4

I have a completely running mvc application on ZF2. I want to run some actions from command line. I have properly set up my console routes and other environments. When I run my app from CLI, I got Permission denied exception like this:

'You are not authorized to access GeneratePdf\Controller\GeneratePdf\GeneratePdf:generate-all' in /var/www/zf2-reporting/module/BjyAuthorize/src/BjyAuthorize/Guard/Controller.php‌​:172

I already have some user in my database. How can I use those credentials to authorize a CLI user to run Actions?

Edit:

Following is the guards array in bjyauthorize.global.php for mentioned controller.

'guards' => array(
'BjyAuthorize\Guard\Controller' => array(array('controller' => 'GeneratePdf\Controller\GeneratePdf', 'roles' => array('admin', 'letters_admin'))

I have used ZfcUser as well. How can I pass user login credentials from CLI. Or if there is any way to use user session from cli.

Thanks

regeint
  • 888
  • 2
  • 17
  • 38
  • Can you show us your guard setup? It seems that you did not add the controller to the 'BjyAuthorize\Guard\Controller'. – cptnk Jan 08 '14 at 09:10
  • it is already in guards array like this: 'guards' => array( /* If this guard is specified here (i.e. it is enabled), it will block * access to all controllers and actions unless they are specified here. * You may omit the 'action' index to allow access to the entire controller */ 'BjyAuthorize\Guard\Controller' => array(array('controller' => 'GeneratePdf\Controller\GeneratePdf', 'roles' => array('admin', 'letters_admin')) How to pass user session in the app (my app uses ZfcUser as well)? – regeint Jan 08 '14 at 09:51
  • I am pretty sure that your cli does not have the admin role and thats why the access is denied. Try authenticate the console and then access the controller. – cptnk Jan 08 '14 at 10:12
  • I have not done anything to "authenticate the console". I just simply run cli like this: php public/index.php generate all, how to do authenticate the console? – regeint Jan 08 '14 at 10:20
  • within your console Controller you have to use the https://github.com/ZF-Commons/ZfcUser/blob/master/src/ZfcUser/Authentication/Adapter/Db.php service and authenticate your cli. Security wise it should be alright to do so since the Console route should only be run trough the console. Alternativily you could create a console role and add it to your guards you will still have to authenticate the console though. – cptnk Jan 08 '14 at 10:29
  • @cptnk, I am not getting your answer properly. How to actually authenticate cli? You just said to use this class: ZfcUser\Authentication\Adapter\Db, but how? Adding a role to guards is ok, but console role? Do you mean by a user who runs from cli commands or anything else? Could you please give me some example code, that would be really great. – regeint Jan 08 '14 at 17:58

1 Answers1

4

I found the solution. I am not able to give permission for cli user but it has done by disabling bjyAuthorize while running from CLI.

I found solution on this: How to use BjyAuthorize in ZF2 CLI application?

Here is the explanation for others if they found this issue:

To disable bjyAuthorize while running from cli, we can do like below in application.config.php.

Do not add "BjyAuthorize" and "BjyProfiler" in your application.config.php array initially. Check for console, if not console access then add them in $config array.

if (!Console::isConsole()) {
    array_unshift($config['modules'], 'BjyAuthorize');
    array_unshift($config['modules'], 'BjyProfiler');
}
return $config;

Also it is necessary to check Console in Application/Module.php's onBootstrap method like below

if (!Console::isConsole()) {
        $authorize = $sm->get('BjyAuthorize\Service\Authorize');
        $acl = $authorize->getAcl();
        $role = $authorize->getIdentity();
    }

Last but not least, do not forget to import Console class:

use Zend\Console\Console;
regeint
  • 888
  • 2
  • 17
  • 38