ZF2 redirect if ACL does not allow access to page

Question

I have module which builds my ACL tree which is working fine.

I also have a navigation configuration file in the config/autoload directory which details my application structure along with resources associated with the entries. I also have a navigation factory in my application module config.

All of this is working fine and I am rendering my menu based on the permissions on the role of the logged in user and the resources against the page in the navigation config.

What I can't work out is how to prevent access to the pages which the user doesn't have access to (the ones which are hidden in the rendered navigation menu). I would like this to be managed within a module.

I'm assuming that in the my Module.php file, in the onBootstrap function, I would need to run isAllowed against the ACL and redirect (as in this question - Forward to another controller/action from module.php). isAllowed seems to require the resource to query against however. This would need to be obtained from the navigation config.

I can get this working if I hardcode the resource required in the isAllowed function. Effectively, I just need to get the resource of the current page request from the navigation config.

I'm sure this must be standard functionality but I can't find any specific examples.

Any help appreciated.

Chris

Answer 1

Is this what you are looking for, or are you looking for how to access your config from within the onBootstrap method?

public function onBootstrap($event) {
    $matched_route = $event->getRouteMatch()->getMatchedRouteName();
    $someOtherClass = new MyClassThatAuthenticatesRoutes();
    if(!($someOtherClass->isAllowed($matched_route)){
        $response = $event->getResponse();
        $response->setStatusCode(401);
        $response->setReasonPhrase('Not allowed!');
        return $response;
    }

If you're looking for just the config you can go:

 $sm = $e->getApplication()->getServiceManager();
 $config = $sm->get('config');

Answer 2

If you're needing to match the routes for ACL look into doing something like:

/**
 * Retrieve the route match
 * 
 * @return string
 */
protected function getMatchRoute()
{
    $router  = $this->getServiceLocator()->get('router');
    $request = $this->getServiceLocator()->get('request');      

    $this->routeMatch = $router->match($request)->getMatchedRouteName();

    return $this->routeMatch;
}

Then in your controller:

// note, $acl is just a class I wrote to extend class Zend\Permissions\Acl\Acl
// because I needed additional functionality    
$acl = new \PATH_TO\Acl\Acl(); 

// checkAcl(), just however you plan on handling permissions
// $role is obviously just that, the role of the user, where ever 
// you are setting that.
// the second param is from the method in the above code block which is the 
// resource (page) you are wanting to check against
$access = $acl->checkAcl($role, $this->getMatchRoute());

// they don't have access so redirect them
if (!$access)
{
    return $this->redirect()->toRoute('your_route', array());
}

If you need to see anymore code just let me know but hopefully this gets you started.