Zend_Navigation、Zend_ACL +角色无法通过 AJAX 请求正确过滤
我目前在我的项目中一起使用 zend_acl 和 Zend_Navigation ,它似乎工作正常。我在我的网站中使用了大量 AJAX,并使用 jqModal 和 jQuery 进行登录,这些登录用户无需重新加载当前页面,并且还需要重新加载导航。到目前为止我已经让它工作了,但是返回的导航是可见字段为 true 的所有链接,这是不正确的。例如,当我以用户身份登录时,登录链接不应该可见。
下面是我的 Action、JavaScript 函数和 JSON 返回的代码。
current role = admins
// CONTROLLER ACTION
public function getnavigationjsonAction()
{
//$view->navigation($container)->setAcl($this->_acl)->setRole(Zend_Registry::get('role'));
// echo $this->navigation()->menu();
$navigation = $this->getView()->navigation()->setAcl($this->_acl)->setRole(Zend_Registry::get('role'));
//die(Zend_Registry::get('role'));
//die($this->_acl);
$this->_helper->json($navigation->toArray());
}
// JAVASCRIPT FUNCTION
function reloadNavigationMenu()
{
//alert('reloading navigation');
$.ajax( {
url : "/default/ajax/getnavigationjson",
type : "POST",
cache : false,
async : false,
data : "format=json",
success : function(data) {
var html='<ul class="navigation">';
console.log(data);
$.each(data, function(i) {
if(data[i].visible === true) {
//console.log(data[i]);
html+='<li>';
html+='<a href="/'+data[i].module+'/'+data[i].controller+'/'+data[i].action+'">'+data[i].label+'</a>';
html+='</li>';
}
});
html+='</ul>';
$('#zend_navigation_container').html(html);
}
});
}
// RETURN JSON data from controller
[ { "action" : "index",
"active" : false,
"class" : null,
"controller" : "admin",
"id" : null,
"label" : "Admin Section",
"module" : "admin",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "admin:admin",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Home",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : null,
"rel" : [ ],
"reset_params" : true,
"resource" : null,
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "News",
"module" : "news",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "news:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Tutorials",
"module" : "tutorials",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "tutorials:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "about",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "About",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "about",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "comments",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Comments",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "comments",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "contact",
"id" : null,
"label" : "Contact",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:contact",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "login",
"active" : false,
"class" : null,
"controller" : "auth",
"id" : null,
"label" : "Login",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "login",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:auth",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "logout",
"active" : false,
"class" : null,
"controller" : "auth",
"id" : null,
"label" : "Logout",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "logout",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:auth",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
}
]
这是当我当前以管理员身份登录时,登录链接应该被隐藏,但事实并非如此。这看起来 ACL 没有正确分配给导航。
I have been using zend_acl and Zend_Navigation together on my project currently and it seems to work correctly. I am how ever using a lot of AJAX in my site and have made a login with jqModal and jQuery which logs in users without reloading the current page and have the need to reload the navigation as well. I have so far got it working but the navigation being return is all the links with the visible field as true which is incorrect. For example when I am logged in as a user the login link should not be visible.
My code below for Action, JavaScript function and JSON returned.
current role = admins
// CONTROLLER ACTION
public function getnavigationjsonAction()
{
//$view->navigation($container)->setAcl($this->_acl)->setRole(Zend_Registry::get('role'));
// echo $this->navigation()->menu();
$navigation = $this->getView()->navigation()->setAcl($this->_acl)->setRole(Zend_Registry::get('role'));
//die(Zend_Registry::get('role'));
//die($this->_acl);
$this->_helper->json($navigation->toArray());
}
// JAVASCRIPT FUNCTION
function reloadNavigationMenu()
{
//alert('reloading navigation');
$.ajax( {
url : "/default/ajax/getnavigationjson",
type : "POST",
cache : false,
async : false,
data : "format=json",
success : function(data) {
var html='<ul class="navigation">';
console.log(data);
$.each(data, function(i) {
if(data[i].visible === true) {
//console.log(data[i]);
html+='<li>';
html+='<a href="/'+data[i].module+'/'+data[i].controller+'/'+data[i].action+'">'+data[i].label+'</a>';
html+='</li>';
}
});
html+='</ul>';
$('#zend_navigation_container').html(html);
}
});
}
// RETURN JSON data from controller
[ { "action" : "index",
"active" : false,
"class" : null,
"controller" : "admin",
"id" : null,
"label" : "Admin Section",
"module" : "admin",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "admin:admin",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Home",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : null,
"rel" : [ ],
"reset_params" : true,
"resource" : null,
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "News",
"module" : "news",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "news:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Tutorials",
"module" : "tutorials",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "tutorials:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "about",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "About",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "about",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "comments",
"active" : false,
"class" : null,
"controller" : "index",
"id" : null,
"label" : "Comments",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "comments",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:index",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "index",
"active" : false,
"class" : null,
"controller" : "contact",
"id" : null,
"label" : "Contact",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "index",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:contact",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "login",
"active" : false,
"class" : null,
"controller" : "auth",
"id" : null,
"label" : "Login",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "login",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:auth",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
},
{ "action" : "logout",
"active" : false,
"class" : null,
"controller" : "auth",
"id" : null,
"label" : "Logout",
"module" : "default",
"order" : null,
"pages" : [ ],
"params" : [ ],
"privilege" : "logout",
"rel" : [ ],
"reset_params" : true,
"resource" : "default:auth",
"rev" : [ ],
"route" : null,
"target" : null,
"title" : null,
"type" : "Zend_Navigation_Page_Mvc",
"visible" : true
}
]
This is when I am currently logged in as admin and the links for login should be hidden but its not. This looks like the ACL is not being properly assigned to the navigation.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为 Zend_Navigation 使用 ACL 来确定页面是否应该在渲染时间可见。当您将 ACL 对象传递给它时,它不会更改您的导航对象。
如果您想创建通过 ACL 减少的自定义导航容器,则需要不同的方法 - 可能扩展 Zend Navigation 类并添加适当的方法。
I think that Zend_Navigation uses ACL to determine if page should by visible during render time. It doesn't alter your navigation objects when you pass ACL object to it.
You need a different approach if you want to create custom navigation container reduced by ACL - maybe extending Zend Navigation classes and add appropriate methods.
您将需要强制 Zend_Navigation 重新呈现导航。如前所述,它根据 acl“过滤”渲染。另外,不确定如何在 Zend_Registry 中存储该角色,但您可能需要考虑在查询 Zend_Auth 来验证用户身份时返回该角色,如果该角色未更新,也可能会导致问题。我还建议在操作助手而不是操作中设置您的 acl 等,以便它可以处理“任何”操作而不仅仅是此操作。这些项目存在的事实应该表明菜单由于某种原因没有被重新呈现,或者更新的角色没有被传递到 Acl,如果是的话,菜单项根本不会出现在菜单中。 Zend_Navigation 不会渲染任何已被 acl 过滤的项目,它远远超出了将项目设置为不可见的范围。
此外,什么角色定义了显示登录选项卡的权限?如果您的角色是从普通用户角色继承的,您应该告诉 acl 拒绝标准用户及以上用户,如果不是,那么它可能确实可以正常工作。举个例子:
You will need to force Zend_Navigation to re-render the navigation. As stated before, it "filters" the rendering based on the acl. Also, not sure how you are storing that role in Zend_Registry, but you may want to consider having that role returned when you query Zend_Auth to authenticate the user, if that role is not updated it could also cause issue. I would also suggest setting up your acl etc in a action helper instead of an action, so that it can process for "any" action instead of just this action. The fact that the items are present should indicate that the menu for some reason is not being re-rendered, or the updated role is not being passed to the Acl, if it were the menu items would not be present in the menu at all. Zend_Navigation will not render any items that have been filtered by the acl, it goes far beyond just setting the item to not be visible.
Furthermore, what role defines the privilege for showing the login tab? You should tell the acl to deny that to a standard user and up if your roles are inheriting from a common user role, if not, then it may indeed be working just as it should. As an example: