Bypassing method()/function() code upon ACL check failure. Without using IF statement, or return;

Question

I'm using Kohana 3.2 with Controller_Template. Basically what I would like to do is to check the ACL of each action_method. If fail, load the access denied view and skip the rest of the action_method code; else continue loading.

I know I could use an if...else statement to do a simple boolean check (or even do a if(check_permission())return;), but I hope there is a more elegant way of handling it with the least amount of extraneous code in the action_page()... if possible, just check_permission();. I'm okay with adding more code within function check_permission()

function check_permission() {
    $this->template->content = View::factory('system/access_denied')
        ->bind('title', $title);
    $title = 'Access Denied';
}

function action_page() {
    check_permission();

    $this->template->content = View::factory('page/index')
        ->bind('title', $title);
        ->bind('data', $data);

    $title = 'Page loaded';
    .
    .
    .
}

Perhaps there is some way specifically in kohana that can achieve this? Native php is fine too...

score 1 · Accepted Answer · answered May 21 '12 at 09:18

If you need a nice ACL module you can take the Acl of the Zend Framework. Here is the Kohana module that include the Zend Framework.

You can use it like this:

start:

$acl = new Zend_Acl();

add roles:

$acl->addRole(new Zend_Acl_Role('guest'))
  ->addRole(new Zend_Acl_Role('member'))
  ->addRole(new Zend_Acl_Role('admin'));

add resources (controller):

$acl->add(new Zend_Acl_Resource('someController'));

allow access for role and privileges (action) of a resouce (controller):

 $acl->allow('member', 'someController' array('page'));

then check in you befor method the permission of the user:

public function befor() 
{
    $role = .... // role from user
    $resource = $this->request->controller();
    $action = $this->request->action();

    if ($acl->isAllowed($role, $resource, $action)) 
    {
      //...redirect
    }
}

Is this, what you looking for?

Actually, I'm already using Wouter's ACL module which is very similar to Zend. My `if(!$this->enforce_privilege('page','delete')) return;` contains the `$acl->isAllowed()` with some code to load access denied view. +1 for effort anyway Until I find a better solution I'm using `if(!$this->check_permission('page','view')) return;` — ephemeron, May 21 '12 at 10:39

score 0 · Answer 2 · answered May 21 '12 at 06:47

0

I think Request::current()->redirect('...') an befor() will to help you.

like this:

  public function befor() 
  {
    parent::befor();

    if (... have no access) 
    {
       Request::current()->redirect('access/denied');
    }
  }

...

Class Access extends Controller_Template {

  public function action_denied() 
  {
    $this->template->content = View::factory('system/access_denied')
        ->bind('title', $title);
    $title = 'Access Denied';
  }
}

answered May 21 '12 at 06:47

Igor Besel

144
1
3

Hmmm, the problem that I face with that is I'm unable to check the permission for individual controller methods (within the method); unless I create a lookup array of the available methods and map them to their privileges in `before()`. However that is not what I'm looking for :( – ephemeron May 21 '12 at 08:22

Bypassing method()/function() code upon ACL check failure. Without using IF statement, or return;

2 Answers2