I am trying to follow an online tutorial in Phalcon PHP, and I'm at the stage where we are creating an ACL, and setting permissions based on the user's role (which is pulled from a session variable).
However, even when a user logs in, and their role changes from guest to user, the permissions file does not seem to set their permissions correctly, and so they do not get forwarded to their dashboard, but instead drop back to the login screen.
Permissions.php
use Phalcon\Mvc\Dispatcher;
use Phalcon\Events\Event;
use Phalcon\Acl;
class Permission extends Phalcon\Mvc\User\Plugin
{
const GUEST = 'guest';
const USER = 'user';
const ADMIN = 'admin';
protected $_publicResources = [
'index' => '*',
'login' => '*'
];
protected $_userResources = [
'dashboard' => ['*'],
'logout' => ['*']
];
protected $_adminResources = [
'admin' => ['*']
];
public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
{
$role = $this->session->get('role');
if (!$role) {
$role = self::GUEST;
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->_getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
if ($allowed != Acl::ALLOW) {
$this->response->redirect('login/');
return false;
}
}
protected function _getAcl()
{
if (!isset($this->persistent->acl)) {
$acl = new Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$roles = [
self::GUEST => new Acl\Role(self::GUEST),
self::USER => new Acl\Role(self::USER),
self::ADMIN => new Acl\Role(self::ADMIN)
];
foreach ($roles as $role) {
$acl->addRole($role);
}
foreach ($this->_publicResources as $resource => $action) {
$acl->addResource(new Acl\Resource($resource), $action);
}
foreach ($this->_userResources as $resource => $action) {
$acl->addResource(new Acl\Resource($resource), $action);
}
foreach ($this->_adminResources as $resource => $action) {
$acl->addResource(new Acl\Resource($resource), $action);
}
foreach ($roles as $role) {
foreach ($this->_publicResources as $resource => $action) {
$acl->allow($role->getName(), $resource, '*');
}
}
foreach ($this->_userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(self::USER, $resource, $action);
$acl->allow(self::ADMIN, $resource, $action);
}
}
foreach ($this->_adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow(self::ADMIN, $resource, $action);
}
}
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
}
And if I print_r($acl), this is what I get:
Phalcon\Acl\Adapter\Memory Object
(
[_eventsManager:protected] =>
[_defaultAccess:protected] => 0
[_accessGranted:protected] => 1
[_activeRole:protected] => user
[_activeResource:protected] => index
[_activeAccess:protected] => index
[_rolesNames:protected] => Array
(
[guest] => 1
[user] => 1
[admin] => 1
)
[_roles:protected] => Array
(
[0] => Phalcon\Acl\Role Object
(
[_name:protected] => guest
[_description:protected] =>
)
[1] => Phalcon\Acl\Role Object
(
[_name:protected] => user
[_description:protected] =>
)
[2] => Phalcon\Acl\Role Object
(
[_name:protected] => admin
[_description:protected] =>
)
)
[_resourcesNames:protected] => Array
(
[*] => 1
[index] => 1
[login] => 1
[dashboard] => 1
[logout] => 1
[admin] => 1
)
[_resources:protected] => Array
(
[0] => Phalcon\Acl\Resource Object
(
[_name:protected] => index
[_description:protected] =>
)
[1] => Phalcon\Acl\Resource Object
(
[_name:protected] => login
[_description:protected] =>
)
[2] => Phalcon\Acl\Resource Object
(
[_name:protected] => dashboard
[_description:protected] =>
)
[3] => Phalcon\Acl\Resource Object
(
[_name:protected] => logout
[_description:protected] =>
)
[4] => Phalcon\Acl\Resource Object
(
[_name:protected] => admin
[_description:protected] =>
)
)
[_access:protected] => Array
(
[guest!*!*] => 0
[user!*!*] => 0
[admin!*!*] => 0
[guest!index!*] => 1
[guest!login!*] => 1
[user!index!*] => 1
[user!login!*] => 1
[admin!index!*] => 1
[admin!login!*] => 1
)
[_roleInherits:protected] =>
[_accessList:protected] => Array
(
[*!*] => 1
[index!*] => 1
[login!*] => 1
[dashboard!*] => 1
[logout!*] => 1
[admin!*] => 1
)
[_func:protected] =>
[_noArgumentsDefaultAction:protected] => 1
)
