We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Problem with ACL

I created a SecurityPlugin following the invo on github, but despite apparently correct the code, it is leaving no private area as it should out, what is wrong?

services.php

 $di->set('dispatcher', function() use ($di) {

$eventsManager = new EventsManager; $eventsManager->attach('dispatch:beforeDispatch', new SecurityPlugin); $dispatcher = new Dispatcher(); $dispatcher->setEventsManager($eventsManager); return $dispatcher; });

SecurityPlugin.php

 use Phalcon\Acl;
 use Phalcon\Acl\Role;
 use Phalcon\Acl\Resource;
 use Phalcon\Events\Event;
 use Phalcon\Mvc\User\Plugin;
 use Phalcon\Mvc\Dispatcher;
 use Phalcon\Acl\Adapter\Memory as AclList;

 class SecurityPlugin extends Plugin {

  public function getAcl(){

      if (!isset($this->persistent->acl)) {

          $acl = new AclList();

          $acl->setDefaultAction(Acl::DENY);

          //Register Roles
          $roles = array(
              'admin'       =>  new Role('Admin'),
              'guests'  =>  new Role('Guests')
          );
          //Add Roles
          foreach ($roles as $role){
              $acl->addRole($role);
          }

          //Private area resources
          $privateResources = array(
              'teste'       =>  array('acl', 'phql')
          );
          //Add Resources
          foreach ($privateResources as $resource => $actions){
              $acl->addResource(new Resource($resource), $actions);
          }

          //Public area resources
          $publicResources = array(
                  'teste'      => array('builder'),

          );
          foreach ($publicResources as $resource => $actions) {
              $acl->addResource(new Resource($resource), $actions);
          }
          //Grant access to public areas to both users and guests
          foreach ($roles as $role) {
              foreach ($publicResources as $resource => $actions) {
                  foreach ($actions as $action){
                      $acl->allow($role->getName(), $resource, $action);
                  }
              }
          }

          //Grant Acess private areas
          foreach ($privateResources as $resource => $actions){
              foreach ($actions as $action){
                  $acl->allow('Admin', $resource, $action);
              }
          }

          $this->persistent->acl = $acl;
      }

      return $this->persistent->acl;
  }

  public function beforeDispatch(Event $event, Dispatcher $dispatcher){

      $auth = $this->session->get('auth');
      if (!$auth) {
          $role = 'Guests';
      }
      else {
          $role = 'Admin';
      }

      $controller = $dispatcher->getControllerName();
      $action       = $dispatcher->getActionName();

      $acl = $this->getAcl();

      $allowed = $acl->isAllowed($role, $controller, $action);
      if ($allowed != Acl::ALLOW) {
          $dispatcher->forward(array(
              'controller'  =>  'teste',
              'action'      =>  'erro'
          ));
          return false;
      }
  }
}

Plugins dir was added loader.php

No error appears. When access https://localhost/myapp/test/acl for example, the page is displayed normally as if it were public.

what is wrong?



33.8k

I would try replacing $acl->allow("Admin", $resource, $action); with $acl->allow($roles["admin"], $resource, $action);.

Hi, i followed your suggestion but not working...

I would try replacing $acl->allow("Admin", $resource, $action); with $acl->allow($roles["admin"], $resource, $action);.