zfcuser/login route.
As Akrabat pointed out, the configuration for the BjyAuthorize\Guard\Controller and BjyAuthorize\Guard\Route are whitelists, which basically means that you have to setup access for the default guest role if you want to browse pages being un-authenticated.
As soon as a guard is configured, it blocks access to any not configured resource, so be sure that you have granted the role guest (or whatever you configured in $config['bjyauthorize']['default_role'] access at least the login controller or route.
As soon as you create one entry in the 'BjyAuthorize\Guard\Controller' array, then you need to create entries for every controller with permissions as appropriate.
I have this:
'BjyAuthorize\Guard\Controller' => array(
// Access for everyone
array('controller' => 'zfcuser', 'roles' => array('guest')),
array('controller' => 'Application\Controller\Index', 'action' => 'index', 'roles' => array('guest')),
array('controller' => 'error', 'roles' => array('guest')),
// Restricted
array('controller' => 'User\Controller\AdminUser', 'roles' => array('admin')),
),
It's important that you give guest access to zfuser (for logging in!) and error (hard to debug stuff otherwise).
I've not tried using controller and route guards simultaneously.
I had the exact same issue.
I think the problem is that BjyAuthorize is not well documented so many of us are simply copying and pasting and working out from the files provided. For instance from the following:
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'zfcuser', 'roles' => array()),
),
You would expect to add your controllers as such:
array('controller' => 'controllername', 'role' => array()),
However you need to add the full path otherwise it will not work:
array('controller' => 'Folder/Controller/Action', 'role' => array()),
I hope this saves someone a few hours work as I was totally befuddled by this!
debug your code by this in module.php
public function onBootstrap($e)
{ echo "<pre>";
var_dump($e->getTarget()->getServiceManager()->get('BjyAuthorize\Provider\Identity\ProviderInterface'));
}