0

I am using the code below to make the ACL not allowed roles to be redirected to a specific page, the problem is that it is working fine by routing the user to the page needed but without changing the URL. So lets assume a user is trying to go to the admin index page (localhost/Admin) without logging in, the ACL plug in will rout the user to the log in page but without changing the URL (localhost/Admin/Login). any ideas why this is happening?

class Hyderlib_Controller_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract {

    private $_acl = null;
    private $_auth = null;

    public function __construct(Zend_Acl $acl, Zend_Auth $auth) {
        $this->_acl = $acl;
        $this->auth = $auth;
    }

    public function preDispatch(Zend_Controller_Request_Abstract $request) {
        $module = $request->getModuleName();
        $recourse = $request->getControllerName();
        $action = $request->getActionName();


        $identity = $this->auth->getStorage()->read();



        if (!isset($identity)) {


            $role = 'default';
        } else {
            $db = Zend_Db_Table::getDefaultAdapter();
            $Role = $db->select()->from('User_Account')->where('Email = ?', $identity);
            $result = $db->fetchRow($Role);
            $role = $result['Role'];
        }

        if (!$this->_acl->isAllowed($role, $module, $recourse, $action)) {

            $request->setModuleName('Admin')
                    ->setControllerName('Login')
                    ->setActionName('index');
        }

        //$role = $identity->Role;
    }

}

I provide the whole code to show that the code below is used in the zend controller plugin in the the preDispatch if this make any difference. 

$request->setModuleName('Admin')
                        ->setControllerName('Login')
                        ->setActionName('index');
dori naji
  • 980
  • 1
  • 16
  • 41

2 Answers2

3

Url is not changing because its an internal redirect of ZF MVC . But its a good thing because if you do what david have answered above then if user is not even allowed on index action of login controller of admin module then he will stuck in infinite loop of redirection .

Another advantage of internal redirection is when user login successfully you can redirect him to the url on which he actually wanted to go simply by 

$this->redirect($_SERVER['REQUEST_URI');
Mr Coder
  • 8,169
  • 5
  • 45
  • 74
  • Certainly, it is a convenience for the user to send him to his intended destination after he logs in. But I would save that in the session; redirect to login; and, on successful login, redirect him to his desired destination. This way, the displayed urls in his location bar actually reflect the functionalty he is performing at the time. Re: infinite redirect loops: Sure, always a danger. But typically, one removes/excludes ACL restrictions from the login page. After all, that's what the login page is for. – David Weinraub May 13 '12 at 07:04
1

If you want the url in the browser's location bar to change, you need to redirect (i.e., send those headers to the browser), not forward (i.e., simply modify the $request object on the server side).

So, instead of:

$request->setModuleName('Admin')
        ->setControllerName('Login')
        ->setActionName('index');

try:

$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->gotoSimpleAndExit('index', 'Login', 'Admin');
David Weinraub
  • 14,144
  • 4
  • 42
  • 64