Hi Ralph,
thanks for your reply. I am also working on the better solution you
suggested but with that solution I got stuck. This is my listener (a
little shortened):
--------------------------------------------------------------------
class RouteListener implements ListenerAggregateInterface
{
public function attach(EventManagerInterface $events)
{
$this->listeners[] = $result = $events->attach(
MvcEvent::EVENT_DISPATCH, array($this, 'checkAcl'), 100
);
}
public function checkAcl(EventInterface $e)
{
$acl = $e->getApplication()->getServiceManager()
->get('User\Acl\Service');
$routeMatch = $e->getRouteMatch();
$response = $e->getResponse();
if (!$acl->isAllowed(
$routeMatch->getParam('controller'),
$routeMatch->getParam('action')
)) {
$routeMatch->setParam('controller', 'user');
$routeMatch->setParam('action', 'forbidden');
}
}
}
--------------------------------------------------------------------
So, the checkAcl() is processed before the dispatching. But at that
stage the dispatcher did not identify any missing controller or action.
So file not found errors are not thrown because the forbidden error
comes first. When I clear out the 100 or change it to any negative value
then the FnF error is thrown, but the ACL check does not work. Any user
with insufficient rights can access all other pages he isn't allowed to.
I looked into the code and I think the dispatching process is done
within the Zend\Mvc\DispatchListener::onDispatch() method. Correct my if
I am wrong. Since there is no isDispatchable() method any where to check
I don't see any chance to do an ACL check before the dispatching takes
place.
Do you have another idea?
Regards,
Ralf
--
List: [email protected]
Info: http://framework.zend.com/archives
Unsubscribe: [email protected]
