id|role_id|is_default|parent_id
1 |guest | 0 | NULL
2 |user | 0 | NULL
3 |group| 0 | user
4 |admin| 0 | user
Конфиг:
<?php
return array(
'bjyauthorize' => array(
// set the 'guest' role as default (must be defined in a role provider)
'default_role' => 'guest',
//'authenticated_role' => 'user',
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
* roles the "identity role" should inherit from.
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => //'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
'BjyAuthorize\Provider\Identity\ZfcUserZendDb',
/*
* If you only have a default role and an authenticated role, you can
* use the 'AuthenticationIdentityProvider' to allow/restrict access
* with the guards based on the state 'logged in' and 'not logged in'.
*
* 'default_role' => 'guest', // not authenticated
* 'authenticated_role' => 'user', // authenticated
* 'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider',
*/
/*
* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\Config' => [
'guest' => array(),
// 'user' => array('children' => array(
// 'admin' => array(),
// )),
],
// this will load roles from the user_role table in a database
// format: user_role(role_id(varchar), parent(varchar))
'BjyAuthorize\Provider\Role\ZendDb' => array(
'table' => 'user_role',
'role_id_field' => 'role_id',
'parent_role_field' => 'parent_id'
)
),
// this will load roles from the 'BjyAuthorize\Provider\Role\Doctrine'
// service
// 'BjyAuthorize\Provider\Role\Doctrine' => array(),
// resource providers provide a list of resources that will be tracked
// in the ACL. like roles, they can be hierarchical
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array()
)
// 'pants' => array(),
,
/* rules can be specified here with the format:
* array(roles (array), resource, [privilege (array|string), assertion])
* assertions will be loaded using the service manager and must implement
* Zend\Acl\Assertion\AssertionInterface.
* *if you use assertions, define them using the service manager!*
*/
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
// 'allow' => array(
// // allow guests and users (and admins, through inheritance)
// // the "wear" privilege on the resource "pants"
// // array(array('guest', 'user'), 'pants', 'wear')
// ),
// Don't mix allow/deny rules if you are using role inheritance.
// There are some weird bugs.
'deny' => array()
)
),
/* Currently, only controller and route guards exist
*
* Consider enabling either the controller or the route guard depending on your needs.
*/
'guards' => array(
'BjyAuthorize\Guard\Controller' => [
[
'controller' => [
'UserProfile\Controller\Index',
'UserProfileMod\Controller\Index',
'UserProfile\Controller\Index',
'ScnSocialAuth-User',
]
,
'action' => [
'index',
'userToCompany', // UserProfileMod\Controller\Index
'profileEdit', // UserProfile\Controller\Index
'showProfilePhoto', //'UserProfile\Controller\Index',
'logout', //'ScnSocialAuth-User',
'deleteProfilePhoto', // 'UserProfile\Controller\Index',
],
'roles' => ['user']
],
[
'controller' => 'UserProfile\Controller\Api',
'roles' => ['user']
],
[
'controller' => [
'Application\Controller\Index',
'ScnSocialAuth-User',
'zfcuser',
'Voodoo773Localization\Controller\Index',
'Acex\Controller\Service',
'Acex\Controller\Api'
]
,
'action' => [
'index', // 'Application\Controller\Index',
'login',
'register',
'provider-login',
'convert', // 'Acex\Controller\Service',
'getCity', // Acex\Controller\Api
] // UserProfile\Controller\Index
,
'roles' => ['guest']
],
[
'controller' => 'Company\Controller\Index',
'roles' => ['group', 'admin'],
]
],
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all controllers and actions unless they are specified here.
* You may omit the 'action' index to allow access to the entire controller
*/
// 'BjyAuthorize\Guard\Controller' => array(
// ),
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all routes unless they are specified here.
*/
// 'BjyAuthorize\Guard\Route' => array(
// // array('route' => 'zfcuser', 'roles' => array('user')),
// // array('route' => 'zfcuser/logout', 'roles' => array('user')),
// // array('route' => 'zfcuser/login', 'roles' => array('guest')),
// // array('route' => 'zfcuser/register', 'roles' => array('guest')),
// // // Below is the default index action used by the ZendSkeletonApplication
// // array('route' => 'home', 'roles' => array('guest', 'user')),
// ),
)
)
);
На странице: